Security and Privacy for C2X Communication Systems ... · Work Plan: • 2008 Security ... •...

Car-2-X

F. Kargl, M. Gerlach,T. Leinmüller – 4th ETSI Security Workshop 13 - 14 January 2009 – ETSI, Sophia Antipolis, France Slide 1

Security and Privacy for C2X Communication Systems –Research and Standards

Frank Kargl1, Matthias Gerlach2, Tim Leinmüller3

[email protected] [email protected] [email protected]


IntroductionCar-2X, Security, Privacy

Car-2-X Communications (Car-2-X)

− Car-2-X promises safer roads,

Warning:Accident at (x,y)

Warning:Accident at (x,y)

!!


− … more efficient driving,

TOC

RSU RSU

Traffic Update:Congestion at (x,y)

Congestion Warning:At (x,y), use alt. route

!

Car-2-X Communications (Car-2-X)

− … more fun,

Videostream

Text message:We'll stop at next roadhouse

RSU


− … and easier maintenance.Software Update

Malfunction Notification:Arriving in 10 minuten,need ignition plug

CarManuf.

RSU

Car 2 Car Security

End UserEnd User

AcceptanceAcceptance

CredibilityCredibilityConceptsConcepts

TrustTrust

Privacy Prot.Privacy Prot.

StandardsStandardsIEEEIEEE

IETFIETF

W3CW3C

Oasis Open / Liberty All.Oasis Open / Liberty All.

3GPP3GPP

ISOISOIdentity ManagementIdentity ManagementETSIETSI


LegislationLegislation

Privacy Legisl.Privacy Legisl.

Law EnforcementLaw Enforcement

Commercial RequirementsCommercial Requirements

Business ModelsBusiness Models

Operational ConceptsOperational Concepts

AcceptanceAcceptance

RegulationRegulation

InfrastructureInfrastructure

Public Key InfrastructurePublic Key Infrastructure

Telco PlatformsTelco Platforms

Limited ConfidentialityLimited Confidentiality

Onboard securityOnboard security

Oasis Open / Liberty All.Oasis Open / Liberty All.

PartnershipsPartnershipsLiabilityLiability

Security


What will be attacked?

Communication

� Message alteration

� Bogus message injection


System components

� Manipulate components

� Bogus input to sensors

[Source: C2C CC Manifesto]

Privacy


Privacy Threats (Examples)

� Obtain current or past location(s) of user for • Observation• Checking of absence

� Attacker must• 1) Record transmitted data


• 1) Record transmitted data(pseudonym (“ID”), time, position)

• 2) Link pseudonym to user

� “Support” from communication system• Periodic beacons:

pseudonym, time, position• Location query facility

RSU – Road Side Unit


Research and StandardsEurope, United States

Current EU Projects Overview

SeVeCom• EU FP 6• Secure Vehicle

Communication

EVITA• EU FP 7• Secure

Vehicular Platform

PRECIOSA• EU FP 7• Privacy for ITS

Communication

PRE-DRIVE_C2X• EU FP 7• Security

Architecture• Field Test

COMeSafety• ITS Architecture• EU wide

Harmonization


• Field Test Preparation

SeVeCom –Secure Vehicle Communication

� Mission:practical solution to the problem of IVC security and privacy

� IST FP6 STREP Project. 1/1/2006-31/3/2009� Contributions

• Requirements and Threat Analysis• Baseline Architecture• Baseline Specification• Reference implementation


• Reference implementation• Extensive Academic Research Contributions

� References• http://www.sevecom.org/• IEEE Wireless Comm. Mag., Vol 46(11), Nov. 2008

„Secure Vehicular Communications: Design and Architecture“and“Secure Vehicular Communications: Implementation, Performance, and Research Challenges“

PRECIOSA –Privacy Enabled Capability In

Co-OperativeSystems and Safety Applications

� Mission:address communication and data storage privacy in ITS

� IST FP7 STREP Project. 1/3/2008-28/2/2010

� Planned Contributions

• Privacy Evaluation of Cooperative Systems

• Privacy-aware Architecture for Cooperative Systems


• Guidelines for privacy-aware Cooperative Systems

• Research Contributions for IST Privacy

� References

• http://www.preciosa-project.org/

EVITA – E-Safety Vehicle Intrusion proTected Application

� Objective:

• Automotive capable security hardware for enabling a vehicular security architecture protecting e-safety car-2-X communications

• ECU Trusted Module (ETM)

� Partners: BMW, Bosch, Continental, escrypt, EURECOM, Fraunhofer, Fujitsu, Infineon, Institut TELECOM, KU Leuven, MIRA, TRIALOG from Belgium, France, Germany Sweden, UK


France, Germany Sweden, UK

� Duration: 36 months (July 2008 – June 2011)

� Work Plan:

• 2008 Security Requirements Engineering

• 2009 Secure on-board architecture design

• 2010 Reference implementation in SW&HW

• 2011 Publication as open specification

[Source: Marco Wolf: Vehicular Security Hardware, escar 2008, Hamburg]

PRE-DRIVE C2X -PREparation for DRIVing implementation and

Evaluation of C-2-X communication technology

� Objectives• Pan European architecture framework for cooperative systems• Estimate the impact on traffic safety and mobility • Prepare forthcoming field operational tests • Identify key enabling and disabling factors for market introduction

� Duration: 24 months (July 2008 – June 2010) � Partners

• Audi, BMW, CRF, Daimler, Opel, Volkswagen, Volvo, Delphi, Hitachi, NEC, Renesas, SAP, PTV, DLR, EICT, Fraunhofer, IMC, INRETS, IMEC, TNO, pbs, TU Graz, Universität Karlsruhe (TH),


DLR, EICT, Fraunhofer, IMC, INRETS, IMEC, TNO, pbs, TU Graz, Universität Karlsruhe (TH), University of Surrey

� Expected Achievements• System architecture for European cooperative driving system based on COMeSafety architecture• Integrated simulation tool set for technical aspects, traffic and safety impact, as well as

environmental effects� Robust prototype suitable for field operational tests� Methods and tools for field operational tests � Contributions to standardization and public awareness

[Source: Matthias Schulze: PRE-DRIVE C2X Project Objectives and Needs, Presentation on Car-2-Car Forum 2008, Dudenhofen]

Standardization Activities and Groups

IEEE 1609.2• Established 2005

(predecessor: IEEE 1556)

• Standard available• Part of 1609

(Wireless Access

C2C CC Sec WG• Established 2004• Industry

Consortium• Focus on 5 GHz

communications

ETSI TC ITS WG5• Established 2007• Security for ITS

communications• Chair: Scott

Cadzow

eSecurity WG• Established 2007

as part of eSafetyForum

• Support introduction of eSecurity in

ISO TC 204 WG 16.7 • Established 2008• Security and

Lawful Intercept• CALM –

Communication


(Wireless Access in Vehicular Environments WAVE)

• Builds on 802.11p

communications Cadzow• Current work:

TVRA, Security for M5 (5,9 GHz ITS Communication)

eSecurity in technological,legal, and certification aspects

• Integrate stakeholders

• Provide Reports

Communication Access for Land Mobiles

Research U.S.

• Research projects focus on implementing and evaluating IEEE P1609.2- VII- CAMP projects CICAS and VSC-A

• Discussed enhancements are - TELSA based protocols- Lightweight signature algorithms for V2V communication

• IEEE P1609.2 en detail- Provided security services


- Provided security services- Encryption / decryption- Signature / signature verification

- Used by- Applications- WME

- Used to protect- WSAs- WSMs- UDP

- Based on PKI- Defines flexible formats for all involved parameters

- No anonymous authentication- Optimized for small size, use with WAVE

Research Japan

• Research is currently focused R2V (Roadside to Vehicle) systems• Starting point for V2X security are R2V systems for ETC

- Managed by Organization for Road System Enhancement (ORSE)


Source: http://www.orse.or.jp/english/general_services.html


Car-2-Car Forum and Demonstration

Hands-on Experience with C2X Security

Car 2 Car Forum and Demonstration 2008

� Milestone Event of C2C CC showing• 22/23.10.2008, Dudenhofen• Several use cases of Car-2-X• Interoperability of different

implementations (World premiere)

� Car-2-Car Communication Consortium• Industry Consortium• Create and establish an open


premiere)• Security approach • 200+ participants

� Use cases shown• Approaching Emergency

Vehicle • Stopped Car Warning• Motorcycle Warning • Work-zone Warning

• Create and establish an open European industry standard for CAR-2-X

• Enable the development åof active safety applications

• Promote royalty free European wide protected frequency band for Car-2-X (DONE)

• Develop realistic deployment strategies and business models

[www.car-2-car.org]

Secure Emergency Vehicle: Demo Usecase

� In general: Identities for vehicles • E.g. for closed groups with priority

access rights (Police, Firefighters)

� Emergency Vehicle• Sends secured messages • Include valid certificate• Valid = from official certification

authority

�Laptop Attacker [Photo: Siemens Austria]


� Laptop Attacker• Sends secured messages• Includes fake (self generated)

certificate

� Receiving Vehicle• Demo SW parses secure messages • Indicates security of message to

application• Application reacts accordingly

Laptop Attacker [Photo: Siemens Austria]

Software Integration


� Security Module Software: • Secured messages in different formats (e.g.,

IEEE 1609.2) • Use simple socket connection• Standard crypto: OPENSSL• Demonstrator: security software integrated in

embedded system (“encapsulated security module”)

� Wrapper: • Integration of signature (encapsulation) and

verification (decapsulation) in applications • Available for C /C++, Java and OSGi

WAVE - Wireless Access in Vehicular Environments, OSGi – Open Services Gateway Interface

Future Work / Open Issues

� Organization of PKIs� Vehicular Identity Management� Advanced Communication Patterns

beyond Beaconing / Geocast� Performance Aspects of Vehicular

Hardware


� Integration of C2X- and In-Vehicle Security Systems

� Experience from FOT deployments� Privacy of complex ITS� Security in application-specific use-

cases like public emergency vehicles


Do you have any [email protected]

Security and Privacy for C2X Communication Systems ... · Work Plan: • 2008 Security ... •...

Documents

Transcript of Security and Privacy for C2X Communication Systems ... · Work Plan: • 2008 Security ... •...