C2X Security - Crypto · PDF fileCryptovision‘sMindshare 2015-06-24 C2X Security ......
-
Upload
vuongnguyet -
Category
Documents
-
view
216 -
download
0
Transcript of C2X Security - Crypto · PDF fileCryptovision‘sMindshare 2015-06-24 C2X Security ......
V1.00 | 2015-06-24
Introduction and overview (focus to European standard only)
Cryptovision‘s Mindshare 2015-06-24
C2X Security
What is Car2x Communication?
Car-2-Infrastructure
Car-2-CarCar-2-Home
Car-2-Mobile Device
Car-2-Business
Car-2-Enterprise
ITS Station*
* ITS: Intelligent Transport System
3/32
What is Car2x Communication?
Car-2-Car communication
Cars are “talking” with each other
Exchanging information about position and state
Car-2-Infrastructure communication
Cars are “talking” with the infrastructure
> E.g. Traffic lights inform about their status, intelligent traffic signs inform about the speed limit
> Emergency vehicles can request a green phase at an intersection
Car-2-Infrastructure
Car-2-CarCar-2-Home
Car-2-Mobile Device
Car-2-Business
ITS Station*
Car-2-Enterprise
* ITS: Intelligent Transport System
4/32
Example: Car breakdown warning
What is Car2x Communication?
Example: Car breakdown warning
WLAN Comm-RangeWLAN Comm-Range
Traffic Control
Center
5/32
Technical Details
What is Car2x Communication?
Technology for real-time (e.g. safety) applications
IEEE 802.11p (ITS-G5, at 5.9 GHz)
Communication range: 100-1000 meter
Multiple channels (Control Channel, Service Channel)
High dynamic networks
Ad hoc network, no central manager needed
Mainly broadcast communication
ITS* Stations are moving in different geographical positions
ITS* Stations may be connected to each other for a short time
Communication between ITS Stations can be interrupted (turn, tunnel)
* ITS: Intelligent Transport System
6/32
Motivation
What is Car2x Communication?
Why security for C2X?
So far, communication is self-contained and only inside a vehicle
802.11p allows communication by third parties> Recording, disturbing and sending of messages is possible.
Challenge
M:N communication of e.g. CAM* or DENM** as plain data> Counter measures against threats such as „virtual stone thrower“
> Ensure integrity and authenticity of messages.
Certificate management> Creation and maintenance of security keys (Life-Cycle-Management)
Resource constrains> Embedded-System
> Frame length
*CAM (Cooperative Awareness Message)
> Status message of an ITS station
**DENM (Decentralized Environmental Notification Message)
> Message is triggered e.g. by a broken-down car
7/32
Who takes care?
Standards
Standards for Cooperative Intelligent Transport Systems (C-ITS) in Europe are specified by
ETSI (European Telecommunications Standards Institute)
ETSI TS 103 097 V1.2.1 „Security header and certificate formats“
ETSI TS 102 940 V1.1.5 „Security architecture and management“
ETSI TS 102 941 V1.1.1 „Security; Trust and Privacy Management“
ETSI TS 102 942 V1.1.1 „Security; Access Control“
ETSI TS 102 943 V1.1.1 „Security; Confidentiality services“
CEN (Comité Européen de Normalisation-European Committee for Standardization)
Car to Car Communication Consortium (C2C-CC)
The CAR 2 CAR Communication Consortium (C2C-CC) is a nonprofit, industry driven organization initiated by European vehicle manufacturers and supported by equipment suppliers, research organizations and other partners.
Working close together with standardization bodies
9/32
Participants and Stakeholders
Standards
DG-MOVE
ETSI
BSI ANSSI BaSTC2C-CC
WG Security
Security Innovations(William Whyte,
Marc Etzel)
EU commissionInitiator of the project
Specification, ExpertiseOrganizes plug-tests
Bring in their expertise
10/32
US – V2X
Standards
IEEE Standard 1609.x
Wireless access in vehicular environments (WAVE)
IEEE Standard 1609.2 V3 D3 „Wireless Access in VehicularEnvironments – Security Services for Applications and Management Messages“. Stand: Y2015
Realized by GM in first prototypes (Cadillac).
Currently limited to vehicle-to-vehicle
Security: Based on NIST-curves (P256)
SAE J2735 defines the application and data contents.
Basic Safety Message (BSM)
Signal Phase and timing (SPAT)
MAP (Topology of lanes), …
Still under development
11/32
WLAN Frame EPD
Standards
MACHeader
QoS EtherType Frame Body FCS
30 octets 2 octets 2 octets 2314 octets 4 octets
ETSI ES 202 663 V1.1.0 „ITS-G5“ with EtherType Protocol Discrimination
Congestion Control limits the frame length to 692 bytes
13/32
Example security envelope structure for CAM
Security concepts
Element Value DescriptionLength
in octets
SecuredMessage
uint8 protocol_version 0x02 1
HeaderField header_fields<var> 0x15 length: 21 octets 1
HeaderFieldType type 0x80 signer_info 1
SignerInfoType signer_info 0x01 certificate_digest_with_sha256 1
HashedId8 digest […] Truncated hash: ITS-S of sender 8
HeaderFieldType type 0x00 generation_time 1
Time64 generation_time […] 8
HeaderFieldType type 0x05 its_aid 1
IntX its_aid […] ITS-Appl. ID for CAM 1
Payload payload_field payload
PaylodType payload_type 0x01 signed 1
opaque data<var> 0x00 length: 0 octets 1
[raw payload data] 0
TrailerField trailer_fields<var> 0x43 length: 67 octets 1
TrailerFieldType type 0x01 signature 1
PublicKeyAlgorithm algorithm 0x00 ecdsa_nistp256_with_sha_256 1
EcdsaSignature ecdsa_signature
EccPoint R
EccPointType type 0x00 x_coordinate_only 1
opaque x[32] […] 32
opaque s[32] […] 32
The total size of the security header structure is 93 octets.
19/32
Example structure of a certificate
Security concepts
Element Value Description Length in octets
Certificate
uint8 version 0x02 1
SignerInfo singner_info
SignerInfoType type 0x01 certificate_digest_with_sha256 1
HashedId8 digest […] 8
SubjectInfo subject_info
SubjectType type 0x01 authorization_ticket 1
opaque subject_name<var> 0x00 length: 0 no name 1
[subject name] 0
SubjectAttribute subject_attributes<var> 0x2b length: 43 1
SubjectAttributeType type 0x00 verification_key 1
PublicKey key
PublicKeyAlgorithm algorithm 0x00 ecdsa_nistp256_with_sha256 1
EccPoint public_key
EccPointType type 0x02 compressed_lsb_y_0 1
opaque x[32] […] 32
SubjectAttributeType type 0x02 assurance_level 1
SubjectAssurance assurance_level 0x83 level_4_confidence_3 1
SubjectAttributeType type 0! its_aid_ssp_list 1
ItsAidSsp its_aid_ssp_list<var> 0x04 length: 4 octets 1
IntX its_aid […] 1
opaque service_specific_permissions<var> 0x02 length: 2 octets 1
[service specific permissions] […] 2
ValidityRestriction validity_restrictions<var> 0x09 length: 9 octets 1
ValidityRestrictionType type 0x01 time_start_and_end [Opt: Geo] 1
Time32 start_validity […] 4
Time32 end_validity […] 4
Signature signature
PublicKeyAlgorithm algorithm 0x00 ecdsa_nistp256_with_sha256 1
EcdsaSignature ecdsa_signature
EccPoint R
EccPointType type 0x00 x_coordinate_only 1
opaque x[32] […] 32
opaque s[32] […] 32
The total size of this certificate is 132 octets.
20/32
Signature methods
Security concepts
NIST curve, 256 bit.
TriCore 400Mhz: approx. 20 ms
NIST curve, 256 bit.
TriCore 400Mhz: approx. 40 ms
21/32
Check trust chain with CA certs available (ITS-S cert)
C2X-PKI
ITS-S Certificate Store(dynamic)
ITS-S Cert Store(static / trusted)
Root
Signer: Self
Signature
ITS
Signer: ID
Signature
AA
Signer: ID
Signature
Message
Data
Signer: Cert
Signature
ITS
Signer: ID
Signature
22/32
Check trust chain with CA certs available (ITS-S digest)
C2X-PKI
ITS-S Certificate Store(dynamic)
ITS-S Cert Store(static / trusted)
Root
Signer: Self
Signature
ITS
Signer: ID
Signature
AA
Signer: ID
Signature
Message
Data
Signer: ID
Signature
23/32
Check trust chain with CA certs available and AT cert request 1
C2X-PKI
ITS-S Certificate Store(dynamic)
ITS-S Cert Store(static / trusted)
Root
Signer: Self
Signature
AA
Signer: ID
Signature
Message
Data
Signer: ID
Signature?
24/32
Check trust chain with CA certs available and AT cert request 2
C2X-PKI
ITS-S Certificate Store(dynamic)
ITS-S Cert Store(static / trusted)
Root
Signer: Self
Signature
Message
Data
Signer: Cert
Signature
ITS
Signer: ID
Signature
ITS
Signer: ID
Signature
AA
Signer: ID
Signature
25/32
Trust chain without CA certs available and AT cert request 1
C2X-PKI
ITS-S Certificate Store(dynamic)
ITS-S Cert Store(static / trusted)
Root
Signer: Self
Signature
Message
Data
Signer: ID
Signature ?
26/32
Trust chain without CA certs available and AT cert request 2
C2X-PKI
ITS-S Certificate Store(dynamic)
ITS-S Cert Store(static / trusted)
Root
Signer: Self
Signature
Message
Data
Signer: Cert
Signature
ITS
Signer: ID
Signature
ITS
Signer: ID
Signature
?
27/32
Trust chain without CA certs available and AT cert request 3
C2X-PKI
ITS-S Certificate Store(dynamic)
ITS-S Cert Store(static / trusted)
Root
Signer: Self
Signature
Message
Data
Signer: Certs
Signature
ITS
Signer: ID
Signature
ITS
Signer: ID
Signature
AA
Signer: ID
Signature
AA
Signer: ID
Signature
28/32
Check different root domains 1
C2X-PKI
ITS-S Certificate Store(dynamic)
ITS-S Cert Store(static / trusted)
Root
Signer: Self
Signature
Message
Data
Signer: ID
Signature ?
29/32
Check different root domains 2
C2X-PKI
ITS-S Certificate Store(dynamic)
ITS-S Cert Store(static / trusted)
Root
Signer: Self
Signature
Message
Data
Signer: Cert
Signature
ITS
Signer: ID
Signature
ITS
Signer: ID
Signature
?
30/32
Check different root domains 3
C2X-PKI
ITS-S Certificate Store(dynamic)
ITS-S Cert Store(static / trusted)
Root
Signer: Self
Signature
Message
Data
Signer: Certs
Signature
ITS
Signer: ID
Signature
ITS
Signer: ID
Signature
AA
Signer: ID
Signature
AA
Signer: ID
Signature
?
31/32
© 2015. Vector Informatik GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.00 | 2015-06-24
For more information about Vectorand our products please visit
www.vector.com
Author:Armin Happel, Holger Heinemann, Andreas Müller, Jens ButtgereitVector Germany