Hacker News new | past | comments | ask | show | jobs | submit login

It should be encrypted and the owner of the vehicle should be in control of the keys.



You can decouple the encryption and decryption keys such that the private key would never be present in any Tesla system at any point in time[1]. And you can introduce a ratchet such that compromising the Tesla car at time t0 would not enable the attacker to decrypt any encrypted data at t[n < 0].

[1] Asymmetric crypto KEM + ephemeral symmetric key + encrypted block. eg. <https://libsodium.gitbook.io/doc/public-key_cryptography/sea...>


That works right up until the user loses the key and demand access anyways. Or they sell the car and keep a copy of the key.


Updating a car with a new key would fix both problems. Old recordings would be lost, of course, but customers hearing "I can't unlock that without your old key" may be necessary to re-establish trust.


Absolutely and that is why you can't use an HSM. Thankfully generating keys on device and storing them on the cloud account encrypted by a passcode works. As the keys are a predictable size you can encrypt them multiple times with different passcodes.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: