Each participating vehicle will broadcast wireless heartbeats or beacon messages that can be picked up by other participating autos. Messages are authenticated, but not encrypted; they don't need to be because they are intended to be broadcasted and shared by any nearby vehicle. There is no personally identifying information in the WAVE messages, so no one can tell which vehicle is sending a particular message; at least, that capability is not built into the protocol.
Whyte, along with his security subgroup, has been threat-modeling malicious scenarios since the beginning. One such possibility involves hackers introducing false messages into the system to cause an unintended consequence. I could see hacker thieves wanting to abruptly stop a vehicle so that they can take it or rob the passengers.
Whyte's group is also looking at how to prevent wireless denial-of-service conditions. Due to these types of threats, Whyte and his group are heavily relying on strong cryptography to ensure the validity of packets and the overall safety of the peer-to-peer network.
Of course, some of the built-in privacy characteristics present challenges. Whyte said, "How do you get information on misbehaving vehicles [or other malicious actions that need correction] without a centralized server or service?" The IEEE 1609 working group is working hard to ensure the safety of the system. Field trials involving 2,000 test vehicles begins in 2012.
Will they be able to design a perfectly secure system? Only time will tell. However, I think anyone could spend a few minutes with Whyte and feel confident that we were in solid, well-meaning, and knowledgeable hands. You can read more from Whyte at his Security Innovation blog.
This story, "Car hacks loom as autos go wireless," was originally published at InfoWorld.com. Keep up on the latest developments in network security and read more of Roger Grimes's Security Adviser blog at InfoWorld.com. For the latest business technology news, follow InfoWorld.com on Twitter.