Professional Documents
Culture Documents
Privacy Intelligent Transport Systems Road Pricing
Privacy Intelligent Transport Systems Road Pricing
Stefaan Motte
Manager NXP Competence Center Crypto & System Security
eSecurity WG Slide 1
[ Outline
Introduction: the telematics road pricing use case
Road pricing in practice
Road pricing end-to-end system
Data flow, storage policies and controllers depending on
chosen solution
Enforcement
Conclusions
eSecurity WG Slide 2
[ Telematics road pricing
eSecurity WG Slide 3
[ Main requirement for end-user:
Privacy
My latest skiing trip, according to my GPS-enabled cell
phone, and Google
eSecurity WG Slide 4
[ Telematics road pricing – science
fiction?
eSecurity WG Slide 5
[ Outline
Introduction: the telematics road pricing use case
Road pricing in practice
Road pricing end-to-end system
Data flow, storage policies and controllers depending on chosen
solution
Enforcement
Conclusions
eSecurity WG Slide 6
[ Road pricing End-to-End System
Secure
Payment Secure GPS
OBU Positioning Satellite
Transport &
payment card
Secure ID
Tra
v el P
ath Vignette
Secure
Physical Link
Secure
Services
Services
Server(s)
eSecurity WG Slide 7
[ Road pricing in action
GPS Data Reception, Map Matching & Toll
Calculation
eSecurity WG Slide 8
[ So how to implement this, and
what are the information flows?
Three use cases
Thin client: store and forward
Fat client: do everything internally
Smart client: best of both worlds?
Why three use cases?
Choice has not been made yet, countries and regions are
still investigating their options
Data flow, and privacy impact vary between the cases, as
does cost and ease of maintenance
eSecurity WG Slide 9
[ A very simple/naive solution –
Thin OBU
Pro:
Super light (i.e. cheap) OBU
1. Collect waypoints All logic in controlled back-end environment
Secure
On the fly dynamic updates possible
Statistics and value-add services possible
Good solution?
2. waypoints/time
5. Payment
Toll Service request
Provider Payment
Scheme
Provider
3. Map matching 7. Payment
4a. Tariff Look-up Proof
4b. Fee Calculation
But at a cost
Heavy processing/memory requirements
1. Collect waypoints
2. Map matching
(increasing HW and license cost)
3a. Tariff Look-up Map and price updates!! Feasible?
3b. Fee Calculation
No anonymous statistics possible
+ OBU maintenance
Fee
Toll Payment
Service Scheme
Provider Provider
7. Payment
Proof
eSecurity WG Slide 12
[ The other extreme –Fat OBU
So no private information needs to leave the OBU…
… but:
“8. Invoicing of individual EETS Users by EETS
Providers shall clearly separate the service charges of the
EETS Provider and tolls incurred, and shall specify, unless
the user decides otherwise, at least, the time at which and
the location where the tolls were incurred and the user-
relevant composition of specific tolls. “
(commission decision on the definition of the European Electronic Toll Service and its technical elements)
eSecurity WG Slide 13
[ Third option: Meet in the middle –
Smart OBU? Pro:
Dynamic fee & map updates are
3c. Fee Calculation
managed @server
Fee calculation (based on personal
details) done inside OBU
1. Anonymized Low processing requirements for
Waypoints OBU (cost-optimized).
5. Car Identity + 3b. Tariffs
Anonymous back-end info: value-
6. Fee + Toll Service add services possible
Account Number
Fee
Proxy
Privacy:
Need to properly anonymize the
Payment
waypoints
Scheme Toll Service Need to properly anonymize the
Provider Provider 2. Map matching network traffic
3a. Tariff Lookup
If so: no private information leaves
8. Payment the OBU
Proof
7. Payment
Transaction
eSecurity WG Slide 15
[ Outline
Introduction: the telematics road pricing use case
Road pricing in practice
Road pricing end-to-end system
Data flow, storage policies and controllers depending on chosen
solution
Enforcement
Conclusions
eSecurity WG Slide 18
[ Camera-based Enforcement
Confirmation +
payment proof
Get OBU ID
eSecurity WG Slide 19
[ Online versus offline system
Typically, data of non-offenders is not stored (e.g. speed
control in tunnels based on trajectory measurements).
Using DSRC, real-time check whether OBU is functioning.
However, instant verification whether correct fee is being
paid is only possible in on-line system, i.e. in thin client
model.
How to handle off-line systems, where fee aggregation
and payment is deferred to a later time? Data needs to be
stored!
OBU can store location/fee/invoice data as proof
Does the Data Retention Directive apply to Road Tolling in general,
only to a specific section or not at all
What is an acceptable/appropriate retention time, both on the
OBU as in the enforcement system
Can enforcement access OBU data directly, or is there need to go
via Toll Service Provider?
eSecurity WG Slide 20
[ Outline
Introduction: the telematics road pricing use case
Road pricing in practice
Road pricing end-to-end system
Data flow, storage policies and controllers depending on chosen
solution
Enforcement
Conclusions
eSecurity WG Slide 21
[ Conclusions
Many systems/solutions are possible, and the law
does not bring clarity which system shall be adopted
Level of privacy varies widely, depending on the
type of system that is chosen
Industry needs to be agnostic to the system that is
chosen
Agnostic ≠ ignorant!!
Be aware of all possible scenarios, and be able to secure
them all.
Privacy respecting solutions seem available for both smart
and fat clients
eSecurity WG Slide 22
[ Thanks
eSecurity WG Slide 23