[Cryptography] [FORGED] Re: VW/EPA tests as crypto protocols ?

[Peter Gutmann]

Phillip Hallam-Baker <phill at hallambaker.com> writes:

>The only approach I can see working is to make the sensor a trusted,
>trustworthy device.

Uh, it's not the sensor that's the problem, it's the ECU (not EMU, that's a
large Australian bird) software.  In fact there is an industry that's already
dealt with this, Formula 1 racing.  The problem there is that the ideal F1
software suite would result in a driving experience that consists of pushing a
start button and then sitting back while the software takes the car around the
track, because it's far better at this than a human driver.  So the software
has to be deliberately constrained to not be very smart at all, so the driver
still has something to do.  The way this is done is that it goes through a
strict audit procedure to make sure that it only has the minimal functionality
required.  It's then digitally signed, and only the signed software can load
and run on the ECU.  (There may also be additional controls beyond that point,
but I wasn't told much about that, all I was worried about was the crypto
stuff).

This works in the F1 environment, but is completely impractical for standard
road vehicles.

Overall, this is not a problem that can be solved by technology, you need
audits, proper testing, and legal measures to deal with it.

Peter.