惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

L
LINUX DO - 最新话题
G
Google Developers Blog
J
Java Code Geeks
The GitHub Blog
The GitHub Blog
F
Full Disclosure
H
Help Net Security
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
Vercel News
Vercel News
酷 壳 – CoolShell
酷 壳 – CoolShell
Recent Announcements
Recent Announcements
Help Net Security
Help Net Security
The Hacker News
The Hacker News
IT之家
IT之家
Y
Y Combinator Blog
Martin Fowler
Martin Fowler
L
Lohrmann on Cybersecurity
C
CERT Recently Published Vulnerability Notes
V
Visual Studio Blog
博客园 - 聂微东
Hacker News: Ask HN
Hacker News: Ask HN
H
Hacker News: Front Page
Know Your Adversary
Know Your Adversary
Security Latest
Security Latest
Security Archives - TechRepublic
Security Archives - TechRepublic
Simon Willison's Weblog
Simon Willison's Weblog
www.infosecurity-magazine.com
www.infosecurity-magazine.com
T
Troy Hunt's Blog
Last Week in AI
Last Week in AI
Schneier on Security
Schneier on Security
N
News and Events Feed by Topic
博客园 - 【当耐特】
有赞技术团队
有赞技术团队
AWS News Blog
AWS News Blog
Blog — PlanetScale
Blog — PlanetScale
博客园_首页
Google DeepMind News
Google DeepMind News
Cloudbric
Cloudbric
N
News | PayPal Newsroom
A
About on SuperTechFans
S
Schneier on Security
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
Hugging Face - Blog
Hugging Face - Blog
M
MIT News - Artificial intelligence
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
雷峰网
雷峰网
T
The Exploit Database - CXSecurity.com
罗磊的独立博客
K
Kaspersky official blog
The Cloudflare Blog
I
Intezer

MEDIANAMA

India in talks with US, Anthropic for Mythos access; no Indian firms in Project Glasswing yet Eternal Q4FY26: All Users Pay Higher Platform Fee, Only Some Get Discounts Amazon, Meta to challenge PhonePe-Google Pay dominance as UPI cap delayed since 2020 Meta failed to protect the safety of under-13s: European Commission If markets and regulators are ready for network slicing, we are ready: JIO Why defining ‘news’ won’t fix the free speech problems of draft IT Rules? #NAMA Eternal Q4FY26: Goyal Dismisses AI Disruption Risk as Zomato Quietly Builds Agentic Commerce Infrastructure Karnataka files appeal challenging the bike taxi ban lift in the Supreme Court How did WhatsApp turn 17 govt. flags into 9,400 digital arrest scam bans? Google Wallet integrates Aadhaar as digital ID, expands India’s mobile identity ecosystem Kerala HC issues notice on MediaOne’s Facebook page block in India MeitY warns VPN providers against enabling access to blocked betting platforms Shreya Singhal targeted private censorship. Today’s threat is the State #NAMA Amazon scales its quick delivery service ‘Amazon Now’ in 100 cities Can MeitY issue binding rules via advisories? Experts raise alarm over draft IT Rules #NAMA How 2019 election code of ethics became India’s three-hour content takedown mandate #NAMA Australia proposes new levy on big tech to fund news, opens draft law for consultation ‘judge, jury, executioner’: experts warn of Inter-Departmental Committee (IDC) overreach under New draft IT Rules Lowdown: TRAI flags low deployment under PM-WANI in public Wi-Fi consultation paper Why the NBFC licence matters for MobiKwik China blocks Meta-Manus deal, asserts origin-country jurisdiction: what this means for India ‘No transparency’: experts warn of expanding powers to block online speech in India #NAMA X launches standalone iOS messaging app XChat with encryption in India How India’s content takedown framework was built and where It has gone wrong #NAMA Claude Mythos puts India on alert: CERT-In, telcos, banks assess unprecedented cyber risks Explained: why did the RBI cancel Paytm’s banking licence? Meta now instantly blocks content in India Govt. asks ZEE5 to halt ‘Lawrence of Punjab’ web series release Online Gaming Rules notified, to be in effect from May 1, what are the major changes? RBI mandates additional factor authentication for e-mandates No notice, no explanation, no recourse: how content creators experience censorship in India #NAMA Telangana Police invokes UAPA to demand TeluguScribe’s user data from X Lowdown: RBI releases draft PPI rules covering capital requirements, wallet limits & escrow norms MeitY tightens AI label rules, mandates continuous disclosure Watch Live: IT Rules and the Future of Online Speech in India, Delhi April 23, #NAMA Govt. defends 4 PM YouTube ban, cites foreign influence and ‘digital lobbying’ in Delhi HC Anthropic’s Mythos AI accessed without approval via third-party vendor route: Report YouTube expands AI likeness detection tool to celebrities amid deepfake surge ECI orders 3-hour takedown rule for AI and fake content in elections Final Call: IT Rules and the Future of Online Speech in India, Delhi April 23, #NAMA Announcing Speakers: Victims of Censorship | IT Rules and the Future of Online Speech in India, Delhi April 23, #NAMA Apple withholds financial data as India App Store antitrust case heads to final hearing Sony rolls out age checks in Playstation in the UK, users to prove age to access chat Vercel confirms hack via third-party AI tool, says sensitive data safe Karnataka High Court stays blocking orders against Proton Mail J&K DMs impose sweeping 60-day social media curbs; IFF calls them “illegal, overbroad” Flipkart plans ticketing entry, food delivery pilot in May ahead of IPO ANI v OpenAI: Not Everything an LLM Does is Copyright Infringement EU’s “safe by design” age-verification app cracked in minutes, raising data security fears Molitics’ Instagram suspended days after Facebook ban Speaker Announcement: IT Rules and the Future of Online Speech in India, April 23, 2026, Delhi X has only responded to 13 out of 94 takedown notices since 2024: Centre tells Gujarat HC Jio Financial Services Q4FY26 profit declines 14% to Rs 272 crore Bombay HC cracks down on fake ‘NSE’ social media handles amid rising impersonation fraud Government drops proposal to mandate Aadhaar app on smartphones Ola’s Krutrim quietly shuts down its agentic AI assistant ‘Kruti’ Anthropic taps Peter Thiel-backed Persona for Claude ID checks, raising DPDP concerns YouTube rolls out option to turn off Shorts, expands time controls Amnesty calls for ‘immediate withdrawal’ of India’s 2026 IT Amendment Rules, cites threat to free speech and privacy Lowdown: Insurers have to comply with DPDP as IRDAI updates Cyber Security Guidelines European Commission proposes Google have to share search data with rivals under the DMA AIGEG: MeitY’s new AI governance body excludes regulators recommended by its own AI guidelines Amazon acquires Globalstar for $11.57 Billion: What it means for India European Commission rolls out privacy-focused age verification app for child safety Reading List: IT Rules and the future of online speech in India, April 23, Delhi #NAMA Digital rule, colonial echo – India’s IT Rules 2021 amendments Agenda: IT Rules and the future of online speech in India, Delhi, April 23 #NAMA Motorola gets court order to block YouTube videos critical of its phones in India Apple and Google promote ‘nudify’ apps despite policy bans, report finds National security could be used to mandate registration of online games HBO Max enters India via JioHotstar partnership Andhra Pradesh police detain stand-up comedian Anudeep Katikala over YouTube video jokes Aptoide sues Google for app store monopoly, alleges ‘anticompetitive chokehold’ HBO Pushes X to Unmask User Behind Euphoria Season 3 Spoilers Delhi HC directs DoT, MeitY to take action against Tucows for failing to take down infringing URLs in Premier League case Claude users say accounts suspended after being incorrectly flagged as minors MeitY may let users, intermediaries join content-blocking hearings Sucheta Dalal challenges Delhi Court order using ‘Right to Be Forgotten’ in Sterling Biotech case Govt launches Rs 10,000 Cr Startup India Fund of Funds 2.0 to bridge early-stage funding gap in deep tech Advisories as Law? Panelists Debate Legal Sanctity Under Draft IT Rules Amendments Independent journalists in Punjab allege censorship by ruling AAP using copyright strikes, IT act Supreme Court Issues Notice on PIL Seeking Biometric Verification of Voters Fact-check: MP Nishikant Dubey’s claim on X community notes & Australian tax is false “No scientific evidence”: 438 scientists call for pause on age-based controls until benefits and risks understood Developer partially bypasses Google’s AI watermark, undermining detection India’s deepfake rules rely on Event Announcement: IT Rules and the Future of Online Speech in India, April 23, #NAMA UK plans jail risk for tech executives over failure to remove intimate images Press bodies demand ‘unconditional withdrawal’ of draft amendment to IT Rules, warns of free speech threat Zoho revenue crosses Rs 12,000 crore in FY25, but profit slips 3% YouTube’s AI avatar tool for Shorts raises questions around India’s deepfake rules, personality rights Instagram expands safety settings on teen accounts with 13+ content ratings Digi Yatra is eyeing international travel roll-out with passport-based enrolment Meta’s new AI model Muse Spark is coming to WhatsApp. Here is what that means for Indian users Andhra Pradesh explores DigiLocker age tokens for social media curbs on children aged 13-16 Kunal Kamra tells Bombay HC police sent “thousands” of takedown notices via Sahyog portal Extra safeguard for the elderly: RBI suggests trusted person approval for high-value digital payments Delhi court orders Google to remove Sterling Biotech case links, cites ‘right to be forgotten’ RBI Proposes 1-hour delay, customer controls for digital payments as frauds surge Should only MIB-authorised apps be allowed to stream free TV on Smart TVs? TRAI Seeks Inputs OpenAI releases child safety policy framework recommendations to combat AI-enabled CSAM
TRAI mulls spectrum allocation, pricing norms for wireless communication from vehicles
Amit Singh · 2026-05-04 · via MEDIANAMA

Downloads:

Consultation paper on the regulatory framework for Vehicle-to-Everything (V2X)
communication

The telecom regulator TRAI has floated a consultation paper to explore spectrum allocation, pricing and authorisation frameworks for vehicle-to-everything (V2X) communication technology. V2X enables vehicles to wirelessly exchange real-time data with other vehicles (V2V), road infrastructure (V2I), pedestrians (V2P), and mobile networks (V2N). This includes critical information such as location, speed, braking, and blind-spot alerts.

Why this matters: In 2023 alone, India lost 1.73 lakh lives to road accidents. 92% of road accidents worldwide are attributed to human error. V2X technology can tackle this challenge head-on. However, India has not set up a single roadside unit (RSU) as part of the proposed intelligent transport system as of April 2026. RSUs function as a communication infrastructure deployed along roadways to enable vehicle-to-infrastructure interactions.

  • The core security challenge: V2X messages are intrinsically broadcast-based. Vehicles continuously share information with other vehicles, network providers, and roadside units. These messages carry safety-critical data, including collision warnings and emergency braking signals, in real time. This means that any security failure goes beyond a mere data breach. It could potentially lead to fatalities. Unlike conventional digital authentication, V2X authentication must happen within milliseconds, without human intervention.
  • The surveillance problem: Since V2X systems continuously share vehicle data, including location, with other vehicles and cellular data network providers, this could enable round-the-clock surveillance, profiling of user behaviour and the misuse of personal data. Such risks raise significant concerns, particularly regarding data protection and individual privacy rights.

What the DoT has proposed for India: The Department of Telecom (DoT) has proposed adopting Cellular V2X (C-V2X) as the standard Intelligent Transport System (ITS) for India, resolving a long-running global debate between C-V2X and the traditional Dedicated Short Range Communications (DSRC) system.

  • Further, it recommends the 5.875–5.925 GHz band for C-V2X technology. While 30 MHz of spectrum within the 5.875–5.925 GHz band has been earmarked for initial deployment, an additional 20 MHz (within the 5.905–5.925 GHz range) will be reserved for future ITS applications.
  • Notably, the TRAI consultation paper proposes a dual licensing framework for V2X technologies. Within the 5.875-5.925 GHz, on-board units (OBUs) will be exempt from a licence under certain conditions. This would enable easy installation of OBUs in all types of vehicles, encouraging widespread adoption and accessibility for individual users. An OBU (on-board unit) is an electronic device installed in a vehicle that records traffic and driving data and connects to roadside and satellite navigation systems.
  • On the other hand, a licensing framework would apply to RSUs, with appropriate spectrum charges to ensure proper deployment, maintenance, and operation in lower-power, short-range spectrum. The state government, any other authority empowered on its behalf, the National Highways Authority of India (NHAI), or any other road-owning agency will handle oversight and authorisation for RSU installation.
  • The V2I (vehicle-to-infrastructure) communication service authorisation is expected to be granted primarily to public entities, including state governments, city bodies, and the National Highways Authority of India (NHAI), rather than to commercial telecom operators.
  • Private entities may be considered for non-safety V2X applications. TRAI is mulling whether RSUs and OBUs should be brought under the Mandatory Testing and Certification of Telecommunication Equipment (MTCTE) regime.

How is the proposed licensing regime different from those in other countries?

  • For OBU: Globally, there is no individual licensing for OBUs. The OBUs are license-exempt (or Class Licensed globally by rule, with no individual license required).
  • For RSUs: In Europe, RSUs are license-exempt, and in a few other countries (e.g., Australia, Indonesia), they are class-licensed with no individual license required due to spectrum safety considerations. In other countries, RSUs are licensed by competent authorities, such as road operators and traffic agencies, as the main entities.

Country-by-country security framework

  • United States — Security Credential Management System (SCMS): The US uses a distributed Public Key Infrastructure, explicitly designed to prevent any single entity from linking a vehicle’s identity to its communications. Trust is spread across multiple independent Certificate Authorities. The system relies on short-lived pseudonym certificates that rotate frequently. It includes misbehavior detection and certificate revocation to exclude compromised devices from the network.
  • European Union — Cooperative Credential Management System (CCMS): The EU uses a harmonised ETSI-based trust framework defined by ETSI TS 102 941 and ETSI TS 103 097. It enables interoperability across all EU member states through a common trust model with standardised certificate lifecycle management. Vehicles use pseudonym-based authorisation tickets that rotate periodically. The framework includes mechanisms for detecting misbehaviour and revoking access.
  • Australia has adopted the ETSI EN 302 571 standard for its ITS Class Licence conditions, operating in the 5855–5925 MHz band with a maximum EIRP of 23 dBm/MHz.
  • China — National Sovereign Security Architecture: China has built a highly centralised, state-controlled framework through the national standard YD/T 3957-2021, driven by the CCSA and CAICT. It implements a Chinese Security Credential Management System (C-SCMS) with government-controlled root certificate authorities and a nationally managed trust framework. Unlike the US and EU, China uses domestic cryptographic algorithms — SM2, SM3, and SM4 — rather than the global elliptic curve cryptography (ECC) standards, while retaining core features such as pseudonym certificates and message authentication. China’s Ministry of Industry and Information Technology (MIIT) allocated 20 MHz in the 5905–5925 MHz band for LTE-V2X.

Risks of deploying V2X

Cybersecurity Risks

  • Spoofing: A malicious actor can transmit fabricated V2X messages such as false collision warnings, fake emergency vehicle alerts, or non-existent hazards, impersonating legitimate vehicles or roadside units. This can force sudden braking, cause lane changes into oncoming traffic, or create artificial traffic congestion.
  • Replay Attacks: Previously captured legitimate V2X messages can be retransmitted by an attacker at a later time or location, causing vehicles to react to stale or inapplicable safety information.
  • Sybil Attacks: A single attacker can create multiple fake identities within the V2X network, impersonating multiple legitimate vehicles. This could create phantom traffic jams or manipulate the collective decision-making of connected vehicles.
  • Message Tampering: V2X messages in transit can be altered. For example, changing speed or direction data, modifying hazard severity levels, or deleting critical alerts altogether.
  • Denial of Service (DoS)/Availability Attacks: V2X channels can be jammed or flooded with spurious messages, degrading or eliminating the availability of safety-critical communications.
  • Infrastructure Compromise: RSUs are deployed outdoors, often in remote highway locations, where physical and network access may be vulnerable. A compromised RSU can inject malicious messages into the V2X network, affecting all vehicles within its range, functioning as a trusted insider threat within the PKI hierarchy.

Privacy and Surveillance Risks

V2X systems continuously broadcast a vehicle’s location, speed, direction, and timing to surrounding entities. The paper identifies this as enabling, without adequate safeguards:

  • Persistent surveillance of individual vehicles over time
  • Profiling of user behaviour: patterns of movement, regular routes, frequent stops, time of travel
  • Misuse of personal data: linking movement data to vehicle owners or individuals

Currently, India has not proposed a V2X-specific privacy protection framework. The pseudonym certificate rotation mechanism, the primary technical privacy protection used globally, depends on the PKI architecture that India has not yet finalised.

The India-Specific Structural Risk: PKI Incompatibility

India’s existing digital trust infrastructure is incompatible with global V2X security standards. It only recognises the ITU-T X.509 certificate format. Both global V2X security stacks — IEEE 1609.2 and ETSI ITS — use different certificate formats. The two are structurally incompatible, and no global standard exists to bridge them.

Any bridging solution would require custom system-level development, making it globally non-compatible, meaning Indian-equipped vehicles would not automatically be able to communicate securely with V2X infrastructure in the US, EU, or elsewhere, and foreign vehicles may not interoperate with Indian RSUs.

Interoperability and Standards Lock-in Risk

The higher-layer ITS stack above the access layer is not harmonised globally. ETSI (Europe) and IEEE WAVE/SAE (US) are not interoperable. India must choose one. The Task Force recommends ETSI, but locking into a single stack means vehicles designed for a different market may not be fully interoperable in India, and vice versa, affecting both imports and exports of connected vehicles.

Also Read: