You’re probably tired of reading that the Internet of Things is the hottest thing going, and that IoT is a boon to technology and, simultaneously, a potential disaster for security and privacy. However, over the past few years, another IoT-related technology has been growing: vehicle to vehicle.

V2V is a way for automobiles to communicate directly with other vehicles on the road. Vehicles communicating with stationary checkpoints positioned along roadways sometimes is referred to as “vehicle to infrastructure,” or V2I.

The National Highway Traffic and Safety Association sees V2V as a way for “vehicles ranging from cars to trucks and buses to trains” to relay safety and mobility information.

Since its inception, though, there have been cybersecurity concerns. How will a vehicle communicate with another vehicle or infrastructure system it has never encountered, let alone been authenticated to connect with it?

Enter PKI

V2V uses a mesh network. In a mesh network, each device communicates with each surrounding device creating a “mesh” of communications. Vehicles communicating with other vehicles or infrastructure in their path can relay information about road hazards and other safety issues in order to alert advancing drivers. This technology initially can be used to signal drivers, but in future incarnations, it could allow vehicles to brake or steer away from the danger.

Of course, one of the issues with this technology is “spoofing.” If a malicious actor were able to trick the system or spoof the telemetry signal, the actor could create chaos by braking certain vehicles and failing to warn others. Thus, a solution for authenticating each vehicle and piece of infrastructure needs to be in place.

PKI, or public key infrastructure, is a standard method for communicating securely between parties. In the PKI system, each user or device has a “private key” that no one else can hold. Each user or device also has a “public key” to distribute freely. The private key can be used to authenticate itself to a device that can use the published public key to verify the private key.

In the world of email, the private key is used to sign an email and the public key verifies the signature as valid.

In the same manner, a vehicle could use its private key to authenticate itself to another vehicle.

The difference with the V2V PKI solution is that the system would be massive. Each device would not only…