ABSTRACT
Automotive telematics may be defined as the information-intensive applications that are being enabled for vehicles by a combination of telecommunications and computing technology. Telematics by its nature requires the capture of sensor data, storage and exchange of data to obtain remote services. In order for automotive telematics to grow to its full potential, telematics data must be protected. Data protection must include privacy and security for end-users, service providers and application providers. In this paper, we propose a new framework for data protection that is built on the foundation of privacy and security technologies. The privacy technology enables users and service providers to define flexible data model and policy models. The security technology provides traditional capabilities such as encryption, authentication, non-repudiation. In addition, it provides secure environments for protected execution, which is essential to limiting data access to specific purposes.
- {1} Hoffman, D. L., Novak, T. P., and Peralta, M. A. "Building Consumer Trust Online," Communications of the ACM, Volume 42 (4), 80-85, April, 1999. Google ScholarDigital Library
- {2} Kingpin and Mudge, "Analysis of Potable Devices and Their Weaknesses Against Malicious Code Threats", RSA Conference, San Francisco, CA, April 11, 2001.Google Scholar
- {3} Kingpin and Mudge, "Security Analysis of the Palm Operating System and its Weaknesses Against Malicious Code Threats", Proceedings of the 10th USENIX Security Symposium, Washington, DC, August 13-17, 2001. Google ScholarDigital Library
- {4} Bohrer, K., Liu, X., Kesdogan, D., Schonberg, E., Singh, M. and Spraragen, S.L. "Personal Information Management and Distribution", Proceedings of the 4th International Conference on Electronic Commerce Research, Dallas, TX, November 8-11, 2001.Google Scholar
- {5} Bohrer, K., Kesdogan, D., Liu, X., Podlaseck, M., Schonberg, E., Singh, M. and Spraragen, S. L. "How to Go Shopping On the World Wide Web Without Having Your Privacy Violated", Proceedings of the 4th International Conference on Electronic Commerce Research, Dallas, TX, November 8-11, 2001.Google Scholar
- {6} Novell Inc, "digitalMe: Making life easier on the net," http://www.digitalme.comGoogle Scholar
- {7} Lumeria, "An Informediary Approach to Privacy Problem," http://www.lumeria.com/whitepaper.shtmlGoogle Scholar
- {8} Zero-Knowledge-Systems, Inc. "The Freedom Network Architecture," http://www.freedom.net/Google Scholar
- {9} Microsoft Inc., "A platform for user-centric application," http://www.microsoft.com/myservices/Google Scholar
- {10} AT&T, "Privacy Minder," http://www.research.att.com/projects/p3p/pmGoogle Scholar
- {11} "The Platform for Privacy Preferences 1.0 (P3P1.0) Specification". April, 2002 http://www.w3.org/TR/P3PGoogle Scholar
- {12} CPExchange, "Global standards for privacy-enabled customer data exchange," http://www.cpexchange.org/standard/Google Scholar
- {13} IBM, "Enterprise Privacy Architecture (EPA)," http://www.ibm.com/services/security/epa.htmlGoogle Scholar
- {14} Karjoth, G., Schunter, M., and Waidner, M., "Platform for Enterprise Privacy Practices: Privacy-enabled Management of Customer Data", Proceedings of the 2nd Workshop on Privacy Enhancing Technologies, 2002.Google ScholarDigital Library
- {15} Russell, D., and Gangemi Sr., G. T. "Computer Security Basics", O'Reilly & Associates, Inc. 1991. Google ScholarDigital Library
- {16} Karger, P., Yair, F., "Security and Privacy Threats to ITS", The Second World Congress on Intelligent Transport Systems, pp. 2452-2458, November 1995.Google Scholar
- {17} Smith, S. W., and Weingart, S. H. (April 1999) "Building a High-Performance, Programmable Secure Coprocessor", Computer Networks (Special Issue on Computer Network Security), 31: 831-860 Google ScholarDigital Library
- {18} Dyer, J., Perez, R., Sailer, R., Van Doorn, L., "Personal Firewalls and Intrusion Detection Systems", 2nd Australian Information Warfare and Security Conference 2001, November 2001.Google Scholar
- {19} Arbaugh, W. A., Farber, D. J., and Smith, J. M. "A Secure and Reliable Bootstrap Architecture." 1997.Google Scholar
- {20} Security-Enhanced Linux, http://www.nsa.gov/selinuxGoogle Scholar
- {21} Bastille Linux, http://www.bastille-linux.orgGoogle Scholar
- {22} Langheinrich, M., "Privacy by Design -- Principles of Privacy-Aware Ubiquitous Systems," ACM UbiComp, 2001. Google ScholarDigital Library
- {23} Agre, P., "Looking Down the Road: Transport Informatics and the New Landscape of Privacy Issues", CPSR Newsletter 13(3). 1995.Google Scholar
- {24} Samfat, D., Molva, R., Asokan, N., "Untraceability in Mobile Networks", Mobicom. 1995. Google ScholarDigital Library
- {25} Reed, J., Krizman, K., Woerner, B., Rappaport, T., "An Overview of the Challenges and Progress in Meeting the E- 911 Requirement for Location Service," IEEE Communications Magazine, 30-37, April 1998. Google ScholarDigital Library
- {26} Covington, M. J., Long, W., Srinivasan, S., Dey, A. K., Ahamad, M., and Abowd, G. D. Securing context-aware applications using environment roles. In 6th ACM Symposium on Access Control Models and Technologies (SACMAT 2001). 2001. Google ScholarDigital Library
- {27} Simone Fischer-Hubner, editor. IT-Security and Privacy - Design and Use of Privacy-Enhancing Security Mechanisms. LNCS. Springer. 2001.Google Scholar
- {28} Pfitzmann, A., and Koehntopp, M. Anonymity, unobservability, and pseudonymity - a proposal for terminology. In Workshop on Design Issues in Anonymity and Unobservability. 2000.Google Scholar
- {29} Blacksher, S., Foley. T. Boulder HOPs Aboard GPS Tracking. In GPS World, January 01, 2002Google Scholar
- {30} Open Services Gateway Initiative, http://www.osgi.org/Google Scholar
Index Terms
- Framework for security and privacy in automotive telematics
Recommendations
Data protection and data sharing in telematics
Automotive telematics may be defined as the information-intensive applications enabled for vehicles by a combination of telecommunications and computing technology. Telematics by its nature requires the capture, storage, and exchange of sensor data to ...
RFID system with fairness within the framework of security and privacy
ESAS'05: Proceedings of the Second European conference on Security and Privacy in Ad-Hoc and Sensor NetworksRadio Frequency Identification (RFID) systems are expected to be widely deployed in automated identification and supply-chain applications. Although RFID systems have several advantages, the technology may also create new threats to user privacy. In ...
Are RNGs Achilles' Heel of RFID Security and Privacy Protocols?
Security and privacy concerns have been growing with the increased utilisation of RFID technology in our daily lives. To mitigate these issues, numerous privacy-friendly authentication protocols have been published in the last decade. Random number ...
Comments