Cooperative ITS Corridor Joint Deployment

Transcription

1 Cooperative ITS Corridor Joint Deployment Secure V2X Communication Glasgow, June 8th 2016 Markus Ullmann Federal Office for Information Security (BSI)

2 Outline Cooperative Intelligent Transport System (C-ITS) Corridor Project Rotterdam-Frankfurt-Vienna Use Cases Secure Vehicle-2-Vehicle Communication (V2V) according to ETSI Shortcomings of the existing ETSI Specifications Secure V2X Communication Secure ITS Roadside Station (IRS) messages (DENM) IRS PKI Domain Conclusion/Future Work Markus Ullmann, Christian Wieschebrink, Dennis Kügler, Public Key Infrastructure and Crypto Agility Concept for Intelligent Transportation Systems, Proceedings VEHICULAR 2015, pages 14 19, IARIA 2

3 C-ITS Corridor Project Cooperative ITS Corridor Project Rotterdam-Frankfurt-Vienna (NL-GE-AU) Digitalization of Road Works Warning Use Cases (Broadcast Communication) Send DENM messages to the crossing vehicles Receive CAM / DENM messages of crossing vehicles 3

4 ETSI ITS Architecture ITS roadside stations ITS vehicle stations ITS central stations ITS personal stations 4

5 Secure Vehicle-2-Vehicle Communication Broadcast Communication ETSI ITS Specifications TS V 1.3.2: Cooperative Awareness Message (CAM): Location, Speed, Time,... Header CAM Information ECDSA Signature Certificate TS V 1.2.2: Decentralized Environmental Notification Basis Services (DENM): Warning Header DENM Information ECDSA Signature Certificate TS V 1.2.1: Security header and Certificate formats 5

6 Pseudonym Concept Concept Pseudonymous key pairs/certificates Privacy Requirements Location privacy Message unlinkability 6

7 Decentralized Environmental Notification Basis Services (DENM) 7

8 Secure Vehicular Communication - Keys, Certificates, PKI Identification and Authentication of Vehicles Long term cryptographic key pair (certificate) based on Elliptic Curves (NIST P-256) ETSI Certificate format (not widely used) Issued by Long Term Certification Authority (LTCA) [ETSI: Enrolement Authority] Message Security/Location Privacy Pseudonymous key pairs (certificates) (ECC NIST P-256) ETSI Certificate Format Issued by Pseudonym Certification Authority (PCA) [ETSI: Authorization Authority] 8

9 Shortcomings of the ETSI Specifications Security Cryptographic Setting Missing mechanism for cryptographic update (crypto agility) Elliptic Curve Domain Parameter Hash Function Signature Algorithms, One root PKI for ITS vehicle stations and ITS roadside stations ITS vehicle stations and ITS roadside stations have different (privacy) requirements ETSI certificate format Not widely applied Only NIST-ECC-Domain parameter: Prime Field NIST P-256 (not recommended any more by NSA) Missing properties (role concept, rights,...) Privacy Pseudonym Concept 9

10 Secure ITS Roadside Stations (1) Integration of an electronic gateway Threats to incoming/outgoing messages Availability Jamming,... Authenticity Masquerading, Integrity Injection of forged messages,... Confidentiality Extraction of sensitive information (e.g., cryptographic keys) Threats concerning the integrity of the electronic gateway itself (untrusted environment) Malicious software Extraction of cryptographic keys,... 10

11 Secure ITS Roadside Stations (2) Location Privacy ITS roadside stations are not controlled by an user No Privacy Requirements ==> no pseudonym certificates are needed Instead: Credential Certificate with Identity included (short validity period [~ days] to avoid CRLs) Security Requirements DENM-Security: Message integrity and authentication Protection of the gateways Protection Profile (PP) Identification and authentication (roles) Access Control Short time authorization (credential certificate) 11

12 C-ITS Use Case: Sending DENM messages Short Term Credential Certificate Usage Authorization of ITS roadside station Message integrity and authentication of DENM messages ETSI Certificate format 12

13 IRS PKI Domain (Infrastructure) Identification and Authentication of ITS Roadside station Long term key pair (certificate) based on Elliptic Curves Brainpool curve X.509 V3 certificate format Issued by Long Term Certification Authority (LT-CA) [ETSI: Enrolement Authority] Authorization and Message Authentication Short term key pair (credential certificate) based on Elliptic Curves Brainpool curve ETSI Certificate format Issued by Credential Certification Authority (C-CA) [ETSI: Authorization Authority] 13

14 Conclusion / Future Work Next steps C-ITS Corridor Project (2016) Setup IRS-Pilot PKI for ITS Roadside stations (April, 2016) Equip. RWW gateways with keys/certificates (June, 2016) Test secure V2X communication (Hessen Mobil) Discussion with European Stakeholders EC DG Move C-ITS platform WG5: Preparing Common C-ITS PKI- Policy (~ October 2016) Cryptographic requirements (e.g., ECDSA_brainpoolP256r1_with_SHA256,... ) Certificate validity period Revocation... 14

15 Thank you for your kind attention Suggestions orquestions? Bild: Hessen Mobil Road and Traffic Management