Skip to main content

SIUV: A Smart Car Identity Management and Usage Control System Based on Verifiable Credentials

Part of the IFIP Advances in Information and Communication Technology book series (IFIPAICT,volume 625)


The automotive industry is witnessing an accelerated growth in digital innovations that turn modern vehicles into digital systems. This makes the security of modern vehicles a crucial concern as they have evolved into cyber-physical and safety-critical systems. Therefore, stateful identity management and continuous access control have become a paramount requirement in smart vehicles. Indeed, several Identity and Access Management (IAM) frameworks have been proposed in the automotive field, but context awareness and continuity of control remain overlooked. To address these challenges, we present SIUV: a stateful smart-car IAM that is based on Usage Control (UCON) and Verifiable Credentials (VCs). SIUV uses Attribute Based Access Control (ABAC) policies to issue privileges to subjects (i.e. drivers or applications) according to their credentials and claims. The issued privileges are then used to decide whether to grant or deny access to in-car resources. Furthermore, the system continuously monitors subject claims, resource attributes and environmental conditions (e.g. location or time). Hence, if a change occurs, the system re-evaluates policies and updates or revokes issued privileges and usage decisions accordingly. We describe the architecture of SIUV, discuss the evaluation results, and define future directions.


  • UCON
  • IAM
  • Automotive
  • Smart car
  • Verifiable Credentials
  • Principle of Least Privilege
  • ABAC
  • ALFA
  • Ed25519

This is a preview of subscription content, access via your institution.

Buying options

USD   29.95
Price excludes VAT (USA)
  • DOI: 10.1007/978-3-030-78120-0_3
  • Chapter length: 15 pages
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
USD   119.00
Price excludes VAT (USA)
  • ISBN: 978-3-030-78120-0
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
Softcover Book
USD   159.99
Price excludes VAT (USA)
Hardcover Book
USD   159.99
Price excludes VAT (USA)
Fig. 1.
Fig. 2.
Fig. 3.
Fig. 4.
Fig. 5.


  1. 1.

  2. 2.


  1. Ammar, M., Janjua, H., Thangarajan, A., Crispo, B., Hughes, D.: Securing the on-board diagnostics port (OBD-II) in vehicles. In: 8th Embedded Security in Cars (ESCAR USA) (2020)

    Google Scholar 

  2. AUTOSAR: Explanation of Adaptive Platform Design, March 2019.

  3. Bernardini, C., Asghar, M.R., Crispo, B.: Security and privacy in vehicular communications: challenges and opportunities. Veh. Commun. 10, 13–28 (2017)

    Google Scholar 

  4. Bernstein, D.J., Duif, N., Lange, T., Schwabe, P., Yang, B.-Y.: High-speed high-security signatures. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 124–142. Springer, Heidelberg (2011).

    CrossRef  Google Scholar 

  5. Brendel, J., Cremers, C., Jackson, D., Zhao, M.: The provable security of ed25519: theory and practice. In: 2021 IEEE Symposium on Security and Privacy (SP), vol. 1, pp. 715–732 (2021). ISSN: 2375–1207

  6. Burkacky, O., Deichmann, J., Doll, G., Knochenhauer, C.: Rethinking car software and electronics architecture, February 2018.

  7. Burkacky, O., Deichmann, J., Klein, B., Pototzky, K., Scherf, G.: Cybersecurity in automotive: mastering the challenge, June 2020.

  8. Chen, L., Moody, D., Regenscheid, A., Randall, K.: Recommendations for discrete logarithm-based cryptography: elliptic curve domain parameters. Technical report, National Institute of Standards and Technology (2019)

    Google Scholar 

  9. Deichmann, J., Klein, B., Scherf, G., Rupert, S.: The race for cybersecurity: protecting the connected car in the era of new regulation, October 2019.

  10. Denis, F.: libsodium: a modern and easy-to-use crypto library (2017).

  11. Dimitrakos, T., et al.: Trust aware continuous authorization for zero trust in consumer internet of things. In: 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), pp. 1801–1812 (2020).

  12. Dürrwang, J., Braun, J., Rumez, M., Kriesten, R.: Security evaluation of an airbag-ECU by reusing threat modeling artefacts. In: 2017 International Conference on Computational Science and Computational Intelligence (CSCI), pp. 37–43. IEEE (2017)

    Google Scholar 

  13. Hamad, M., Prevelakis, V.: Secure APIs for applications in microkernel-based systems. In: ICISSP, pp. 553–558 (2017)

    Google Scholar 

  14. Hu, V.C., et al.: Guide to attribute based access control (ABAC) definition and considerations (draft). NIST Special Publication 800(162) (2013)

    Google Scholar 

  15. Josefsson, S., Liusvaara, I.: RFC8032: Edwards-curve digital signature algorithm (EdDSA). Request for Comments, IETF (2017)

    Google Scholar 

  16. Kim, D.K., Song, E., Yu, H.: Introducing attribute-based access control to AUTOSAR. Technical report, SAE Technical Paper (2016)

    Google Scholar 

  17. Lazouski, A., Martinelli, F., Mori, P.: A prototype for enforcing usage control policies based on XACML. In: Fischer-Hübner, S., Katsikas, S., Quirchmayr, G. (eds.) TrustBus 2012. LNCS, vol. 7449, pp. 79–92. Springer, Heidelberg (2012).

    CrossRef  Google Scholar 

  18. Miller, C., Valasek, C.: Remote exploitation of an unaltered passenger vehicle. Black Hat USA 2015, p. 91 (2015)

    Google Scholar 

  19. OASIS: Abbreviated language for authorization Version 1.0 (2015).

  20. OASIS: eXtensible Access Control Markup Language (XACML) Version 3.0 Plus Errata 01 (2017).

  21. Park, J., Sandhu, R.: The UCONABC usage control model. ACM Trans. Inf. Syst. Secur. (TISSEC) 7(1), 128–174 (2004)

    CrossRef  Google Scholar 

  22. Rumez, M., Duda, A., Gründer, P., Kriesten, R., Sax, E.: Integration of attribute-based access control into automotive architectures. In: 2019 IEEE Intelligent Vehicles Symposium (IV), pp. 1916–1922. IEEE (2019)

    Google Scholar 

  23. Rumez, M., Grimm, D., Kriesten, R., Sax, E.: An overview of automotive service-oriented architectures and implications for security countermeasures. IEEE Access 8, 221852–221870 (2020)

    CrossRef  Google Scholar 

  24. Samsung: Automotive Processor Exynos Auto V9.

  25. Sporny, M., Longley, D., Chadwick, D.: Verifiable credentials data model 1.0. Technical report, W3C, November 2019.

  26. Wouters, L., Marin, E., Ashur, T., Gierlichs, B., Preneel, B.: Fast, furious and insecure: passive keyless entry and start systems in modern supercars. In: IACR Transactions on Cryptographic Hardware and Embedded Systems, pp. 66–85 (2019)

    Google Scholar 

Download references

Author information

Authors and Affiliations


Corresponding author

Correspondence to Ali Hariri .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and Permissions

Copyright information

© 2021 IFIP International Federation for Information Processing

About this paper

Verify currency and authenticity via CrossMark

Cite this paper

Hariri, A., Bandopadhyay, S., Rizos, A., Dimitrakos, T., Crispo, B., Rajarajan, M. (2021). SIUV: A Smart Car Identity Management and Usage Control System Based on Verifiable Credentials. In: Jøsang, A., Futcher, L., Hagen, J. (eds) ICT Systems Security and Privacy Protection. SEC 2021. IFIP Advances in Information and Communication Technology, vol 625. Springer, Cham.

Download citation

  • DOI:

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-78119-4

  • Online ISBN: 978-3-030-78120-0

  • eBook Packages: Computer ScienceComputer Science (R0)