Is ITS Security ready for deployment?

Frank Kargl | PRESERVE & Univ. of Twente & Univ. of Ulm ETSI ITS Workshop | 2014-02-12/13 | Berlin

FP7$ICT$2009$6.2,.STREP,.No..269994.1.1.2011.–.31.12.2014.

2.ETSI ITS WS 2014 | 2014-02-12/13

Secure.IVC.

V2X.Security.Subsystem.

Security.and.Scalability.TesHng.

3.

ITS.Privacy.

In$Vehicle.Sec..

Sec..Appl..Plat..

Security.and.Privacy.Arch..and.ImplementaHon!

Security.ASIC!

Deployment.Challenges!

V2X.FOT.

ETSI.ITS.WS.2014.|.2014$02$12/13.

Mission: Design, implement, and test a secure and scalable V2X Security Subsystem for realistic deployment scenarios.

Is ITS Security ready for deployment?

ETSI ITS WS 2014 | 2014-02-12/13 4

Yes No and

The most important elements are in place.

It will never be! After deployment, we will constantly need to adjust

the security system to new threats and attacks.

Central Elements of ITS Security

Misbehavior Detection

Privacy Protection ID Management

ETSI ITS WS 2014 | 2014-02-12/13 5

How do we ensure that only valid vehicles participate in ITS communication?

How do we protect vehicles and drivers from being tracked?

How do we prevent a valid vehicle from injecting incorrect data into the ITS? ✔

✔

?

PRESERVE V2X Sec. Arch.

ETSI ITS WS 2014 | 2014-02-12/13 6

Internal Communication

Applications

Access

Security

Managem

ent

Road Safety Road Traffic Efficiency Comfort and Mobility

Networking & Transport

Facilities Secure Information

Security Management

Security Analysis Security Policies

Audit

Monitoring

Logging

Secure Software

Secure Storage

Data Consistency and Plausibility

Privacy Protection

Secure Communication

Cryptographic Operations

Credential Management Security Entities Management

External Communication

SF

SN

SI MI

MN

MF

FA SA

Policy Storage

Policy Management

Policy Enforcement

Internal Communication

External Communication

MS

NF

IN

MA

Message Signatures, Pseudonyms & PKI

13.02.14 PRESERVE Overview 7

ITS

G5

Net

wor

k V

2X S

ecur

ity

Infra

stru

ctur

e Root Certificate Authority

Long-term Certificate Authority

Pseudonym Certificate Authority

LTC PC1 … PCn CA certs.

IP V2X message

PC1

RSU

Vehicles

ITS G5

PRESERVE & C2C-CC Security Architecture Workshop !   June 5th, 2013 in Ulm, Germany

!   Goal: Discuss open architecture and implementation related issues

–  Relation of IP and non-IP communication from a security perspective

–  Parallel processing of packets in the communication stack to fully exploit HSM performance

–  Verification-on-demand, certificate omission and their relation to Distributed Congestion Control

–  Meta-data and cross-layer signalling of security information –  Development of the PKI architecture in more complex ITS

settings –  Design of Misbehavior Detection

ETSI ITS WS 2014 | 2014-02-12/13 8

Verification on Demand, Cert. Omission, & DCC

ETSI ITS WS 2014 | 2014-02-12/13 9

Receiving 1000 packets/s

Over 1000 ECC sig.ver. / s

Do not verify some packets

Add powerful HSM

Strategy?

Attach cert?

Some packets

All packets Congestion!

Crypt. packetloss

Strategy?

Parallel processing in V2X Stack

ETSI ITS WS 2014 | 2014-02-12/13 10

Access

Networking &

Transport

Facilities

Managem

ent

Applications

V2X Security Subsystem

SI

SN

SF

MI

MN

MF

MS

MA FA SA

1000 ver./s 1 ms/ver.

ECC CORE

ECC CORE

1000 ver./s 6 ms/ver.

ECC CORE

ECC CORE

ECC CORE

ECC CORE

Misbehavior Detection What to do about (valid) nodes injection incorrect information into the ITS?

Frank Kargl | Institute of Distributed Systems | 04.

February 2014

Misbehavior Detection

Data-centric Node-centric

Plausibility Consistency Trust-based Behavioral

!   Different detection mechanisms need to collaborate for reliable det.

!   Need to be extended depending on type of misbehavior / attacks encountered after deployment

!   Need to include a flexible MBD-framework into V2X security architecture

Summary !   Major V2X security mechanisms in place !   Recommendations

– Consider integration of security certificate omission strategy with DCC

– C2X communication stack implementation needs to consider specifics of security HSM

– Consider and integrate misbehavior detection framework into overall architecture

– For discussion of other topics, see PRESERVE deliverable D1.3 (coming soon)

ETSI ITS WS 2014 | 2014-02-12/13 12