Self-Driving Cars Use NIST Approved Random Number Generator to Encrypt Routing2015-04-01
AUSTIN - The Association of Self-Driving Car Manufacturers (ASDCM) revealed plans today to use NIST-approved random number generator technology to randomize the routes of their self-guided vehicles. The need for privacy has grown amidst revelations of wide-spread government surveillance and private companies’ ever-increasing appetite for personal data. As a result, technology companies have scrambled to meet user demand.
Helmut Kurth, atsec’s Chief Scientist, commented: “Predictable routing is a personal security risk that needs to be addressed. By randomizing the path that a car takes to its destination, ASCDM has added a sorely needed layer of security to the driving experience. The technology uses keys generated by the NIST-approved random number generator to start the self-driving cars. The random number generator is compliant with NIST SP800-90A, and the seed source is from the observed traffic patterns of out-of-city drivers. Although MIT studies show that those patterns had a high rate of entropy, being a standards-oriented company we suggest conducting a rigorous entropy assessment under the guidance of Cryptographic Module Validation Program (CMVP). In addition, all self-driving cars should be required to undergo a FIPS 140-2 validation to ensure the unpredictability of the route.”
The above image shows the unmodified routing that leaves the driver open to a number of privacy-related vulnerabilities.
The randomized routing makes it very difficult to predict the position of the car at any given moment even if the attacker is aware of the start and end of the trip.
Future applications of this technology might include randomization of flight paths and shipping to increase the safety of air travel and cargo transport. Detractors expressed concerns about the increase in travel time, but industry experts dismissed these claims as “Luddite paranoia.”
Testing has shown an extremely positive reaction to the technology. Some test subjects claimed that they now see their home city in a totally new light as they have newly experienced many sites they were not even aware existed. The occasional increase in travel time was also seen as an advantage, giving people more time to make phone calls, eat breakfast or browse social networks. Those traveling Mopac or I35 in Austin also experienced a significant reduction of their travel time during peak hours.
The announcement has prompted strong objections from some manufacturers of GPS systems for cars, who claim that this approach is violating their intellectual property since they have used random based routing in their systems for many years.
A spokesperson for ASDCM could not be located for comments at the time of publication.
atsec information security (www.atsec.com) is a group of independent standards-based information technology security services companies with offices in the U.S., Germany, Sweden and China. atsec's services include formal laboratory testing and evaluation of information assurance (IA) and IA-enabled commercial off the shelf (COTS) information technology, as well as information security consultancy. atsec works with any company, regardless of size or locale, which is serious about IT security.