C2X Security - Crypto · PDF fileCryptovision‘sMindshare 2015-06-24 C2X Security ......

V1.00 | 2015-06-24

Introduction and overview (focus to European standard only)

Cryptovision‘s Mindshare 2015-06-24

C2X Security

What is Car2x Communication?

Standards

Security concepts

C2X-PKI

Agenda

2/32


Car-2-Infrastructure

Car-2-CarCar-2-Home

Car-2-Mobile Device

Car-2-Business

Car-2-Enterprise

ITS Station*

* ITS: Intelligent Transport System

3/32


Car-2-Car communication

Cars are “talking” with each other

Exchanging information about position and state

Car-2-Infrastructure communication

Cars are “talking” with the infrastructure

> E.g. Traffic lights inform about their status, intelligent traffic signs inform about the speed limit

> Emergency vehicles can request a green phase at an intersection

Car-2-Infrastructure

Car-2-CarCar-2-Home

Car-2-Mobile Device

Car-2-Business

ITS Station*

Car-2-Enterprise


4/32

Example: Car breakdown warning


Example: Car breakdown warning

WLAN Comm-RangeWLAN Comm-Range

Traffic Control

Center

5/32

Technical Details


Technology for real-time (e.g. safety) applications

IEEE 802.11p (ITS-G5, at 5.9 GHz)

Communication range: 100-1000 meter

Multiple channels (Control Channel, Service Channel)

High dynamic networks

Ad hoc network, no central manager needed

Mainly broadcast communication

ITS* Stations are moving in different geographical positions

ITS* Stations may be connected to each other for a short time

Communication between ITS Stations can be interrupted (turn, tunnel)


6/32

Motivation


Why security for C2X?

So far, communication is self-contained and only inside a vehicle

802.11p allows communication by third parties> Recording, disturbing and sending of messages is possible.

Challenge

M:N communication of e.g. CAM* or DENM** as plain data> Counter measures against threats such as „virtual stone thrower“

> Ensure integrity and authenticity of messages.

Certificate management> Creation and maintenance of security keys (Life-Cycle-Management)

Resource constrains> Embedded-System

> Frame length

*CAM (Cooperative Awareness Message)

> Status message of an ITS station

**DENM (Decentralized Environmental Notification Message)

> Message is triggered e.g. by a broken-down car

7/32


Standards

Security concepts

C2X-PKI

Agenda

8/32

Who takes care?

Standards

Standards for Cooperative Intelligent Transport Systems (C-ITS) in Europe are specified by

ETSI (European Telecommunications Standards Institute)

ETSI TS 103 097 V1.2.1 „Security header and certificate formats“

ETSI TS 102 940 V1.1.5 „Security architecture and management“

ETSI TS 102 941 V1.1.1 „Security; Trust and Privacy Management“

ETSI TS 102 942 V1.1.1 „Security; Access Control“

ETSI TS 102 943 V1.1.1 „Security; Confidentiality services“

CEN (Comité Européen de Normalisation-European Committee for Standardization)

Car to Car Communication Consortium (C2C-CC)

The CAR 2 CAR Communication Consortium (C2C-CC) is a nonprofit, industry driven organization initiated by European vehicle manufacturers and supported by equipment suppliers, research organizations and other partners.

Working close together with standardization bodies

9/32

Participants and Stakeholders

Standards

DG-MOVE

ETSI

BSI ANSSI BaSTC2C-CC

WG Security

Security Innovations(William Whyte,

Marc Etzel)

EU commissionInitiator of the project

Specification, ExpertiseOrganizes plug-tests

Bring in their expertise

10/32

US – V2X

Standards

IEEE Standard 1609.x

Wireless access in vehicular environments (WAVE)

IEEE Standard 1609.2 V3 D3 „Wireless Access in VehicularEnvironments – Security Services for Applications and Management Messages“. Stand: Y2015

Realized by GM in first prototypes (Cadillac).

Currently limited to vehicle-to-vehicle

Security: Based on NIST-curves (P256)

SAE J2735 defines the application and data contents.

Basic Safety Message (BSM)

Signal Phase and timing (SPAT)

MAP (Topology of lanes), …

Still under development

11/32

ITS-Station Reference Architecture EN 302 665

Standards

12/32

WLAN Frame EPD

Standards

MACHeader

QoS EtherType Frame Body FCS

30 octets 2 octets 2 octets 2314 octets 4 octets

ETSI ES 202 663 V1.1.0 „ITS-G5“ with EtherType Protocol Discrimination

Congestion Control limits the frame length to 692 bytes

13/32


Standards

Security concepts

C2X-PKI

Agenda

14/32

Protokoll

Security concepts

WLAN Frame Body

15/32

C2X Private Key Infrastructure

Security concepts

Source: Fraunhofer SIT

16/32

C2X Trust Chain – Overview of reception

Security concepts

17/32

Secured Message Encapsulation

Security concepts

18/32

Example security envelope structure for CAM

Security concepts

Element Value DescriptionLength

in octets

SecuredMessage

uint8 protocol_version 0x02 1

HeaderField header_fields<var> 0x15 length: 21 octets 1

HeaderFieldType type 0x80 signer_info 1

SignerInfoType signer_info 0x01 certificate_digest_with_sha256 1

HashedId8 digest […] Truncated hash: ITS-S of sender 8

HeaderFieldType type 0x00 generation_time 1

Time64 generation_time […] 8

HeaderFieldType type 0x05 its_aid 1

IntX its_aid […] ITS-Appl. ID for CAM 1

Payload payload_field payload

PaylodType payload_type 0x01 signed 1

opaque data<var> 0x00 length: 0 octets 1

[raw payload data] 0

TrailerField trailer_fields<var> 0x43 length: 67 octets 1

TrailerFieldType type 0x01 signature 1

PublicKeyAlgorithm algorithm 0x00 ecdsa_nistp256_with_sha_256 1

EcdsaSignature ecdsa_signature

EccPoint R

EccPointType type 0x00 x_coordinate_only 1

opaque x[32] […] 32

opaque s[32] […] 32

The total size of the security header structure is 93 octets.

19/32

Example structure of a certificate

Security concepts

Element Value Description Length in octets

Certificate

uint8 version 0x02 1

SignerInfo singner_info

SignerInfoType type 0x01 certificate_digest_with_sha256 1

HashedId8 digest […] 8

SubjectInfo subject_info

SubjectType type 0x01 authorization_ticket 1

opaque subject_name<var> 0x00 length: 0 no name 1

[subject name] 0

SubjectAttribute subject_attributes<var> 0x2b length: 43 1

SubjectAttributeType type 0x00 verification_key 1

PublicKey key

PublicKeyAlgorithm algorithm 0x00 ecdsa_nistp256_with_sha256 1

EccPoint public_key

EccPointType type 0x02 compressed_lsb_y_0 1

opaque x[32] […] 32

SubjectAttributeType type 0x02 assurance_level 1

SubjectAssurance assurance_level 0x83 level_4_confidence_3 1

SubjectAttributeType type 0! its_aid_ssp_list 1

ItsAidSsp its_aid_ssp_list<var> 0x04 length: 4 octets 1

IntX its_aid […] 1

opaque service_specific_permissions<var> 0x02 length: 2 octets 1

[service specific permissions] […] 2

ValidityRestriction validity_restrictions<var> 0x09 length: 9 octets 1

ValidityRestrictionType type 0x01 time_start_and_end [Opt: Geo] 1

Time32 start_validity […] 4

Time32 end_validity […] 4

Signature signature

PublicKeyAlgorithm algorithm 0x00 ecdsa_nistp256_with_sha256 1

EcdsaSignature ecdsa_signature

EccPoint R

EccPointType type 0x00 x_coordinate_only 1

opaque x[32] […] 32

opaque s[32] […] 32

The total size of this certificate is 132 octets.

20/32

Signature methods

Security concepts

NIST curve, 256 bit.

TriCore 400Mhz: approx. 20 ms

NIST curve, 256 bit.

TriCore 400Mhz: approx. 40 ms

21/32

Check trust chain with CA certs available (ITS-S cert)

C2X-PKI

ITS-S Certificate Store(dynamic)

ITS-S Cert Store(static / trusted)

Root

Signer: Self

Signature

ITS

Signer: ID

Signature

AA

Signer: ID

Signature

Message

Data

Signer: Cert

Signature

ITS

Signer: ID

Signature

22/32

Check trust chain with CA certs available (ITS-S digest)

C2X-PKI



Root

Signer: Self

Signature

ITS

Signer: ID

Signature

AA

Signer: ID

Signature

Message

Data

Signer: ID

Signature

23/32

Check trust chain with CA certs available and AT cert request 1

C2X-PKI



Root

Signer: Self

Signature

AA

Signer: ID

Signature

Message

Data

Signer: ID

Signature?

24/32

Check trust chain with CA certs available and AT cert request 2

C2X-PKI



Root

Signer: Self

Signature

Message

Data

Signer: Cert

Signature

ITS

Signer: ID

Signature

ITS

Signer: ID

Signature

AA

Signer: ID

Signature

25/32

Trust chain without CA certs available and AT cert request 1

C2X-PKI



Root

Signer: Self

Signature

Message

Data

Signer: ID

Signature ?

26/32


C2X-PKI



Root

Signer: Self

Signature

Message

Data

Signer: Cert

Signature

ITS

Signer: ID

Signature

ITS

Signer: ID

Signature

?

27/32


C2X-PKI



Root

Signer: Self

Signature

Message

Data

Signer: Certs

Signature

ITS

Signer: ID

Signature

ITS

Signer: ID

Signature

AA

Signer: ID

Signature

AA

Signer: ID

Signature

28/32

Check different root domains 1

C2X-PKI



Root

Signer: Self

Signature

Message

Data

Signer: ID

Signature ?

29/32


C2X-PKI



Root

Signer: Self

Signature

Message

Data

Signer: Cert

Signature

ITS

Signer: ID

Signature

ITS

Signer: ID

Signature

?

30/32


C2X-PKI



Root

Signer: Self

Signature

Message

Data

Signer: Certs

Signature

ITS

Signer: ID

Signature

ITS

Signer: ID

Signature

AA

Signer: ID

Signature

AA

Signer: ID

Signature

?

31/32

© 2015. Vector Informatik GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.00 | 2015-06-24

For more information about Vectorand our products please visit

www.vector.com

Author:Armin Happel, Holger Heinemann, Andreas Müller, Jens ButtgereitVector Germany

http://www.vector.com/

C2X Security - Crypto · PDF fileCryptovision‘sMindshare 2015-06-24 C2X Security ......

Documents

Transcript of C2X Security - Crypto · PDF fileCryptovision‘sMindshare 2015-06-24 C2X Security ......