The automotive industry has been witnessing a digital transformation over the last few years as modern vehicles are evolving into connected, intelligent systems. This transformation brings tremendous benefits in terms of safety, convenience, and efficiency. However, it also brings new security challenges as vehicles become vulnerable to cyber threats. 

As the number of connected cars is expected to go beyond 360 million in the next three years and currently, there are already millions of connected vehicles on the roads, securing smart cars has become a priority. And it starts with implementing strong identity and access management (IAM).  

Recent research has proposed using verifiable credentials (VCs), a secure and privacy-preserving method for managing digital identities, to address these challenges in smart vehicles. 

Here, we have explored the research published by researchers from Huawei and several European universities titled “SIUV – A Smart Car Identity Management and Usage Control System Based on Verifiable Credentials.” It is about how incorporating verifiable credentials in IAM in smart cars can enhance the security and privacy of connected vehicles. 

Why There’s a Need for Secure IAM in Smart Vehicles 

As we stated earlier, since vehicles become more connected and reliant on software, the attack surface expands significantly. A modern car can have up to 100 electronic control units (ECUs) and millions of lines of code. Each of these components represents a potential entry point for cybercriminals. 

Hackers can gain unauthorized access to critical vehicle systems, steal sensitive data, or even remotely control the vehicle. Some of the key security risks include: 

• Unauthorized access: Malicious actors can gain control of vehicle functions or access private user data 

• Data theft: Hackers can steal personal information, location history, or financial details 

• Malware infections: Compromised vehicle systems may spread malware to other connected devices 

• Safety threats: Attackers can remotely control vehicle steering, braking, or acceleration 

To deal with these risks, smart vehicles need a secure way to authenticate the identities of users, applications, and devices accessing the system. They also require fine-grained access control to ensure each entity can only access the specific resources and perform the actions they are authorized for. A verifiable credentials-based identity management system can be a great solution here. 

Check: Why Do We Need Verifiable Credentials? What’s Wrong with Our Current Verification Systems? 

How Verifiable Credentials Work 

Verifiable credentials are tamper-evident, cryptographically secure, and machine-verifiable digital documents. They enable a trust framework where: 

1. An issuer (e.g., government agency, manufacturer) certifies information about a holder (e.g., driver, vehicle) in a digital credential. 

2. The holder holds this credential in a digital wallet. 

3. The holder presents the credential to a verifier (e.g., vehicle system) to prove claims about their identity or attributes. 

4. The verifier authenticates the credential and makes an access decision based on the verified claims. 

Some key benefits of verifiable credentials include: 

• Security: Credentials are digitally signed by the issuer, so they cannot be faked or tampered with 

• Privacy: Subjects control what data is shared from their credentials using selective disclosure/sharing 

• Decentralization: No centralized authority is needed to verify credentials 

• Interoperability: Standardized data models allow credentials to be widely recognized and accepted 

EveryCRED offers verifiable credential solutions that can be perfect for many industries, including the automobile industry. The W3C Verifiable Credentials Data Model is an open standard that enables interoperability. 

Read Full Article: Verifiable Credentials: What Are They, How They Work, Their Importance, and Applications 

A Smart Car Identity Management System Using Verifiable Credentials (SIUV) 

SIUV uses Attribute Based Access Control (ABAC) policies to dynamically issue privileges to users and applications according to their authenticated identity claims. These privileges then govern access to in-vehicle resources. 

Key Features of SIUV 

• Verifiable Credentials: SIUV uses VCs, and these credentials allow for tamper-evident and privacy-preserving identity verification. 

• Usage Control (UCON): Unlike traditional access control models that make one-time access decisions, UCON enables continuous, context-aware access control throughout the duration of a session. 

• Attribute-Based Access Control (ABAC): SIUV uses ABAC policies to make fine-grained access decisions based on attributes of the subject, resource, action, and environment. 

• Stateful Identity Management: The system maintains a continuous awareness of the identity state, allowing for real-time updates and revocations of privileges. 

• Distributed Architecture: SIUV employs a distributed architecture with a central Security Token Service (STS) and localized Usage Control System Plus (UCS+) instances, enabling both global and local context awareness. 

How SIUV Works 

The SIUV system operates through a series of interconnected components: 

1. Credential issuance 

Trusted identity providers (e.g., government, manufacturer) issue verifiable credentials attesting to the identities and attributes of drivers, passengers, and applications. For instance, a driver’s credential may include name, license number, and authorized vehicle type. 

2. Privilege Issuance 

When a holder/subject (driver, passenger, app) requests access, they present their identity credentials to the vehicle’s Security Token Service (STS). The STS authenticates the credential, evaluates relevant policies, and issues a separate credential containing specific access privileges for that subject. 

3. Access Control 

When the subject attempts to access an in-vehicle resource, they present their privilege credential. A local Usage Control System Plus (UCS+) authenticates the credential and enforces the privileges, granting or denying access. 

4. Continuous Monitoring 

The STS and UCS continuously monitor the validity of credentials, environmental conditions, and access policies. If a credential is revoked or a relevant policy changes, privileges are re-evaluated and updated or revoked in real time. 

Let us understand this approach with an example. Consider a scenario where a rental car company wants to restrict a driver to only use the vehicle within a certain region. The company can issue a driver credential with a “location” claim and define a policy that grants “engine start” privilege only if the location is within the authorized geofence. If the driver leaves that area, the system will revoke their access. 

SIUV also enforces the principle of least privilege by using granular, contextual policies to grant only the minimum required access. Credentials are only requested on a need-to-know basis. 

Advantages of a VC-based Approach 

Using verifiable credentials for smart car identity management and usage control offers several key advantages: 

• Dynamic, granular access control: Attribute-based policies allow granting privileges in real-time based on authenticated identities and contextual factors. 

• Continuous enforcement: Privileges are monitored and can be updated or revoked immediately if conditions change. 

• Privacy preservation: Data minimization and selective disclosure give users control over sharing identity data. 

• Secure authentication: Cryptographically verifiable credentials prevent forgery and tampering. 

• Decentralized trust: No need for a centralized authority to verify credentials. 

• Interoperability: Using open standards allows integration with various identity providers and verifiers. 

Is It Easy to Implement a Smart Car Identity Management System Using Verifiable Credentials (SIUV)? 

Implementing a VC-based identity system in smart vehicles seems promising, but it also presents some challenges: 

The usability of SIUV from an end-user perspective needs further study. How can complex security concepts be made intuitive for drivers and passengers? 

1. Performance overhead 

Continuously monitoring credentials and evaluating policies consumes system resources. Efficient implementation is critical. 

2. Standardization 

Automotive OEMs, identity providers, and app developers need to agree on common data models and protocols. 

3. Key management 

Securely issuing, rotating, and revoking issuer keys is complex in a decentralized system. 

4. User experience 

Intuitive, accessible user interfaces are needed for managing credentials. 

5. Human Factors 

The usability of SIUV from an end-user perspective needs further study. How can complex security concepts be made intuitive for drivers and passengers? 

Future work should focus on addressing these challenges through efficient protocols, standardization efforts, and human-centric approaches. 

Conclusion 

The SIUV system shows a significant step for automotive cybersecurity by addressing the unique challenges posed by smart, connected vehicles. With verifiable credentials, usage control, and a distributed architecture, SIUV provides a flexible, context-aware, and robust IAM solution that can adapt to the dynamic nature of modern vehicles. 

Verifiable credentials offer a standards-based, secure, and privacy-preserving way to authenticate identities and dynamically authorize access in smart vehicles. To learn more about how verifiable credentials can secure your connected vehicle systems, contact EveryCRED -Our platform is designed for multiple industries, and we can provide identity and access management solutions with verifiable credentials for your automobile manufacturing business.