Third public workshop of the Amsterdam Group and CODECS C-ITS Deployment in Europe: Common Security and Certificate Policy

Similar documents
European Framework for C-ITS Security 6 th of March 2018 Gerhard Menzel European Commission

Third public workshop of the Amsterdam Group and CODECS European Framework for C-ITS Deployment

Cooperative, Connected and Automated Mobility

Certificate Policy for Deployment and Operation of European Cooperative Intelligent Transport Systems (C-ITS)

Cooperative, Connected and Automated Mobility: The European Context

COOPERATIVE ITS SECURITY STANDARDIZATION AND ACTIVITIES ON EUROPEAN C ITS TRUST MODEL AND POLICY

C-ITS in Europe. Gerhard Menzel, DG MOVE 7th ETSI ITS Workshop 26 th of March 2015, Helmond. Transport

New Services in Mobility: C-ITS

European Union Agency for Network and Information Security

Kick-off Meeting DPIA Test phase

How the European Commission is supporting innovation in mobile health technologies Nordic Mobile Healthcare Technology Congress 2015

CEF e-invoicing. Presentation to the European Multi- Stakeholder Forum on e-invoicing. DIGIT Directorate-General for Informatics.

European Standards- preparation, approval and role of CEN. Ashok Ganesh Deputy Director - Standards

ISO/IEC INTERNATIONAL STANDARD. Information technology Security techniques Entity authentication assurance framework

Security for V2X Communications

ERCI cybersecurity seminar Guildford ERCI cybersecurity seminar Guildford

EUROPEAN PLATFORMS AND INITIATIVES FOR C-ITS DEPLOYMENT

European Transport Policy: ITS in action ITS Action Plan Directive 2010/40/EU

CEN and CENELEC Position Paper on the draft regulation ''Cybersecurity Act''

Platform Economy and Trustworthiness Standardization

In Accountable IoT We Trust

INTERMEDIATE EVALUATION

PKI AND ROAMING IN ITS

Cooperative ITS Corridor Joint Deployment

Digital Road Map Data :

Deployment is underway!

l Digital Road Map Data :

AASHTO INTERNATIONAL DAY

eidas Interoperability Architecture Version November 2015

SG-CG/SGIS SG-CG/SGIS. ETSI Cyber Security Workshop Sophia Antipolis, France, January the 16th, 2013 Jean-Pierre Mennella, Alstom Grid

This document is a preview generated by EVS

Package of initiatives on Cybersecurity

ENISA s Position on the NIS Directive

Standardization and Regulations in the EU/EFTA

EU Policy Management Authority for Grid Authentication in e-science Charter Version 1.1. EU Grid PMA Charter

The NIS Directive and Cybersecurity in

EU General Data Protection Regulation (GDPR) Achieving compliance

13967/16 MK/mj 1 DG D 2B

EU Technology Platform SmartGrids WG2 Network Operations

Security and Privacy in Car2Car Adhoc Networks

Cooperative ITS Corridor Joint Deployment

ETNO Reflection Document on the EC Proposal for a Directive on Network and Information Security (NIS Directive)

DECISION OF THE EUROPEAN CENTRAL BANK

cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

Security and resilience in Information Society: the European approach

EUROPEAN COMMISSION Enterprise Directorate-General

Trustworthy ICT. FP7-ICT Objective 1.5 WP 2013

PKI-An Operational Perspective. NANOG 38 ARIN XVIII October 10, 2006

A European Perspective on Smart Grids

CONCLUSIONS OF THE WESTERN BALKANS DIGITAL SUMMIT APRIL, SKOPJE

Security Aspects of Trust Services Providers

New cybersecurity landscape in the EU Sławek Górniak 9. CA-Day, Berlin, 28th November 2017

Certification Authority

ACCREDITATION: A BRIEFING FOR GOVERNMENTS AND REGULATORS

Directive on security of network and information systems (NIS): State of Play

European Activities towards Cooperative Mobility

Resilience, Deterrence and Defence: Building strong cybersecurity for the EU

EU energy policy and the role of smart grids Mark van Stiphout DG Energy

Electronic Commerce Working Group report

Communication networks and systems for power utility automation Part 80-3: Mapping to web protocols Requirements and technical choices

ENISA S WORK ON ICS AND SMART GRID SECURITY

DG CONNECT (Unit H5) Update on Data Centre Activities

Trust Services for Electronic Transactions

How icims Supports. Your Readiness for the European Union General Data Protection Regulation

Discussion on MS contribution to the WP2018

H2020 WP Cybersecurity PPP topics

INSPIRE status report

ISO INTERNATIONAL STANDARD. Road vehicles Extended data link security. Véhicules routiers Sécurité étendue de liaison de données

Valérie Andrianavaly European Commission DG INFSO-A3

NIST Smart Grid Interoperability Framework

Strong Security Elements for IoT Manufacturing

eidas Regulation eid and assurance levels Outcome of eias study

Information Technology (CCHIT): Report on Activities and Progress

U.S. Japan Internet Economy Industry Forum Joint Statement October 2013 Keidanren The American Chamber of Commerce in Japan

Electronic signature framework

Cybersecurity & Digital Privacy in the Energy sector

FiXs - Federated and Secure Identity Management in Operation

H2020 & THE FRENCH SECURITY RESEARCH

ehealth action in the EU

Voertuigconstructeurs en data economie

Business Model for Global Platform for Big Data for Official Statistics in support of the 2030 Agenda for Sustainable Development

VdTÜV Statement on the Communication from the EU Commission A Digital Single Market Strategy for Europe

ICB Industry Consultation Body

The European Policy on Critical Information Infrastructure Protection (CIIP) Andrea SERVIDA European Commission DG INFSO.A3

John Snare Chair Standards Australia Committee IT/12/4

ISO/IEC INTERNATIONAL STANDARD

Update on Smart Grid Deployment in the EU. Dr.-Ing. Manuel Sánchez Jiménez Team Leader Smart Grids Directorate General for Energy European Commission

Information technology Security techniques Telebiometric authentication framework using biometric hardware security module

Security and resilience in the Information Society: the role of CERTs/CSIRTs in the context of the EU CIIP policy

COMPANION FINAL EVENT 14 TH & 15 TH September 2016

Accelerate Your Enterprise Private Cloud Initiative

IPv6 deployment, European Commission involvement. RIPE 60 Prague 4May Per Blixt

C-ITS Plenary Wednesday, 20 September Brussels - 14h - 17h

European Cyber Security Certification: ECSO Meta-Scheme Approach

Enhancing ERMES collaboration and image. ERMES plenary meeting Brussels September 2012 Fabio Dalan

The current status of Esi TC and the future of electronic signatures

Digital Healthcare. Yordan Iliev Director R&D Healthcare. Regional Cybersecurity Forum, November 2016, Grand Hotel Sofia, Bulgaria

TECHNICAL SPECIFICATION

EU Cloud Computing Policy. Luis C. Busquets Pérez 26 September 2017

NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY

Transcription:

Third public workshop of the Amsterdam Group and CODECS C-ITS Deployment in Europe: Common Security and Certificate Policy 14 February 2017 Amsterdam Gerhard Menzel European Commission - DG MOVE

Scope: Cyber Security C-ITS? The scope of the work conducted in the Work Group security currently concentrates on the security of communications for V2V and V2I exchange of messages. The WG does not deal with the internal security of vehicles or the topic of security for the topic of access-to-invehicle-data. The discussions of C-ITS compliance assessment also heavily links to the topic of C-ITS security of communications. Further there is an important link to privacy & data protection.

2014-2016: C-ITS Trust Model Analysis In 2015, the C-ITS platform set up Working Group 5 to identify the most appropriate trust model in Europe for C-ITS platforms. The trust model shall be based on a Public Key Infrastructure (PKI) as recommended by the standardization results and by similar initiatives in the world (Connected Vehicles in USA and Australian GateKeeper). In addition, Europe has already a working PKI used in the Digital Tachograph application (millions of commercial vehicles in Europe).

2014-2016: C-ITS Trust Model Analysis Member of the working group for security in C-ITS: Telematics manufacturers Vehicle manufacturers Member states Roadside authorities Standardization bodies Security experts Experience from similar and parallel initiatives was used: - Biometrics passports - Connected Vehicles in USA - Digital Tachograph - Australian Gatekeeper

2014-2016: C-ITS Trust Model Analysis These options were evaluated on the basis of different metrics: 1.Maintainability 2.Scalability 3.Crypto-Flexibility 4.Trust Model flexibility 5.Robustness (Reliability and Resiliency) 6.Simplicity (Antonym to Complexity) Organizational and Technical 7.Support for life cycle of C-ITS stations 8.Liabilities, contractual aspects 9.Support for revocation 10.Misbehavior detection and countermeasures 11.Robustness against lack of harmonized standards 12.Cost efficiency for investment costs-(capex) 13.Cost efficiency for Running costs (OPEX) 14.Performance efficiency 15.Storage minimization

C-ITS Trust model: The results of the qualitative analysis based on expert opinion for different categories of stakeholders recommended Certificate Trust List as main option with single root CA as close second option. These conclusions were completed by additional work items in C-ITS Platform Working Group Security for compliance assessment, crypto agility and revocation. In 2016, the work started to define a potential deployment scenario for Europe.

C-ITS Trust model defined in Security policy (SP): rules, directives and practices that govern how assets, including sensitive information, are managed, protected and distributed within an organization and its systems, particularly those which impact the systems and associated elements (ISO/IEC 21827:2008-10-15) Certificate policy (CP): A named set of rules that indicates the applicability of a certificate to a particular community and/or class of application with common security requirements. For example, a particular CP might indicate applicability of a type of certificate to the authentication of parties engaging in business-to-business transactions for the trading of goods or services within a given price range. (IETFRFC 3647) Certification Practice Statement (CPS): A statement of the practices that a certification authority employs in issuing, managing, revoking, and renewing or re-keying certificates. (IETF RFC 3647)

C-ITS Trust model: Roles (1/2) The Policy Authority is a role composed by the representatives of public and private stakeholders (e.g. Member States, Vehicle Manufacturers, etc.) participating to the C-ITS trust model, where a majority consensus based voting scheme applies. The Central Point of Contact (CPOC) is a unique entity appointed by the Policy Authority. It has responsibility to establish and contribute to secure communication exchange between the Root CA to collect the Root CA certificates and provide them to the Trust List Manager (TLM). The CPOC is also responsible for distributing the ECTL to any interested entities in the trust model. The ECTL is needed to ensure interoperability among European member states and vehicles from different manufacturers. Root Certification Authority provides EA and AA with proof that it may issue enrolment credentials and authorization tickets. A root CA can be both a government (i.e., Member State) or a private entity (i.e., industry)

C-ITS Trust model: Roles (2/2) The Trust List Manager (TLM) is responsible for creating the list of root CA certificates and signing it. The signed list of root CA certificates is the European Certificate Trust List (ECTL)

European Trust Model Architecture

to implement EU C-ITS Strategy COM (2016) 766 - Ch 3.2 C-ITS Security: The Commission will work together with all relevant stakeholders in the C-ITS domain to steer the development of a common security and certificate policy for deployment and operation of C-ITS in Europe. It will publish guidance regarding the European C-ITS security and certificate policy in 2017. All C-ITS deployment initiatives should participate in the development of this common security policy by committing from the beginning to implement future-proof C-ITS services in Europe The Commission will analyse the roles and responsibilities of the European C-ITS Trust Model, and whether some operational functions and governance roles should be taken over by the Commission (as, for instance, in the case of the Smart Tachograph).

COM (2016) 766 - Ch 3.7. Legal framework: The Commission will consider, where appropriate, making use of its mandate under the ITS Directive to adopt delegated act(s) by 2018 on: ensuring continuity of C-ITS services laying down rules to ensure security of C-ITS communications ensuring the practical implementation of the General Data Protection Regulation in the area of C-ITS ensuring a forward looking hybrid communication approach laying down rules on interoperability laying down rules on the compliance assessment processes

COM (2016) 766 - Ch 3.5. Interoperability at all levels: The Commission will make full use of the C-Roads platform as the coordination mechanism for C-ITS deployment at operational level. Crucial for secure and interoperable operation of C-ITS in Europe for both V2I (Member States / Authorities!) and V2V There is only 1 Trust Model in Europe any deployment initiative (no matter if OEMs or public authorities) needs to stick to common security and certificate policy! Cooperation with C-ROADS therefore an important requirement for CEF co-funded projects

Next Steps? to deliver final draft of C-ITS certificate policy by early 2017. EC to follow-up on actions defined in C-ITS strategy COM 766/2016 Close involvement of all European stakeholders and international partners needed! Target of 2019 very close urgent need to avoid interoperability and security issues in deployment in Europe NOW!

More Information Directorate-General for : http://ec.europa.eu/transport/index_en.htm ITS Action Plan and Directive: http://ec.europa.eu/transport/its/road/action_plan_en.htm Cooperative, connected and automated mobility (C-ITS): https://ec.europa.eu/transport/themes/its/c-its_en Thank you for your attention! Gerhard Menzel gerhard.menzel@ec.europa.eu European Commission - DG MOVE B.4: Sustainable & Intelligent

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback