COOPERATIVE ITS SECURITY STANDARDIZATION AND ACTIVITIES ON EUROPEAN C ITS TRUST MODEL AND POLICY

Transcription

1 COOPERATIVE ITS SECURITY STANDARDIZATION AND ACTIVITIES ON EUROPEAN C ITS TRUST MODEL AND POLICY ETSI IoT Security WORKSHOP, June 2016 Brigitte LONC, RENAULT ETSI TC ITS WG 5 Chairman ETSI All rights reserved

2 Overview Introduction: C ITS communications context ETSI ITS Security framework & Release 1 standards Common European C ITS Security architecture & policies Next steps : ETSI Release 2 workplan

3 C ITS Communications Context C-ITS enables communication between vehicles and with infrastructure improve road safety, reduce traffic congestion & smarter mobility Broadcast information to all neighbors for using WIFIp / ITS G5 radio link vehicle dynamics info (position, speed, heading) velocity/trajectory of neighbor cars for increased driver awareness and safety Cooperative safety and mobility applications depend upon data from other vehicles and the infrastructure Data must be trustworthy to prevent malfunctions and serious safety impacts

4 C ITS End2End Security Architecture A Public Key Infrastructure 4 enables: Authentication & authorization of senders Integrity: receivers verify data via digital signatures Confidentiality Principle: Trustworthy stations receive certificates from PKI Pseudonymous certificates frequently changed Secure ITS communications between ITS stations (vehicle, RSU, centers ) Secure connection between vehicles & Service Centres TLS extension for ITS certificates: draft RFC under review in IETF ITS G5 3G/ 4G RSU Roadside ITS-S (gateway) Backbone Network RCA AA PKI ITS Service Center EA

5 Security and privacy protections in V2X communications ITS stations have a pool of Pseudonymous certificates ITS stations change certificates regularly Tracking considerably more difficult Local traceability of individual station pseudonym changes remains possible ( mix zones ) Key challenge: specify efficient and performant pseudonym change strategies Increased latency, channel load Impact on safety applications Change blocked needed (limited time/distance period) 5

6 ETSI ITS Release1 standards: C ITS Security Framework TR Risk analysis TVRA TVRA updated with last GeoNet EN standard (stable draft) TS Security services TS Security headers, Certificates TS ITS security architecture & sec management v1.2.1 to be published soon TS SECURITY NETWORK SAP v1.1.1 (04/2016) v1.2.1 version published (06/2016)) TS Trust & Privacy TS Access control TS Confidentiality 6 TS revision on-going, Extensions being discussed in Release2 Workplan scalability & extensibility (PKI entities) maintainability, crypto-agility

7 European C ITS Platform WG5 activities C ITS Platform formed in Jan by the EC C ITS Platform WG5 Phase 1 outcomes (2015) Recommendations on Trust domain model, PKI architecture & management(cp/sp governing body) Trust Model 2c: multiple Root CAs, common certificate policy (EU CTL) Reports Published on DG MOVE website (01/2016) WG5 Report on Trust domain models, crypto agility, revocation & compliance assessment DG MOVE starts preparation of a delegated act on C ITS under the ITS Directive 2010/40/EU

8 C ITS Platform Phase 2 activities/1 Global European C-ITS Governance & roles On-going discussions on roles & refinements of architecture Detailed View on the Governance Architecture, introduced in C-ITS WG5 Roles in C-ITS

9 C ITS Platform Phase 2 activities /2 Next steps: Specification of a common EU Security and Certificate Policy CP document Draft planned mid 2016 Discussion of timeplan timeplan for PKI policies spec, final standards & deployment, links with compliance assessment & stakeholders roadmap, e.g. C2C CC preparation of a delegated act on C ITS under the ITS Directive 2010/40/EU

10 Crypto agility and updatability in C ITS Security maintainability Due to lifetime of ITS stations (vehicles, RSUs), security erosion will happen Crypto agility is recommended Key size, curve parameters, signature algorithm But issues for existing systems: updatability in the field, limited HW (HSM, crypto accelerator), lower implementation performances safety impacting applications require low latency communications and limited packet sizes (security overhead) 10

11 Crypto agility management processes & impacts on C ITS Updates of ITS-S (SW, FW, Increase CA & testing hardware) security components Increase of channel load certification Needs more Radio channels (MCO) Update CP policies Renewal of CA certificates Distribute and updates end-entities pseudonyms

12 Next steps : ETSI Release 2 workplan Release 2 new uses cases for Autonomous Vehicles (C ACC, platooning, VRU) Extend TVRA and identify new security services WI on pseudonym change strategies (TR) Revision of base standards for EU C ITS trust domain/architecture, e.g. Support of additional crypto algorithms & key sizes in ETSI protocol (TS ) Backward compatibility solutions (transition period) User consent, Privacy aware message handling CRL and CertificateTrust List updating and distribution

13 Backup slides

14 Higher in veh security (sensor, network) for connected, autonomous vehicles