Security architecture Integrating security into the communicating vehicle. Norbert Bissmeyer, Fraunhofer SIT June 18 th 2015

Transcription

1 Security architecture Integrating security into the communicating vehicle Norbert Bissmeyer, Fraunhofer SIT June 18 th 2015

2 Overview PRESERVE provides a close-to-market V2X Security Architecture (VSA) considering External V2X communication security Onboard communication & data security Public Key Infrastructure (PKI) Privacy protection Abstract V2X security architecture Detailed PRESERVE architecture 2

3 Contribution to Harmonization and Standardization ETSI Internal Security Interfaces conforming to ETSI ITS WG 5 Integration of security in the communication stack according to ETSI EN (Geo Networking) C2C-CC Joint architecture workshop TF PKI, TF TAL, TF Privacy HTG 1 & 3 / HTG 6 Participation as C-ITS experts Status of security standards and needs for harmonization International harmonization of C-ITS Credential Management System (CCMS) 3

4 Applications Road Safety Road Traffic Efficiency Comfort and Mobility FA SA Security Secure Information Secure Communication MF Facilities SF Secure Software Data Consistency and Plausibility Internal Communication Secure Storage Privacy Protection External Communication Management MN Networking & Transport SN Credential Management Security Management Security Entities Management Access Security Analysis Security Policies HSM MI Internal Communication SI Audit Monitoring Policy Storage Policy Management Sec. Storage Crypto Acc. External Communication Logging Policy Enforcement TRNG

5 In- Vehicle PRESERVE Vehicle Security Subsystem Sensors Sensors Sensors ECUs Head Unit CAN Bus Comm. Control Security Event Processor Policy Decision Entity Auth. Security Support Platform Integrity Crypto. Services HW Layer TPM HSM Open SSL Applications V2X Comm. Stack Facilities Layer Network Layer MAC Layer CL External API Convergence Layer CL Internal API Privacy Enforcement Runtime Architecture Secure Communication Communication Layer Pseudonym Manag. ID & Trust Management Security Services Management and Configuration Legend X Y X use service of Y Sevecom Mod. EVITA PRECIOSA Mod. External SW/HW Optional comp.

6 Public Key Infrastructure

7 Public Key Infrastructure ITS G5 Network V2X Security Infrastructure CA certs. Long-term Certificate Authority IP LTC Root Certificate Authority ITS G5 PC 1 PC n Pseudonym Certificate Authority V2X message PC 1 RSU Vehicles 7

8 Results of the PRESERVE Architecture Workshop 2013 Relation of IP and non-ip communication from a security perspective Parallel processing of packets in the communication stack to fully exploit HSM performance Verification-on-demand, certificate omission and their relation to Distributed Congestion Control Meta-data and cross-layer signalling of security information Development of the PKI architecture in more complex ITS settings Design of Misbehavior Detection 8

9 Summary PRESERVE V2X Security Architecture Bridges the gap between the very abstract ETSI reference architecture and specific implementations Conforming with current standards and considers in addition future aspects Stable basis for V2X security implementers and integrators 9

10 BACKUP SLIDES 10

11 Integration of Security Header 11

12 Onboard Meta Data Exchange 12

13 Pseudonym Certificate Refill 13