Security and Privacy for C2X Communication Systems ... · Work Plan: • 2008 Security ... •...
Transcript of Security and Privacy for C2X Communication Systems ... · Work Plan: • 2008 Security ... •...
Car-2-X
F. Kargl, M. Gerlach,T. Leinmüller – 4th ETSI Security Workshop 13 - 14 January 2009 – ETSI, Sophia Antipolis, France Slide 1
Security and Privacy for C2X Communication Systems –Research and Standards
Frank Kargl1, Matthias Gerlach2, Tim Leinmüller3
F. Kargl, M. Gerlach,T. Leinmüller – 4th ETSI Security Workshop 13 - 14 January 2009 – ETSI, Sophia Antipolis, France Slide 2
IntroductionCar-2X, Security, Privacy
Car-2-X Communications (Car-2-X)
− Car-2-X promises safer roads,
Warning:Accident at (x,y)
Warning:Accident at (x,y)
!!
F. Kargl, M. Gerlach,T. Leinmüller – 4th ETSI Security Workshop 13 - 14 January 2009 – ETSI, Sophia Antipolis, France Slide 3
− … more efficient driving,
TOC
RSU RSU
Traffic Update:Congestion at (x,y)
Congestion Warning:At (x,y), use alt. route
!
Car-2-X Communications (Car-2-X)
− … more fun,
Videostream
Text message:We'll stop at next roadhouse
RSU
F. Kargl, M. Gerlach,T. Leinmüller – 4th ETSI Security Workshop 13 - 14 January 2009 – ETSI, Sophia Antipolis, France Slide 4
− … and easier maintenance.Software Update
Malfunction Notification:Arriving in 10 minuten,need ignition plug
CarManuf.
RSU
Car 2 Car Security
End UserEnd User
AcceptanceAcceptance
CredibilityCredibilityConceptsConcepts
TrustTrust
Privacy Prot.Privacy Prot.
StandardsStandardsIEEEIEEE
IETFIETF
W3CW3C
Oasis Open / Liberty All.Oasis Open / Liberty All.
3GPP3GPP
ISOISOIdentity ManagementIdentity ManagementETSIETSI
F. Kargl, M. Gerlach,T. Leinmüller – 4th ETSI Security Workshop 13 - 14 January 2009 – ETSI, Sophia Antipolis, France Slide 5
LegislationLegislation
Privacy Legisl.Privacy Legisl.
Law EnforcementLaw Enforcement
Commercial RequirementsCommercial Requirements
Business ModelsBusiness Models
Operational ConceptsOperational Concepts
AcceptanceAcceptance
RegulationRegulation
InfrastructureInfrastructure
Public Key InfrastructurePublic Key Infrastructure
Telco PlatformsTelco Platforms
Limited ConfidentialityLimited Confidentiality
Onboard securityOnboard security
Oasis Open / Liberty All.Oasis Open / Liberty All.
PartnershipsPartnershipsLiabilityLiability
Security
F. Kargl, M. Gerlach,T. Leinmüller – 4th ETSI Security Workshop 13 - 14 January 2009 – ETSI, Sophia Antipolis, France Slide 6
What will be attacked?
Communication
� Message alteration
� Bogus message injection
F. Kargl, M. Gerlach,T. Leinmüller – 4th ETSI Security Workshop 13 - 14 January 2009 – ETSI, Sophia Antipolis, France Slide 7
System components
� Manipulate components
� Bogus input to sensors
[Source: C2C CC Manifesto]
Privacy
F. Kargl, M. Gerlach,T. Leinmüller – 4th ETSI Security Workshop 13 - 14 January 2009 – ETSI, Sophia Antipolis, France Slide 8
Privacy Threats (Examples)
� Obtain current or past location(s) of user for • Observation• Checking of absence
� Attacker must• 1) Record transmitted data
F. Kargl, M. Gerlach,T. Leinmüller – 4th ETSI Security Workshop 13 - 14 January 2009 – ETSI, Sophia Antipolis, France Slide 9
• 1) Record transmitted data(pseudonym (“ID”), time, position)
• 2) Link pseudonym to user
� “Support” from communication system• Periodic beacons:
pseudonym, time, position• Location query facility
RSU – Road Side Unit
F. Kargl, M. Gerlach,T. Leinmüller – 4th ETSI Security Workshop 13 - 14 January 2009 – ETSI, Sophia Antipolis, France Slide 10
Research and StandardsEurope, United States
Current EU Projects Overview
SeVeCom• EU FP 6• Secure Vehicle
Communication
EVITA• EU FP 7• Secure
Vehicular Platform
PRECIOSA• EU FP 7• Privacy for ITS
Communication
PRE-DRIVE_C2X• EU FP 7• Security
Architecture• Field Test
COMeSafety• ITS Architecture• EU wide
Harmonization
F. Kargl, M. Gerlach,T. Leinmüller – 4th ETSI Security Workshop 13 - 14 January 2009 – ETSI, Sophia Antipolis, France Slide 11
• Field Test Preparation
SeVeCom –Secure Vehicle Communication
� Mission:practical solution to the problem of IVC security and privacy
� IST FP6 STREP Project. 1/1/2006-31/3/2009� Contributions
• Requirements and Threat Analysis• Baseline Architecture• Baseline Specification• Reference implementation
F. Kargl, M. Gerlach,T. Leinmüller – 4th ETSI Security Workshop 13 - 14 January 2009 – ETSI, Sophia Antipolis, France Slide 12
• Reference implementation• Extensive Academic Research Contributions
� References• http://www.sevecom.org/• IEEE Wireless Comm. Mag., Vol 46(11), Nov. 2008
„Secure Vehicular Communications: Design and Architecture“and“Secure Vehicular Communications: Implementation, Performance, and Research Challenges“
PRECIOSA –Privacy Enabled Capability In
Co-OperativeSystems and Safety Applications
� Mission:address communication and data storage privacy in ITS
� IST FP7 STREP Project. 1/3/2008-28/2/2010
� Planned Contributions
• Privacy Evaluation of Cooperative Systems
• Privacy-aware Architecture for Cooperative Systems
F. Kargl, M. Gerlach,T. Leinmüller – 4th ETSI Security Workshop 13 - 14 January 2009 – ETSI, Sophia Antipolis, France Slide 13
• Guidelines for privacy-aware Cooperative Systems
• Research Contributions for IST Privacy
� References
• http://www.preciosa-project.org/
EVITA – E-Safety Vehicle Intrusion proTected Application
� Objective:
• Automotive capable security hardware for enabling a vehicular security architecture protecting e-safety car-2-X communications
• ECU Trusted Module (ETM)
� Partners: BMW, Bosch, Continental, escrypt, EURECOM, Fraunhofer, Fujitsu, Infineon, Institut TELECOM, KU Leuven, MIRA, TRIALOG from Belgium, France, Germany Sweden, UK
F. Kargl, M. Gerlach,T. Leinmüller – 4th ETSI Security Workshop 13 - 14 January 2009 – ETSI, Sophia Antipolis, France Slide 14
France, Germany Sweden, UK
� Duration: 36 months (July 2008 – June 2011)
� Work Plan:
• 2008 Security Requirements Engineering
• 2009 Secure on-board architecture design
• 2010 Reference implementation in SW&HW
• 2011 Publication as open specification
[Source: Marco Wolf: Vehicular Security Hardware, escar 2008, Hamburg]
PRE-DRIVE C2X -PREparation for DRIVing implementation and
Evaluation of C-2-X communication technology
� Objectives• Pan European architecture framework for cooperative systems• Estimate the impact on traffic safety and mobility • Prepare forthcoming field operational tests • Identify key enabling and disabling factors for market introduction
� Duration: 24 months (July 2008 – June 2010) � Partners
• Audi, BMW, CRF, Daimler, Opel, Volkswagen, Volvo, Delphi, Hitachi, NEC, Renesas, SAP, PTV, DLR, EICT, Fraunhofer, IMC, INRETS, IMEC, TNO, pbs, TU Graz, Universität Karlsruhe (TH),
F. Kargl, M. Gerlach,T. Leinmüller – 4th ETSI Security Workshop 13 - 14 January 2009 – ETSI, Sophia Antipolis, France Slide 15
DLR, EICT, Fraunhofer, IMC, INRETS, IMEC, TNO, pbs, TU Graz, Universität Karlsruhe (TH), University of Surrey
� Expected Achievements• System architecture for European cooperative driving system based on COMeSafety architecture• Integrated simulation tool set for technical aspects, traffic and safety impact, as well as
environmental effects� Robust prototype suitable for field operational tests� Methods and tools for field operational tests � Contributions to standardization and public awareness
[Source: Matthias Schulze: PRE-DRIVE C2X Project Objectives and Needs, Presentation on Car-2-Car Forum 2008, Dudenhofen]
Standardization Activities and Groups
IEEE 1609.2• Established 2005
(predecessor: IEEE 1556)
• Standard available• Part of 1609
(Wireless Access
C2C CC Sec WG• Established 2004• Industry
Consortium• Focus on 5 GHz
communications
ETSI TC ITS WG5• Established 2007• Security for ITS
communications• Chair: Scott
Cadzow
eSecurity WG• Established 2007
as part of eSafetyForum
• Support introduction of eSecurity in
ISO TC 204 WG 16.7 • Established 2008• Security and
Lawful Intercept• CALM –
Communication
F. Kargl, M. Gerlach,T. Leinmüller – 4th ETSI Security Workshop 13 - 14 January 2009 – ETSI, Sophia Antipolis, France Slide 16
(Wireless Access in Vehicular Environments WAVE)
• Builds on 802.11p
communications Cadzow• Current work:
TVRA, Security for M5 (5,9 GHz ITS Communication)
eSecurity in technological,legal, and certification aspects
• Integrate stakeholders
• Provide Reports
Communication Access for Land Mobiles
Research U.S.
• Research projects focus on implementing and evaluating IEEE P1609.2- VII- CAMP projects CICAS and VSC-A
• Discussed enhancements are - TELSA based protocols- Lightweight signature algorithms for V2V communication
• IEEE P1609.2 en detail- Provided security services
F. Kargl, M. Gerlach,T. Leinmüller – 4th ETSI Security Workshop 13 - 14 January 2009 – ETSI, Sophia Antipolis, France Slide 17
- Provided security services- Encryption / decryption- Signature / signature verification
- Used by- Applications- WME
- Used to protect- WSAs- WSMs- UDP
- Based on PKI- Defines flexible formats for all involved parameters
- No anonymous authentication- Optimized for small size, use with WAVE
Research Japan
• Research is currently focused R2V (Roadside to Vehicle) systems• Starting point for V2X security are R2V systems for ETC
- Managed by Organization for Road System Enhancement (ORSE)
F. Kargl, M. Gerlach,T. Leinmüller – 4th ETSI Security Workshop 13 - 14 January 2009 – ETSI, Sophia Antipolis, France Slide 18
Source: http://www.orse.or.jp/english/general_services.html
F. Kargl, M. Gerlach,T. Leinmüller – 4th ETSI Security Workshop 13 - 14 January 2009 – ETSI, Sophia Antipolis, France Slide 19
Car-2-Car Forum and Demonstration
Hands-on Experience with C2X Security
Car 2 Car Forum and Demonstration 2008
� Milestone Event of C2C CC showing• 22/23.10.2008, Dudenhofen• Several use cases of Car-2-X• Interoperability of different
implementations (World premiere)
� Car-2-Car Communication Consortium• Industry Consortium• Create and establish an open
F. Kargl, M. Gerlach,T. Leinmüller – 4th ETSI Security Workshop 13 - 14 January 2009 – ETSI, Sophia Antipolis, France Slide 20
premiere)• Security approach • 200+ participants
� Use cases shown• Approaching Emergency
Vehicle • Stopped Car Warning• Motorcycle Warning • Work-zone Warning
• Create and establish an open European industry standard for CAR-2-X
• Enable the development åof active safety applications
• Promote royalty free European wide protected frequency band for Car-2-X (DONE)
• Develop realistic deployment strategies and business models
[www.car-2-car.org]
Secure Emergency Vehicle: Demo Usecase
� In general: Identities for vehicles • E.g. for closed groups with priority
access rights (Police, Firefighters)
� Emergency Vehicle• Sends secured messages • Include valid certificate• Valid = from official certification
authority
�Laptop Attacker [Photo: Siemens Austria]
F. Kargl, M. Gerlach,T. Leinmüller – 4th ETSI Security Workshop 13 - 14 January 2009 – ETSI, Sophia Antipolis, France Slide 21
� Laptop Attacker• Sends secured messages• Includes fake (self generated)
certificate
� Receiving Vehicle• Demo SW parses secure messages • Indicates security of message to
application• Application reacts accordingly
Laptop Attacker [Photo: Siemens Austria]
Software Integration
F. Kargl, M. Gerlach,T. Leinmüller – 4th ETSI Security Workshop 13 - 14 January 2009 – ETSI, Sophia Antipolis, France Slide 22
� Security Module Software: • Secured messages in different formats (e.g.,
IEEE 1609.2) • Use simple socket connection• Standard crypto: OPENSSL• Demonstrator: security software integrated in
embedded system (“encapsulated security module”)
� Wrapper: • Integration of signature (encapsulation) and
verification (decapsulation) in applications • Available for C /C++, Java and OSGi
WAVE - Wireless Access in Vehicular Environments, OSGi – Open Services Gateway Interface
Future Work / Open Issues
� Organization of PKIs� Vehicular Identity Management� Advanced Communication Patterns
beyond Beaconing / Geocast� Performance Aspects of Vehicular
Hardware
F. Kargl, M. Gerlach,T. Leinmüller – 4th ETSI Security Workshop 13 - 14 January 2009 – ETSI, Sophia Antipolis, France Slide 23
� Integration of C2X- and In-Vehicle Security Systems
� Experience from FOT deployments� Privacy of complex ITS� Security in application-specific use-
cases like public emergency vehicles
F. Kargl, M. Gerlach,T. Leinmüller – 4th ETSI Security Workshop 13 - 14 January 2009 – ETSI, Sophia Antipolis, France Slide 24
Do you have any [email protected]