C2X Security. Introduction and overview (focus to European standard only) Cryptovision s Mindshare V

Transcription

1 C2X Security Introduction and overview (focus to European standard only) Cryptovision s Mindshare V

2 Agenda What is Car2x Communication? Standards Security concepts C2X-PKI 2/30

3 What is Car2x Communication? Car-2-Home Car-2-Car ITS Station Car-2-Business Car-2-Infrastructure Car-2-Mobile Device Car-2- Enterprise 3/30

4 What is Car2x Communication? Car-2-Car ITS Station Car-2-Infrastructure Car-2-Car communication Cars are talking with each other Exchanging information about position and state Car-2-Infrastructure communication Cars are talking with the infrastructure > E.g. Traffic lights inform about their status, intelligent traffic signs inform about the speed limit > Emergency vehicles can request a green phase at an intersection 4/30

5 What is Car2x Communication? Example: Car breakdown warning Traffic Control Center Example: Car breakdown warning WLAN Comm-Range 5/30

6 What is Car2x Communication? Technical Details Technology for real-time (e.g. safety) applications IEEE p (ITS-G5, at 5.9 GHz) Communication range: meter Multiple channels (Control Channel, Service Channel) High dynamic networks Ad hoc network, no central manager needed Mainly broadcast communication ITS* Stations are in different geographical positions ITS* Stations may be connected to each other for a short time Communication between ITS Stations can be interrupted * ITS: Intelligent Transport System 6/30

7 What is Car2x Communication? Motivation Why security for C2X? So far, communication is self-contained and only inside a vehicle p allows communication by third parties > Recording, disturbing and sending of messages is possible. Challenge M:N communication of e.g. CAM* or DENM** as plain data > Counter measures against threats such as virtual stone thrower > Ensure integrity and authenticity of messages. Certificate management > Creation and maintenance of security keys (Life-Cycle-Management) Resource constrains > Embedded-System > Frame length *CAM (Cooperative Awareness Message) > Status message of an ITS station **DENM (Decentralized Environmental Notification Message) > Message is triggered e.g. by a broken-down car 7/30

8 Standards Who takes care? Standards for Cooperative Intelligent Transport Systems (C-ITS) in Europe are specified by ETSI (European Telecommunications Standards Institute) ETSI TS V1.2.1 Security header and certificate formats ETSI TS V1.1.5 Security architecture and management ETSI TS V1.1.1 Security; Trust and Privacy Management ETSI TS V1.1.1 Security; Access Control ETSI TS V1.1.1 Security; Confidentiality services CEN (Comité Européen de Normalisation-European Committee for Standardization) Car to Car Communication Consortium (C2C-CC) The CAR 2 CAR Communication Consortium (C2C-CC) is a nonprofit, industry driven organization initiated by European vehicle manufacturers and supported by equipment suppliers, research organizations and other partners. Working close together with standardization bodies 8/30

9 Standards Participants and Stakeholders DG-MOVE EU commission Initiator of the project ETSI Specification, Expertise Organizes plug-tests BSI BaST C2C-CC WG Security Security Innovations (William Whyte, Marc Etzel) Bring in their expertise 9/30

10 Standards US V2X IEEE Standard 1609.x Wireless access in vehicular environments (WAVE) IEEE Standard V3 D3 Wireless Access in Vehicular Environments Security Services for Applications and Management Messages. Stand: Y2015 Realized by GM in first prototypes (Cadillac). Currently limited to vehicle-to-vehicle Security: Based on NIST-curves (P256) SAE J2735 defines the application and data contents. Basic Safety Message (BSM) Signal Phase and timing (SPAT) MAP (Topology of lanes), Still under development 10/30

11 Standards ITS-Station Reference Architecture EN /30

12 Standards WLAN Frame EPD ETSI ES V1.1.0 ITS-G5 with EtherType Protocol Discrimination MAC Header QoS EtherType Frame Body FCS 30 octets 2 octets 2 octets 2314 octets 4 octets Congestion Control limits the frame length to 692 bytes 12/30

13 Security concepts Protokoll WLAN Frame Body 13/30

14 Security concepts C2X Private Key Infrastructure Quelle: Fraunhofer SIT 14/30

15 Security concepts C2X Trust Chain Overview of reception 15/30

16 Security concepts Secured Message Encapsulation 16/30

17 Security concepts Example security envelope structure for CAM SecuredMessage Element Value Description Length in octets uint8 protocol_version 0x02 1 HeaderField header_fields<var> 0x15 length: 21 octets 1 HeaderFieldType type 0x80 signer_info 1 SignerInfoType signer_info 0x01 certificate_digest_with_sha256 1 HashedId8 digest [ ] Truncated hash: ITS-S of sender 8 HeaderFieldType type 0x00 generation_time 1 Time64 generation_time [ ] 8 HeaderFieldType type 0x05 its_aid 1 IntX its_aid [ ] ITS-Appl. ID for CAM 1 Payload payload_field payload PaylodType payload_type 0x01 signed 1 opaque data<var> 0x00 length: 0 octets 1 [raw payload data] 0 TrailerField trailer_fields<var> 0x43 length: 67 octets 1 TrailerFieldType type 0x01 signature 1 PublicKeyAlgorithm algorithm 0x00 ecdsa_nistp256_with_sha_256 1 Ecdsa ecdsa_signature EccPoint R EccPointType type 0x00 x_coordinate_only 1 opaque x[32] [ ] 32 opaque s[32] [ ] 32 The total size of the security header structure is 93 octets. 17/30

18 Security concepts Example structure of a certificate Element Value Description Length in octets Certificate uint8 version 0x02 1 SignerInfo singner_info SignerInfoType type 0x01 certificate_digest_with_sha256 1 HashedId8 digest [ ] 8 SubjectInfo subject_info SubjectType type 0x01 authorization_ticket 1 opaque subject_name<var> 0x00 length: 0 no name 1 [subject name] 0 SubjectAttribute subject_attributes<var> 0x2b length: 43 1 SubjectAttributeType type 0x00 verification_key 1 PublicKey key PublicKeyAlgorithm algorithm 0x00 ecdsa_nistp256_with_sha256 1 EccPoint public_key EccPointType type 0x02 compressed_lsb_y_0 1 opaque x[32] [ ] 32 SubjectAttributeType type 0x02 assurance_level 1 SubjectAssurance assurance_level 0x83 level_4_confidence_3 1 SubjectAttributeType type 0! its_aid_ssp_list 1 ItsAidSsp its_aid_ssp_list<var> 0x04 length: 4 octets 1 IntX its_aid [ ] 1 opaque service_specific_permissions<var> 0x02 length: 2 octets 1 [service specific permissions] [ ] 2 ValidityRestriction validity_restrictions<var> 0x09 length: 9 octets 1 ValidityRestrictionType type 0x01 time_start_and_end [Opt: Geo] 1 Time32 start_validity [ ] 4 Time32 end_validity [ ] 4 signature PublicKeyAlgorithm algorithm 0x00 ecdsa_nistp256_with_sha256 1 Ecdsa ecdsa_signature EccPoint R EccPointType type 0x00 x_coordinate_only 1 opaque x[32] [ ] 32 opaque s[32] [ ] 32 The total size of this certificate is 132 octets. 18/30

19 Security concepts methods NIST curve, 256 bit. TriCore 400Mhz: approx. 20 ms NIST curve, 256 bit. TriCore 400Mhz: approx. 40 ms 19/30

20 C2X-PKI Check trust chain with CA certs available (ITS-S cert) Message Data Signer: Cert ITS ITS-S Certificate Store (dynamic) ITS ITS-S Cert Store (static / trusted) Root Signer: Self AA 20/30

21 C2X-PKI Check trust chain with CA certs available (ITS-S digest) Message Data ITS-S Certificate Store (dynamic) ITS ITS-S Cert Store (static / trusted) Root Signer: Self AA 21/30

22 C2X-PKI Check trust chain with CA certs available and AT cert request 1 Message Data ITS-S Certificate Store (dynamic)? ITS-S Cert Store (static / trusted) Root Signer: Self AA 22/30

23 C2X-PKI Check trust chain with CA certs available and AT cert request 2 Message Data Signer: Cert ITS ITS-S Certificate Store (dynamic) ITS ITS-S Cert Store (static / trusted) Root Signer: Self AA 23/30

24 C2X-PKI Trust chain without CA certs available and AT cert request 1 Message Data ITS-S Certificate Store (dynamic)? ITS-S Cert Store (static / trusted) Root Signer: Self 24/30

25 C2X-PKI Trust chain without CA certs available and AT cert request 2 Message Data Signer: Cert ITS ITS-S Certificate Store (dynamic) ITS? ITS-S Cert Store (static / trusted) Root Signer: Self 25/30

26 C2X-PKI Trust chain without CA certs available and AT cert request 3 Message Data Signer: Certs ITS AA ITS-S Certificate Store (dynamic) ITS AA ITS-S Cert Store (static / trusted) Root Signer: Self 26/30

27 C2X-PKI Check different root domains 1 Message Data ITS-S Certificate Store (dynamic)? ITS-S Cert Store (static / trusted) Root Signer: Self 27/30

28 C2X-PKI Check different root domains 2 Message Data Signer: Cert ITS ITS-S Certificate Store (dynamic) ITS? ITS-S Cert Store (static / trusted) Root Signer: Self 28/30

29 C2X-PKI Check different root domains 3 Message Data Signer: Certs ITS AA ITS-S Certificate Store (dynamic) ITS AA ITS-S Cert Store (static / trusted) Root Signer: Self? 29/30

30 For more information about Vector and our products please visit Author: Armin Happel, Holger Heinemann, Andreas Müller, Jens Buttgereit Vector Germany Vector Informatik GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V