markus ullmann
TRANSCRIPT
Markus UllmannFederal Office for Information Security (BSI)
Secure V2X CommunicationGlasgow, June 8th 2016
Cooperative ITS Corridor –Joint Deployment
• Cooperative Intelligent Transport System (C-ITS) Corridor Project Rotterdam-Frankfurt-Vienna– Use Cases
• Secure Vehicle-2-Vehicle Communication (V2V) according to ETSI
• Shortcomings of the existing ETSI Specifications
• Secure V2X Communication– Secure ITS Roadside Station (IRS) messages (DENM)– IRS PKI Domain
• Conclusion/Future Work
Outline
– 2 –
Markus Ullmann, Christian Wieschebrink, Dennis Kügler, Public Key Infrastructure and Crypto Agility Concept for Intelligent Transportation Systems, Proceedings VEHICULAR 2015, pages 14 – 19, IARIA
Cooperative ITS Corridor Project Rotterdam-Frankfurt-Vienna (NL-GE-AU)– Digitalization of Road Works Warning
– Use Cases (Broadcast Communication)
• Send DENM messages to the crossing vehicles
• Receive CAM / DENM messages of crossing vehicles
C-ITS Corridor Project
– 3 –
• ITS roadside stations
• ITS vehicle stations
• ITS central stations
• ITS personal stations
ETSI ITS Architecture
– 4 –
Secure Vehicle-2-Vehicle Communication
– 5 –
ETSI ITS Specifications– TS 102 637-2 V 1.3.2: Cooperative Awareness Message (CAM): Location, Speed, Time, ...
– TS 102 637-3 V 1.2.2: Decentralized Environmental Notification Basis Services (DENM): Warning
– TS 103 097 V 1.2.1: Security header and Certificate formats
Header CAM Information ECDSA Signature Certificate
BroadcastCommunication
Header DENM Information ECDSA Signature Certificate
Pseudonym Concept
– 6 –
Concept– Pseudonymous key
pairs/certificates
Privacy Requirements– Location privacy
– Message unlinkability
Decentralized Environmental Notification Basis Services (DENM)
– 7 –
Secure Vehicular Communication- Keys, Certificates, PKI
– 8 –
Identification and Authentication of Vehicles– Long term cryptographic key pair (certificate)
based on Elliptic Curves (NIST P-256)
– ETSI Certificate format (not widely used)
– Issued by Long Term Certification Authority (LTCA)[ETSI: Enrolement Authority]
Message Security/Location Privacy– Pseudonymous key pairs (certificates)
(ECC NIST P-256)
– ETSI Certificate Format
– Issued by Pseudonym Certification Authority (PCA) [ETSI: Authorization Authority]
Security– Cryptographic Setting
– Missing mechanism for cryptographic update (crypto agility) Elliptic Curve Domain Parameter Hash Function Signature Algorithms, …
– One root PKI for ITS vehicle stations and ITS roadside stations
– ITS vehicle stations and ITS roadside stations have different (privacy) requirements
– ETSI certificate format
– Not widely applied– Only NIST-ECC-Domain parameter: Prime Field NIST P-256
(not recommended any more by NSA)– Missing properties (role concept, rights, ...)
Privacy– Pseudonym Concept
Shortcomings of the ETSI Specifications
– 9 –
• Integration of an electronic gateway
• Threats to incoming/outgoing messages– Availability
Jamming, ...
– AuthenticityMasquerading, …
– IntegrityInjection of forged messages, ...
– ConfidentialityExtraction of sensitive information (e.g., cryptographic keys)
• Threats concerning the integrity of the electronic gateway itself (untrusted environment)– Malicious software
– Extraction of cryptographic keys, ...
Secure ITS Roadside Stations (1)
– 10 –
• Location Privacy– ITS roadside stations are not controlled by an user
– No Privacy Requirements ==> no pseudonym certificatesare needed
– Instead: Credential Certificate with Identity included(short validity period [~ days] to avoid CRLs)
• Security Requirements– DENM-Security: Message integrity and authentication
– „Protection of the gateways“ → Protection Profile (PP)
Identification and authentication (roles) Access Control Short time authorization (credential certificate) …
Secure ITS Roadside Stations (2)
– 11 –
• Short Term Credential Certificate
• Usage
– Authorization of ITS roadside station
– Message integrity and authentication of DENM messages
• ETSI Certificate format
C-ITS Use Case: Sending DENM messages
– 12 –
• Identification and Authentication of ITS Roadside station– Long term key pair (certificate) based on
Elliptic Curves
Brainpool curve
X.509 V3 certificate format
– Issued by Long Term Certification Authority (LT-CA) [ETSI: Enrolement Authority]
• Authorization and Message Authentication– Short term key pair (credential certificate)
based on Elliptic Curves
Brainpool curve
ETSI Certificate format
– Issued by Credential Certification Authority (C-CA) [ETSI: Authorization Authority]
IRS PKI Domain (Infrastructure)
– 13 –
Next steps C-ITS Corridor Project (2016)– Setup IRS-Pilot PKI for ITS Roadside stations (April, 2016)
– Equip. RWW gateways with keys/certificates (June, 2016)
– Test secure V2X communication (Hessen Mobil)
Discussion with European Stakeholders– EC DG Move C-ITS platform WG5: Preparing Common C-ITS PKI-
Policy (~ October 2016) Cryptographic requirements (e.g.,
ECDSA_brainpoolP256r1_with_SHA256, ... ) Certificate validity period Revocation ...
Conclusion / Future Work
– 14 –
Bild: Hessen Mobil – Road and Traffic Management
Suggestions or Questions?
Thank you for your kind attention