Security architecture Integrating security into the communicating vehicle. Norbert Bissmeyer, Fraunhofer SIT June 18 th 2015



Similar documents
The relevance of cyber-security to functional safety of connected and automated vehicles

Vehicular On-board Security: EVITA Project

CycurHSM An Automotive-qualified Software Stack for Hardware Security Modules

ETSI TC ITS RELEASE PROCESS

Securing Wireless Access in Vehicular Environments (WAVE) Infrastructure and Operations Support Systems(OSS) Architecture

Securing Wireless Access for Vehicular Environments (WAVE)

ITS Safety, Security and Privacy. Scott Cadzow, i-tour partner, ETSI ITS WG5 Chairman

Identification of Authenticity Requirements in Systems of Systems by Functional Security Analysis

Introduction of Information Security Research Division

Automotive Ethernet Security Testing. Alon Regev and Abhijit Lahiri

Security Protocols HTTPS/ DNSSEC TLS. Internet (IPSEC) Network (802.1x) Application (HTTP,DNS) Transport (TCP/UDP) Transport (TCP/UDP) Internet (IP)

Laboratory Exercises V: IP Security Protocol (IPSec)

Security in Vehicle Networks

Cloud Security Overview

KVM Security - Where Are We At, Where Are We Going

Enterprise Security Architecture Concepts and Practice

e-authentication guidelines for esign- Online Electronic Signature Service

Future Directions for Internet of Things Work

Vehicular Security Hardware The Security for Vehicular Security Mechanisms

EVITA-Project.org: E-Safety Vehicle Intrusion Protected Applications

OS/390 Firewall Technology Overview

CTS2134 Introduction to Networking. Module Network Security

Hardware Security Modules for Protecting Embedded Systems

Hardware Security for Trustworthy C2X Applications Marko Wolf

Charter Text Network Design and Configuration

Affording the Upgrade to Higher Speed & Density

Data Communication Networks and Converged Networks

The Costs of Managed PKI:

OpenFlow: History and Overview. Demo of routers

SOFTWARE-DEFINED NETWORKING AND OPENFLOW

API-Security Gateway Dirk Krafzig

ReadyNAS Remote White Paper. NETGEAR May 2010

PROFESSIONAL SECURITY SYSTEMS

Key Management Best Practices

Are Second Generation Firewalls Good for Industrial Control Systems?

Building Robust Security Solutions Using Layering And Independence

Security within a development lifecycle. Enhancing product security through development process improvement

Standardizing PKI in Higher Education Apple PKI and Universal Hi-Ed Spec proposal

Automotive and Industrial Data Security

Protecting Official Records as Evidence in the Cloud Environment. Anne Thurston

Feature Comparison. Windows Server 2008 R2 Hyper-V and Windows Server 2012 Hyper-V

CGHub Client Security Guide Documentation

Building a protocol validator for Business to Business Communications. Abstract

DMZ Virtualization Using VMware vsphere 4 and the Cisco Nexus 1000V Virtual Switch

PCI Compliance Considerations

Windows Server 2008 R2 Hyper-V Server and Windows Server 8 Beta Hyper-V

Cloud-Security: Show-Stopper or Enabling Technology?

Universal Flash Storage: Mobilize Your Data

How to configure Client side certificate authentication for authorization-only access / Active Sync URL s

PC Business Banking. Technical Requirements

A distributed data processing architecture for real time intelligent transport systems

Audit Logging. Overall Goals

CumuLogic Load Balancer Overview Guide. March CumuLogic Load Balancer Overview Guide 1

Linux Network Security

Connectivity. SWIFTNet Link 7.0. Functional Overview

RELEASE NOTES. Table of Contents. Scope of the Document. [Latest Official] ADYTON Release corrections. ADYTON Release 2.12.

Arnab Roy Fujitsu Laboratories of America and CSA Big Data WG

Software Datapath Acceleration for Stateless Packet Processing

Security Issues in Cloud Computing

Abstract. Avaya Solution & Interoperability Test Lab

Websense Support Webinar: Questions and Answers

SSL Inspection Step-by-Step Guide. June 6, 2016

Implementation and Evaluation of Certificate Revocation List Distribution for Vehicular Ad-hoc Networks

Company Co. Inc. LLC. LAN Domain Network Security Best Practices. An integrated approach to securing Company Co. Inc.

IT Networking and Security

Long Term Evolution - LTE. A short overview

Vidder PrecisionAccess

Securing ArcGIS Server Services: First Steps

SAP Mobile - Webinar Series SAP Mobile Platform 3.0 Security Concepts and Features

The New Key Management:

tcpcrypt Andrea Bittau, Dan Boneh, Mike Hamburg, Mark Handley, David Mazières, Quinn Slack Stanford, UCL

Blending Embedded Hardware OTP, SSO, and Out of Band Auth for Secure Cloud Access

Migrating the SSL Offloading Configuration of the Alteon Application Switch 2424-SSL to AlteonOS version

Independent Accountants Report

Understanding changes to the Trust Services Principles for SOC 2 reporting

Evaluating the Cisco ASA Adaptive Security Appliance VPN Subsystem Architecture

vcloud Director User's Guide

Implementing the Application Control Engine Service Module

Pervasive Monitoring and the Internet

The MILS Component Integration Approach To Secure Information Sharing

Samsung Security Solutions

Training courses 2015/2016

Performance Testing BroadR-Reach Automotive Ethernet

Software Requirements Specification. Schlumberger Scheduling Assistant. for. Version 0.2. Prepared by Design Team A. Rice University COMP410/539

A Call Conference Room Interception Attack and its Detection

HSM: A Must Have. Applications are everywhere SafeNet Inc. All rights reserved.

Design of Simple and Efficient Revocation List Distribution in Urban areas for VANET s

EAGLE EYE IP TAP. 1. Introduction

CROSS LAYER BASED MULTIPATH ROUTING FOR LOAD BALANCING

Transcription:

Security architecture Integrating security into the communicating vehicle Norbert Bissmeyer, Fraunhofer SIT June 18 th 2015

Overview PRESERVE provides a close-to-market V2X Security Architecture (VSA) considering External V2X communication security Onboard communication & data security Public Key Infrastructure (PKI) Privacy protection Abstract V2X security architecture Detailed PRESERVE architecture 2

Contribution to Harmonization and Standardization ETSI Internal Security Interfaces conforming to ETSI ITS WG 5 Integration of security in the communication stack according to ETSI EN 302 636-4-1 (Geo Networking) C2C-CC Joint architecture workshop TF PKI, TF TAL, TF Privacy HTG 1 & 3 / HTG 6 Participation as C-ITS experts Status of security standards and needs for harmonization International harmonization of C-ITS Credential Management System (CCMS) 3

Applications Road Safety Road Traffic Efficiency Comfort and Mobility FA SA Security Secure Information Secure Communication MF Facilities SF Secure Software Data Consistency and Plausibility Internal Communication Secure Storage Privacy Protection External Communication Management MN Networking & Transport SN Credential Management Security Management Security Entities Management Access Security Analysis Security Policies HSM MI Internal Communication SI Audit Monitoring Policy Storage Policy Management Sec. Storage Crypto Acc. External Communication Logging Policy Enforcement TRNG

In- Vehicle PRESERVE Vehicle Security Subsystem Sensors Sensors Sensors ECUs Head Unit CAN Bus Comm. Control Security Event Processor Policy Decision Entity Auth. Security Support Platform Integrity Crypto. Services HW Layer TPM HSM Open SSL Applications V2X Comm. Stack Facilities Layer Network Layer MAC Layer CL External API Convergence Layer CL Internal API Privacy Enforcement Runtime Architecture Secure Communication Communication Layer Pseudonym Manag. ID & Trust Management Security Services Management and Configuration Legend X Y X use service of Y Sevecom Mod. EVITA PRECIOSA Mod. External SW/HW Optional comp.

Public Key Infrastructure 18.06.2015 6

Public Key Infrastructure ITS G5 Network V2X Security Infrastructure CA certs. Long-term Certificate Authority IP LTC Root Certificate Authority ITS G5 PC 1 PC n Pseudonym Certificate Authority V2X message PC 1 RSU Vehicles 7

Results of the PRESERVE Architecture Workshop 2013 Relation of IP and non-ip communication from a security perspective Parallel processing of packets in the communication stack to fully exploit HSM performance Verification-on-demand, certificate omission and their relation to Distributed Congestion Control Meta-data and cross-layer signalling of security information Development of the PKI architecture in more complex ITS settings Design of Misbehavior Detection 8

Summary PRESERVE V2X Security Architecture Bridges the gap between the very abstract ETSI reference architecture and specific implementations Conforming with current standards and considers in addition future aspects Stable basis for V2X security implementers and integrators 9

BACKUP SLIDES 10

Integration of Security Header 11

Onboard Meta Data Exchange 12

Pseudonym Certificate Refill 13

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information