 I will talk about vehicle to vehicle communication today Why I'm talking about to about vehicle to vehicle communication is things because I'm Working for around about four years about and on these topics for Volkswagen And yeah, I think I have some knowledge about this So whenever that I will talk about this and I think I have to give you a Motivation on this After this I will introduce some basic concepts that is really important to understand for the standards Then I will go through some standards Afterwards, yeah, some security staff In the end I will talk about what's the challenges actually and what we want to do in the future Okay, let's start with the motivation the really basic motivation of We could weaker communication is that we want to avoid any crashes any accidents and This is becoming harder and harder for the automotive industry because we Got a lot. Yeah, sorry We solved a lot problems in the last years and The problem is that there are some events we cannot predict or even it is hard to detect with some sensors so Many have an emergency vehicles driving around with its signals on and such things that's we have some really We have we have accidents, which is really not nice actually and with enormous sensors Really hard to detect these emergency vehicles because they behave in strange ways. They don't Follow some rules which you have in the normal traffic Things this is similar to other things like a red light validation Violation that is also really hard to detect for a normal vehicle. So and We think we can solve this problem with communication between cars Yeah You may heard about these technology already and We all these kind of hazards have one some things in common one thing is that they are really Locals so we don't have some influences in kilometer ways. It's really a local hazards and So we have Short distances we have we need to overcome with these communication And this is between the heat but we can also Communicate between vehicles and infrastructure like roadside units This is really important this Signalize and such things, but I will not really talk much about infrastructure here We also think when you think about these use cases and Accidents you need to be really fast at least we want to fast. I want to be faster than Human in its reaction. So We think we need some communication latencies under 10 milliseconds. That's It's yeah, it's a gas Actually, and not it not actually but this was a guess at the beginning We also have the problem that we cannot predict Who is really interested in these information things the traffic is constantly moving And so the relevance of these hazard can Change for every car in some minutes seconds. That's depends on the hazard itself and We got in 2008. I think we got in We got who own a frequency band to for communication this so that's that's more or less What we want to achieve with these communications so Then yeah, I would be before I can go to these standards I have to introduce some basic concept. This is really important to understand this This makes it really easy or easier. So Imagine you have an use case Like in the front of the of this image you have an emergency break When this blue car is breaking really hard, so then The white car cannot see this emergency break and the emergency break is for this white car Important things when these Truck is breaking and the distance between the cars is too low then you have a crash The problem on this use case is that the white car cannot see these blue car And that is therefore the the whole event has some How to say it depends on each car in this line. So if the The drive of the truck Reacts too late then even the bike car has some problem in the end So you get the multi-vehicle crash and that's not a nice Thing when you have when you use communication for this We believe that we can shorten these reaction time a lot because we can uncouple these events When the blue car is breaking and you can send out a message to the vodka you can Increase reaction of the vodka. That's the simple idea behind this This is also working for another use case. This is called the broken down vehicle There we have It's similar to the other things you have an event in the any front of the broken down The broken down vehicle and you want to inform all and following cars about this That's the simple idea behind this, but You have to think about a little bit more about it how to communicate these information. So the the simple solution to it is When these blue car for example breaks then you can detect this emergency break and send out a message So the vodka can react. That's straight forward and this kind of communication. We call event-based communication But there's another approach for it things You can change the detection position. So when When you sent out with the blue car only status information of the car for example, how fast it is How is the acceleration is the breaking? activated in such things and then and you Sent it out in a frequent manner, then you can detect these events in the receiving car That's changed a little bit The the rules, but we will see later what it will take which influences will have But what not know but booth booth approaches have similar as have some advantages and disadvantages one disadvantage we can see oh one disadvantage of the awareness-based communication. Oh, I'll forget this These are sending out these status information is and we call it awareness-based communication and these awareness-based communication has some problems you can Detect that there's maybe a car in front of you and is standing still somewhere, but you don't know why It's a car defect or is there in Traffic jam or something else you can't not for safety Considerations does fine because you know there is something and you can reduce the speed and it's really fine But maybe you have a different strategy for a different kind of Events for example when there's broken down vehicle. Yeah, okay You can pass simply but if this is this vehicle in the traffic jam you may think oh, no I will leave these highways. So that's a little bit Disadvantage, but there's several disadvantages or advantages for each type and then you have this event-based communication you have Simply a message which describes this event That's but these events based communication has in status message about the vehicle and The problem on these awareness-based is that you have a complex Interpretation of these who will mess of these messages things This is only an indication what may be happened there But in these event-based communication, you can have these event Desribed and the interpretation is easy. Okay and on the There's also the the advantage on the event-based communication that you only needs one message to receive For these other for this events based communication You may need a lot of messages before you see what's happening and what is going on But these event-based communication had the problem that you have to Precast and you have to know which use cases you need or you want to cover with these technology. So when So when you have a use case which you cannot Anticipate for the future and you have the problem that you can't talk about it and you can't Detect us in the end That's will be a problem when you have a car for eight years ten years in the field Then you can eight years ten years this car cannot detect these use case or this event So that's a small problem. This is but when you have these Event-based communication, then you never talk about use case in the before and the beginning and you may develop some use cases afterwards with this data This is possible, but that's yeah So, okay These basics concepts will be really important for these standards. So The problem with these standards is we have not one that's almost the same. So we have Yeah, free standard yet This is one in the US one in the Europe We have one in Japan and Then we have a lot of activities to Viki to Viki communication. This is in China and on this slide. I forget one country more even in South Korea There's some activity regarding this technology Yeah, I will in this talk only talk about the US and Europe things. That's more or less this what I do at work What's too important to know about this is that in Europe we have the car to car communication consortium which is Stunitization and do a lot of this and in the US is campus. That's mostly OEMs and some other Interested stakeholders so but the US Standards is focused on awareness-based communication Whereas the Europe's is focused on event-based communication. You will see this in the standard in the next so Here's one small slide to see who is involved in the development of these Standards in Europe. It's mainly the OEMs. Then you have some suppliers boat authorities research institutions as such things Okay, I Told you that in Europe we have these event-based communication and we have one The main message is we use these decentralized Environmental notification message that is describing an event that is in position and event code is on it and some extra additional data for for some special use cases more or less What's in there? the US has an Message it's called the basic safety message and this is of course a very spaced message and Yeah, I told you already this contains some status information about the week, but menu Work on this topic You will have You will have the advantages of booths. So even in you and the and Europe we have and Messages called cooperative awareness message. Of course, it's an awareness-based message is really similar to the basic safety message and Yeah, the US they have an flag field in these basic safety message, which is also more an event-based communication so after some development they We mixed up these advantages of booth approaches, but you will see later that is a little bit different I will not talk more about these context or content of these messages But you can see on the left and on the right in which standard they are Defined and then you can have a closer look to it Unfortunately, I think the SAA SAA Standards are not public or you have to buy them, but these at the standard you should you should download it from the internet That's should be possible Okay so When we have defined this payload what we we know what we what use cases we want to cover We have the problem that we have not only these two messages or three messages We have a lot of different messages. So we need some kind of message multiplexing and For example, another message is bad and map. This is a significant timing. This is something related to Seek traffic lights and such thing Okay, and you in Europe you have some Yeah, a basic transport protocol It has an own header that is similar to UDP, but has no length indicator field or something like this but as in source port and in destination port and What's also different to the UDP is that the allocation or the mapping from the port to the application is not done Dynamically like a normal computer, but it's defined in a standard. That's all in the US we have not such an Protocol between it, but there's an implicit convention This is that you have one element in the beginning of these payloads and this is an enumeration and you have to switch between the messages Okay The problem now is you don't know who to inform you about some Traffic events, so at least you have to think about how to route these messages and who could be interested in these messages therefore and for awareness-based communication the Really simple solution and which we use is that we simply broadcast this information So things we don't know which use cases may be happen actually we Use this broadcast approach. We call it single-hop broadcast things. We don't intend to forward these messages for the that's simply all right, but when you have The an event-based communication then you know which maybe who could be interested in it and for example for this broken down we down we have these the we know that all following cars may be Interested in this information, but all these cars which has already passed as they have have not any advantage with this information, so you can define and special area maybe and Send out a message which can be read or forwarded in These areas so that we can inform all these cars which are in this area you can find Yeah, that's so the Yeah, that's the two important routing mechanisms. We are using and in the in Europe here have the Protocol it's geo net it's called geo networking this supports some these two Wooting algorithms, but there are some more rooting algorithm, which is not so important But what you see is that these geo networking protocol has three headers the basic header and the common header have some normal not normal, but have some Controlling information about this protocol and the extended header has some additional data for these protocols for the algorithms we used to Yeah to broadcast this information The separation of the basic head on the common header I will talk about this later for the US They have only one header at this and it's had us really simple Things they was more focused on the awareness based communications. They don't need these additional algorithms, so this Had us simply and we have broadcast protocol and it's really easy As I already said these The title of the it's talks said this is based on 802.11 p There are booths standards are based on this so 802.11 requires an header that is called logical link control and Subnetwork access protocol this simply also in message multiplexing Yeah, and each kind of message as a fixed identifier and to see these easter types at the top The P extension of 802.11 is One flag This is these dot 11 OCB activated That means outside the context of BSS of the basic service set This simply disables all things Which has to do with this in excess points, so you have no excess point discovery You have no authentication No as a secretion no assembly all things which is with a basic access point things and there are some other things we don't need in this so at least the we use 802.11 only for broadcasts at this point Yeah, I think this is almost all about these headers, but I want to say something about these Frequencies we are using actually this is the frequency band we use and This is not fixed to any core technology, so Actually, you can use any technology in these events, but they have to be related to ITS things so and DUS and the European is a little bit different in the transmission power you can use but that's all Okay, this is Basically the standard that's the concepts of the standards in detail that you have to look in these standards How we use security and Vehicle-to-vehicle communication We have some requirements This is things we have to deal with safety related things and accidents We want to have the possibility to Authenticate the sensors a little bit so not anyone should send any messages as a little bit if dangerous in our view But we all want to protect the privacy of the drivers and we have some standard attacks We don't want to have so we play a text in such things But unfortunately, I don't know so much at the US of the US standard to this so I will only talk of the European standard Yeah The problem now is that we have to Think about security in the case this year We want We want to Have some security and I want don't want to change messages from anyone so The problem is now that we have to put some signature at the end of the security payload but When you use it Sorry We cannot use Ies or something like this because We have to use one shared secret and shared secret about sharing between Several millions cars maybe it's not a secret. So we have to use Sorry We have to use something like Sorry We have to use things like is or things like elliptic curves or something like this but The problem there is you have a private and a private key and a public key and this is Coupled together when you have one private key you there's or we have when you reads an identifier listen The public key Or you can decrypt it with a public key Then you have the problem that there's only one private key to it and then this isn't identified as unique So privacy is a problem. This is a pouch But therefore we have an pseudonym certificate and long-term certificates in each car To understand how it works and we have to look on the public key infrastructure Each car is provided with a long-term certificate and these long-term CA is direct on the You get these Certificate at the production time for each car. So each car has its own long-term certificate Things We want to have these technology to work over this different Manufactured of this cars from different manufacturers. We need a new chair somehow because each manufacturer will have its own long-term certificate certificate authority and We have all the future a feature that is called cross certification things We need different roots. They are because every country in Europe. Maybe we have its own roots. They are so that's the political decision But you are not allowed to use these long-term Certificate for communication with other cars for the communication with other cars you use these 30 sort of new certificates and One feature about this is that the car can change this certificate as it want so and You use these long-term certificate only for Authentication for the pseudonym certificate authority This of course knows about the roots. They are so that you don't know you don't have to know about these long-term certificates they are Certificate sorry long-term certificate Authorities so and you can get a lot of certain new certificates Therefore you have some kind of privacy because you have a lot of certain news Yeah, how many certificates you have the thing is you have More than 20 certificates and parallel for more for around about one week And you have some words when you have to change these certificates. That's that the ending star start and you have to Change these certificates every 10 to 30 minutes, but all these things are actually in a discussion That's not standard design yet And it will be standard design and the basic standard profile of the car-to-car communication consortium for the European Yeah, maybe it's not fixed actually Okay, but what means a pseudonym change As you see on the right is that we have the security isn't not a vertical layer and our Stackets and horizontal layer because you have to change every identifier you have. That's also includes the MAC address you use actually That's also means you have any Identifier in the applications and such and things so I would personally say that I the security should be like this in the stack image But we have another problem this sort of identifiers when you think about Communication awareness-based communication here we have something We need the vehicle dimensions to the dimensions to work with this. So and the vehicle dimension It's a small problem when you have a golf from Volkswagen or in normal beam V BMW or something like this. It's all okay, but when you drive in Lamborghini, that's a really unique vehicle dimension. It's really Low, but this is wide and long so that's more or less unique when you drive around with a Lamborghini Then you have the problem that these eyes also that and identify as things you are alone on the On the street all the other Cars around you will not like look like in Lamborghini. And so therefore we have We reduce the accuracy We use the accuracy of these Values so that's on 10 10 centimeters Yeah But you have to care about these things Okay The long-term certificates are valid for several years But they happen At one point you have to exchange these long-term certificates. That's even the same with the roots certificates, but As you see already we use elliptic curves for it and these standards are We talk a lot a long time about the standard and we actually use the nisco curves in the standards but Yeah, there's a discussion with the Bundesamt für Sicherheit in the information technique of Germany And they want to change this a little bit and one change is that the they want to have the brain pool curves For us, it doesn't matter We need an easy dsa 256 curve things our hardware acceleration actually works only with these curves but it's not On the curve we don't depend on a curve and Actually, we use these elliptic curves for every certificate in the standards and they want to change it all those but Yeah That will be all the change things we'd only need is for the communication between cars One thing about these heartless isolation is this is really important for us things we Be yeah, we anticipate that we have in the worst case around about 700 to 800 messages per second and then you get in problem with Validation of these certificates, so we need a million hardware acceleration at this point, but this is worst case calculation. So In the beginning we will not have this problem Okay, what else Yeah We need to think about more things at at the moment We have in communication and we can exchange data, but the problem is the interpretation of this data we have to Define really strange things or things we you don't expect at the beginning When you have a position which you share with all the cars around Your as an advanced drivers assistance system Developer you have the problem where's the reference position? This is in the center of the cars is on the front buffer Bumper or is on the rear buff bump bodies reference position because that means Maybe up to two meters different That's it's about such things. We have to talk with all the others OEMs and so we will synthesize this in a standard profile and the trigger conditions is About when you should send out and then a message to indicate that there's an event somewhere This is also not Not so easy to define in the United States We will have minimum minimum performance requirement performance requirements Yeah And then there are some challenges all those things When we talk about safety you want to know how the system Works at the boundaries on the system boundaries. So what happens when the channel is full? Then you can't send any more Messages or what happens or how far is the communication range which influences the The environmental of these cars so what which influences and bridge on these communication Technology and such things and even we have to think about coexistence with tolling gates and For instance Yeah Then also I want to introduce that The technical University in Park is actually working on a patch for the Linux kernel to support these also beats mode of IEEE at 102 point 11 Yeah, I hope it's not finished yet But I hope this becomes finished in the beginning of next year. You first find this on this Address when you are interested in an implementation of these upper layers and you can find it These one that's a form on GitHub I think there's some more implementation, but this actually something we also use Yeah, what in the future For the future you have to know a little bit about Driver assistance systems Many of us think as an engineer about These driver assistance systems and then you have to do you have a control loop then with sensors at the beginning With many sensors at the beginning Since these data's are not so easy to interpret it though We have been like a fusion to to generate one world view for this car Then you have an interpretation and a variation Then you get some plan to which you want to do what you want to do in the traffic and then you have Need a controlling unit which controls all your actuating things which Act affects the way world and then you can or gain measure the new things you see The standards are normally we refer We equal to vehicle communication as a sensor Things you can provide a lot of information to these driver assistance systems but things You send out also information it's a kind of Actuating elements so vehicle to vehicle communication is not only a sensor Yeah, and this is something This the right side is something we will do a lot in the in the future, but come back to the left side first Actually, we sent out with these events based communication a lot of status information From one vehicle, but we also add some Information about other vehicle. So when you see with your radar or with a sensor a car for example this car behind this Building then you can send out this Measurement or these distance to this car also is from the red cars And then maybe the blue car will have some advantages to know about this car on the right side Yeah, this is actually and the second idea is that We can Exchange the planned trajectories of cars. So when you precast these you you plan For several seconds five seconds to ten seconds maybe and you send it out. It's will improve the Yeah, your your assumptions about how the environment will evolve in In the next seconds and this is really a nice information for planning some maneuvers on the street and maybe in the end we also we are able to cooperate with these things to Plan maneuvers with different cars together to cooperate So that's the ideas we have in the future, but we are actually in the concept part of this phase of this So, yeah for me, I'm ready now finished now. So do you have any questions? The first two questions go to the internet Yes, thank you Instead of sending single events why not broadcasting this standardized set of sensor data So every car can calculate what is relevant to them. This would maybe be more future proof in terms of autonomous driving Yeah, that's that's totally right. This is more these awareness-based communication which I've talked about Yeah, that's something we want to do actually, but we will not send out the Normal sensor data. We will more send out distances between cars and something like this, but yeah, this is planned actually so Next question for me internet Yes, thank you. How much would a system be affected when the root CA? The private key of a root CA is exposed like it we have seen from Sony and Lenovo Etc. Yeah, that's this is a problem actually Which have to cover but you saw already that we have these cross certification and when you exploit this Maybe you can sort this problem then you assume that you Cross set as you sign this Different would say as one long-term certificate then it's not so important when one would say as not trust You cannot trust one who's who's we are anymore Then you switch to the second who's there so that's maybe that's an solution to it Okay, next question over here. Okay. I'd like to thank you for your torque I have seen that you are monitoring also other activities in this area Do your first I want to make you aware that there is One activity by Intel BMW and some British University. I can't remember Which is doing Something comparable, but competing Which is yeah, okay? I don't want to go in too much details. I want to make a way of this do you and then second Do you think what's about availability? I know that Volkswagen is Strongly behind the car-to-car concept, but I know that other car makers Going more to a server-based Communication so that cars are not really communicating to each other but via servers in via back-end servers And I know some other things behind that Yeah, this is right you You have different possibilities to solve this problem So in the end you will have some kind of vehicle to vehicle communication But it's not so clear in the end how you will solve this Problem so you can use Wi-Fi like this or you can use back-end Related communication The problem with back-ends actually is that you need coverage with you Yeah, you need to coverage with your mobile devices So if you are in the tunnel or something you don't have any more vehicle-to-vehicle communication This is Wi-Fi based solution has coverage in this case And you have maybe some trouble with the latencies This will become less and less the problem things the technology will become better, but yeah, there are some other issues with back-end based communication Okay, next question over there. Yeah, I got a I got a question regarding the concept When I buy a car, I receive a unit that is able to send out messages that a Cryptographically signed or whatever. How do I how do I keep people from just using that to perform denial of service attacks on the Autobahn? Denial it's not possible. You can't denial services attacks. You can't Prevent songs, but this is always the same. So When you want to make a DDoS attack on this technology, you can simply buy a disturb in the frequencies. We are using you can't Prevent it the the trick is to detect these so we need some measures to detect these DDoS attacks and then we have to Yeah, stop the car or something like this. We have to we need some backup solutions for how to react with the car Thank you. Okay next question over there Hey, thanks for the talk. It was really interesting overview. I guess I have a question about the the pseudonymous certificates So I understand that this takes away the The immediate danger or tries to take away the immediate danger of exposing your Location profile to the cars Or the location history to the cars in your immediate vicinity But you can still build a complete Location history for Some car by just collecting all the data because the root CA clearly knows what the What what pseudonymous certificate belongs to which car? So or is there something like blind signatures in place? And there's another problem I think So how do you handle certificate pseudonymous certificate switch? Because you if you're going somewhere and you keep receiving messages from certificate one and at one point you just start receiving messages from certificate two That you know that certificate one is now certificate two Yeah, the second one is some problem for the applications or for the driver systems systems Yeah, this is you can overcome this because you know that a weak you cannot jump so I mean, I mean you can clearly tell that that is the same vehicle So you lose the privacy protection of that pseudonymous certificates step or am I wrong? Yeah, you cannot use any more these identifiers by the by the certificate that's right, but these cars not jumping around so the cars driving a straight line and when you see that there's an 30 Absorption you miss vanished and there's a new at the same point and going this same line You know how from the physics or it should be the same cup That's exactly what I'm what I'm trying to say So so you why even do pseudonymous certificates if you can still completely track that one car Yeah, that's that's the other question yeah, that's the first question I was referring to the second question actually and The first question. Yeah, that's the problem now is yes, it's possible But not the roots here is knowing about this because the roots here only science these certificates of the HTCA and the pseudonymous a but The problem is with these that also technologies are also Possible to use for the same reason. So you have an idea on your license plate Driving around all the time. So when you use a camera, it's much easier to do the same thing Yeah, but I can change the license plate Even when you change the license Yeah, but now it's kind of time to remind everyone that the question is a short sentence ending with question mark and Next question over there, please. Yeah at first. Thank you for your talk and my question is who is running the roots? Yes, is it the country or is it a company running this or is it an Independent authority like the car-to-car communication consortium. It's depends It's it's it's a political decision in the end. I Think for infrastructure in Germany, for example, it's running by the government or some Institute of the government, of course Things they wanted to have this is a political decision, but Anyone can in the end and you have to cross sign all these Would say us that's the political decision. I can't Say much about this actually, okay, we will see okay next two questions for the internet No questions anymore. Okay, fine over that on If you sign locally in the car the pseudonymus signature key material is stored on the car or Generated on the car if you think about car Use times or that cars are in the field for 10 or 12 or 15 years How do you guarantee that the security of the security chips is not compromised? Yeah, that's that's hard but We will exchange these certificates and these ships at the service and at the car dealer What's happened when these? Yeah, I wouldn't are not safe anymore is that we should exchange these hardware to car dealers at the service Yeah Yes Yes, some follow-up question to that So if I'm an attacker, I will not go to the service point, but just buy a car and then five or ten years later Use that car to send fake messages that would be my my attack Yeah, then We will war we actually work on security measurements inside the car, so it's not so easy to exchange any parts and Introduce any data on the can in the end Actually, it is possible at the moment, but there will be some measure measure against these attacks Okay, next question over there Okay How do you I understand you're using some kind of private key a public key? encryption or authentication, so you said also you generate 20 As Certificates per week. Yeah, how do you transfer those public keys to all the cars from the millions cars here on the car on the street? Okay, I forget to mention that the security headers. I've had there and Sorry, it's a little bit I Think so the security You provide these certificates with every message in the worst case So normally we have some measurements to reduce it, but when you send out this message You also add the certificate at the end of the message. Okay, so I've signed my own Stuff This is the third certificate Sorry This one Oh So you don't sign your your certain human certificates and you get it's certain human certificates from the certain human Certificate authority, but if I send out my messages and I send out the public key Sorry I've sent out my message and send out the public key as well. So I can't send anything Why you have to private key is in your car. You can't sign this message as You sign this message with the private key as a signature But the public key must be known to the receiver. Yeah, you add these pop Public key at the end of the message and this is all this public key is signed by the so new Certificate and you know you need to know the who's chain, of course and you can also Send out these you at the end you need to know about the root CR who certificates in your car This is something we have to put in the car at the beginning And maybe to add later, but when you know this you can Prove all these the whole shame. Okay next question over there So when an attacker comes in a situation to be able to sign messages with fake data, is it possible to? DDoS other cars by sending out Messages that trigger emergency breaks for example in other cars and can't this trigger more accidents in the end So for cars that are not involved in the system. Yeah You you when you have these possibilities, of course, you can send out these messages and trigger some events You we won't don't want to have but Then we have some some additional sensors So we don't rely on you on vehicle to vehicle communication We also use all these other sensors and you get in a problem that you have you invalidate some logic in the car So you can detect such Things and then you will simply don't listen to these messages on anymore Sorry When I simulate the car at all So if I just take the hardware that signs the messages and put it on a ECU that I totally control Then the messages can't be distinguished between the real and fake messages. Yeah, it you you will be How to yeah, then I have a driver's assistant system You don't rely on your own vehicle to vehicle communication. That's you will not do do it's the same with Radar you don't only rely on these Radar so you use a lot of sensors and you have a Sensor set and when you send us said has some logical things which is not Logical then use can detect it and then we will stop the car or something like this or you will disable these Features and to inform the driver. This is the only solution to it, but you can detect it Next question over here Can you say what is the average length of cam and then? messages and what format and What lengths has the Certificate so will you use the wave format from the US or an Own developed at the format that's we have the the only developed at the format the length is That's hard question things We can leave out some parts of the messages depending on the sending frequency and such things so we have wound about 270 in the mean 270 in the mean 300 bytes at the end the mean but For cam or for cam for dynamics a little bit larger, but it's really hard. It depends on your use case and ratio between plane text and and security information so Certificate 50% 50% Security is really large at this point. So that's the reason why we use elliptic curbs. It's some smaller certificates Next question over there Yeah, thank you One question is Is it planned that the certificates can be revoked and if so? How does the revocation information get into the cars? Sorry, can you repeat the second? How do the revocation information get into the cars will there be some kind of? CRLs or OCSP services or whatever Revocation is not Defined yet because you have to as the thing is you don't need to bring the revocation the car at with this Public key infrastructure because you have to live one week With the problem things then you need new certificates for the absurd new Certificates, so you only need the revocation at the moment Deep so the new CS the problem is that when you never know Which Certificates are used things you have no identifier You have to detect this. That's the more the problem actually but as far as I see The typical Application of car-to-car communication is just cases when your sensors Actually can't help anything because you don't see the car in front of the long vehicle. That is just breaking Yeah, that's That we try to change this with these one of these future aspects So when you have a car in front of you, which you see which action then you can have some These measurements of other cars too and you can validate it. So This leads to a situation when I take I have to Attack all these cars around you to make this Make a logical data Validation so that the validation of the data is somehow Yeah, we happen to write so that's one thing we like to do about this and Yeah, it's but it's still a problem. So it's the reason But we assume that you use these data for planning and You can use this data It gets it deep How to the emergency brake light is maybe really a problem at its point But we try to for drive advance driver assistance since we try to Use this data for planning and then when you see the plan is not working out you have to need you need a back Fall back somehow. It's always about fall backs Okay, thank you at least one more question over there Have you thought about the following problem? I mean you you have a lot of cars in the world and you have every car has a lot of these pseudonym Certificates so it shouldn't and as an attacker who wants to spoof Messages you just need one valid pseudonym certificate To do a lot of harm Shouldn't it be relatively easy to I don't know spend some money on a cluster and Produce a lot of private keys Since there are so many pseudonym certificates for so many cars shouldn't be maybe relatively easy to to get just one valid pseudonym certificate to do some harm You haven't yeah, you haven't validation as you you you haven't time valued Time restriction of these pseudonym certificates. So when you have this you have it for one week at the end and Yeah, you have to live with this problem, but you have it's not worldwide we have in Europe or in the U.S But yeah, it's possible. So the the certificate Can we cut the short? If the person over there can compress the question in less than 20 seconds, we may be able to do that as a last question Yeah, okay. Thanks. I just want to ask we see every year breaking security Concepts on this conference. So how are you securing? Your model with now in the standard defining easy DSA 256 and saying a we have hardware acceleration for this With seeing that car is even a long-term product Yeah, when this happens you have to find solutions and you have to exchange, but wouldn't we change it by Thank you all very much throughout the time You