V2X security, privacy and trust overview Dr. Jo sé Ma ría de F ue nte s (jfue nte s@ inf.uc 3m.e s) COSE C L a b Unive rsity Ca rlo s I I I de Ma drid
Agenda • I ntro : Ve hic ula r c o mmunic a tio ns (V2X), wha t fo r? o Re a l-wo rld ne ws • V2X sta ke ho lde rs • Se c urity, priva c y, trust issue s • Our pre vio us re sults • Co nc lusio ns 2
V2X – what for? • Part of smart cities • Road safety + infotainment I ma g e so urc e : T e le ma tic sne ws.o rg , a rm.c o m 3
V2X privacy in the real world 4
V2X security in the real world 5
V2X sec&priv&trust in the real world 6
V2X sec&priv&trust in the real world 7
V2X stakeholders Automakers Governments & car industry Consumers Intelligent Transport Systems (or V2X) • What about V2X security, privacy, trust? 8
V2X active stakeholders • Automakers o Increasingly involved – proof ‐ of ‐ concept, experimental settings o R&D efforts • Governments o Legal framework for ITS: EU directive & action plan on ITS, also in the US… o Also initiatives in the National level: Spanish ITS initiative… • Research community o Reliable connection o Bandwidth improvements o Protocol design o … security, privacy and trust o Standardization (IEEE, SAE…) 9
V2X – design constraints • Short ‐ range communications o Dedicated Short Range Communications (DSRC) – IEEE 802.11p o 1 km nominal range – 300 mts in practice • Short communication period o Vehicles driving at 140 km/h or higher • Embedded platform o Not PC… low computation resources • Lack of global infrastructure o Ad ‐ hoc nature • Regular sec/priv mechanisms cannot be applied “as is” 10
V2X – security • Data may be privileged o On ‐ trip services (e.g. next gas station pre ‐ booking) o Need for confidentiality o IEEE 1609.2 : use of elliptic curves • Data must come from authorized entities o Road safety announcement (e.g. bottleneck ahead) o Need for source authentication o IEEE 1609.2 : public ‐ key certificates • Some actions must be accountable o Illusion attack – forcing a collision o Someone has to be liable! Need for non ‐ repudiation o IEEE 1609.2 : elliptic curves digital signature (ECDSA) 11
V2X – privacy • Beacon permanently sent • Signed with public key certificates • Hot topic – use pseudonyms? Anonymous certificates? How to deal with accountability? 12
V2X – trust • Data must be trustworthy o Avoid false alarms o Building plausibility checks o Data ‐ centric trust establishment • (Low) in ‐ vehicle data security o CAN bus : efficiency vs. Security o Cheap sensors • Safety is at stake! Secure on ‐ board platform o Car ‐ to ‐ car consortium o EU R&D projects: EVITA, OVERSEE o Use of Hardware Security Modules (HSM) 13
V2X sec/priv/trust miscellaneous issues • Over ‐ the ‐ air updates o Flexibility against security • Non ‐ repudiation of receipt o Future issue: “I was not aware of the speed limit in force!” • Data aggregation o Good for efficiency , what about security? 14
V2X sec/priv/trust at COSEC • Ove rvie w o f se c urity issue s in V2X • Hinde ring fa lse e ve nt disse mina tio n in V2X • V2X fo r e nfo rc e me nt ivac y -pre se rving speed c o ntro l o Pr o V2X-b a se d fine notific ation videnc e ma na g e me nt to re po rt misb e ha ving ve hic le s o E o Use o f steganogr aphy to hide info rma tio n in V2X c o mmunic a tio ns o Patent : Priva c y-pre se rving c he c k o f driving a utho riza tio ns witho ut sto p 15
Summary • V2X se c urity, priva c y a nd trust de se rve a tte ntio n in the ne a r te rm I ndustry – upc o ming de ve lo pme nts o Re se a rc h – o pe n c ha lle ng e s o • E xisting sta te -o f-the -a rt te c hno lo g ie s c a ll fo r a fina l ste p a he a d • I n this ta lk, a sho rt o ve rvie w o n se c urity, priva c y a nd trust in V2X ha s b e e n pre se nte d 16
V2X security, privacy and trust overview Dr. Jo sé Ma ría de F ue nte s (jfue nte s@ inf.uc 3m.e s) COSE C L a b Unive rsity Ca rlo s I I I de Ma drid 17
Recommend
More recommend
