V2X security, privacy and trust overview Dr. Jo s Ma ra de F ue - - PowerPoint PPT Presentation

V2X security, privacy and trust overview

• Dr. Jo sé Ma ría de F

ue nte s (jfue nte s@ inf.uc 3m.e s) COSE C L a b Unive rsity Ca rlo s I I I de Ma drid

Agenda

• I

ntro : Ve hic ula r c o mmunic a tio ns (V2X), wha t fo r?

• Re a l-wo rld ne ws
• V2X sta ke ho lde rs
• Se c urity, priva c y, trust issue s
• Our pre vio us re sults
• Co nc lusio ns

2

V2X – what for?

• Part of smart cities
• Road safety + infotainment

I ma g e so urc e : T e le ma tic sne ws.o rg , a rm.c o m

3

V2X privacy in the real world

4

V2X security in the real world

5

V2X sec&priv&trust in the real world

6

V2X sec&priv&trust in the real world

7

V2X stakeholders

• What about V2X security, privacy, trust?

8

Automakers & car industry Governments Consumers Intelligent Transport Systems (or V2X)

V2X active stakeholders

• Automakers
• Increasingly involved – proof‐of‐concept, experimental settings
• R&D efforts
• Governments
• Legal framework for ITS: EU directive & action plan on ITS, also in the

US…

• Also initiatives in the National level: Spanish ITS initiative…
• Research community
• Reliable connection
• Bandwidth improvements
• Protocol design
• … security, privacy and trust
• Standardization (IEEE, SAE…)

9

V2X – design constraints

• Short‐range communications
• Dedicated Short Range Communications (DSRC) – IEEE 802.11p
• 1 km nominal range – 300 mts in practice
• Short communication period
• Vehicles driving at 140 km/h or higher
• Embedded platform
• Not PC… low computation resources
• Lack of global infrastructure
• Ad‐hoc nature
• Regular sec/priv mechanisms cannot be applied

“as is”

10

V2X – security

• Data may be privileged
• On‐trip services (e.g. next gas station pre‐booking)
• Need for confidentiality
• IEEE 1609.2 : use of elliptic curves
• Data must come from authorized entities
• Road safety announcement (e.g. bottleneck ahead)
• Need for source authentication
• IEEE 1609.2 : public‐key certificates
• Some actions must be accountable
• Illusion attack – forcing a collision
• Someone has to be liable! Need for non‐repudiation
• IEEE 1609.2 : elliptic curves digital signature (ECDSA)

11

V2X – privacy

• Beacon permanently sent
• Signed with public key certificates
• Hot topic – use pseudonyms? Anonymous certificates?

How to deal with accountability?

12

V2X – trust

• Data must be trustworthy
• Avoid false alarms
• Building plausibility checks
• Data‐centric trust establishment
• (Low) in‐vehicle data security
• CAN bus : efficiency vs. Security
• Cheap sensors
• Safety is at stake! Secure on‐board platform
• Car‐to‐car consortium
• EU R&D projects: EVITA,

OVERSEE

• Use of Hardware

Security Modules (HSM)

13

V2X sec/priv/trust miscellaneous issues

• Over‐the‐air updates
• Flexibility against security
• Non‐repudiation of receipt
• Future issue: “I was not aware of the speed limit in force!”
• Data aggregation
• Good for efficiency , what about security?

14

V2X sec/priv/trust at COSEC

• Ove rvie w o f se c urity issue s in V2X
• Hinde ring fa lse e ve nt disse mina tio n in V2X
• V2X fo r e nfo rc e me nt
• Pr

ivac y-pre se rving speed c o ntro l

• V2X-b a se d fine notific ation
• E

videnc e ma na g e me nt to re po rt misb e ha ving ve hic le s

• Use o f steganogr

aphy to hide info rma tio n in V2X c o mmunic a tio ns

• Patent: Priva c y-pre se rving c he c k o f driving a utho riza tio ns witho ut

sto p

15

Summary

• V2X se c urity, priva c y a nd trust de se rve a tte ntio n in

the ne a r te rm

• I

ndustry – upc o ming de ve lo pme nts

• Re se a rc h – o pe n c ha lle ng e s
• E

xisting sta te -o f-the -a rt te c hno lo g ie s c a ll fo r a fina l ste p a he a d

• I

n this ta lk, a sho rt o ve rvie w o n se c urity, priva c y a nd trust in V2X ha s b e e n pre se nte d

16

V2X security, privacy and trust

• verview
• Dr. Jo sé Ma ría de F

ue nte s (jfue nte s@ inf.uc 3m.e s) COSE C L a b Unive rsity Ca rlo s I I I de Ma drid

17