V2X security, privacy and trust overview Dr. José María de Fuentes ([email protected]) COSEC Lab University Carlos III de Madrid
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
V2X security, privacyand trust overview
Dr. José María de Fuentes ([email protected])
COSEC LabUniversity Carlos III de Madrid
Agenda• Intro: Vehicular communications (V2X), what for?
o Real-world news• V2X stakeholders• Security, privacy, trust issues• Our previous results• Conclusions
2
V2X – what for?
• Part of smart cities• Road safety + infotainmentImage source: Telematicsnews.org, arm.com
3
V2X privacyin the real world
4
V2X securityin the real world
5
V2X sec&priv&trustin the real world
6
V2X sec&priv&trustin the real world
7
V2X stakeholders
• What about V2X security, privacy, trust?
8
Automakers& car industry
Governments
ConsumersIntelligentTransportSystems(or V2X)
V2X active stakeholders• Automakers
o Increasingly involved – proof‐of‐concept, experimental settingso R&D efforts
• Governmentso Legal framework for ITS: EU directive & action plan on ITS, also in the
US…o Also initiatives in the National level: Spanish ITS initiative…
• Research communityo Reliable connectiono Bandwidth improvementso Protocol designo … security, privacy and trusto Standardization (IEEE, SAE…)
9
V2X – design constraints• Short‐range communications
o Dedicated Short Range Communications (DSRC) – IEEE 802.11po 1 km nominal range – 300 mts in practice
• Short communication periodo Vehicles driving at 140 km/h or higher
• Embedded platformo Not PC… low computation resources
• Lack of global infrastructureo Ad‐hoc nature
• Regular sec/priv mechanisms cannot be applied“as is”
10
V2X – security• Data may be privileged
o On‐trip services (e.g. next gas station pre‐booking)o Need for confidentialityo IEEE 1609.2 : use of elliptic curves
• Data must come from authorized entitieso Road safety announcement (e.g. bottleneck ahead)o Need for source authenticationo IEEE 1609.2 : public‐key certificates
• Some actions must be accountableo Illusion attack – forcing a collisiono Someone has to be liable! Need for non‐repudiationo IEEE 1609.2 : elliptic curves digital signature (ECDSA)
11
V2X – privacy
• Beacon permanently sent• Signed with public key certificates• Hot topic – use pseudonyms? Anonymous certificates?
How to deal with accountability?
12
V2X – trust• Data must be trustworthy
o Avoid false alarmso Building plausibility checkso Data‐centric trust establishment
• (Low) in‐vehicle data securityo CAN bus : efficiency vs. Securityo Cheap sensors
• Safety is at stake! Secure on‐board platformo Car‐to‐car consortiumo EU R&D projects: EVITA, OVERSEEo Use of Hardware Security Modules (HSM)
13
V2X sec/priv/trust miscellaneous issues
• Over‐the‐air updateso Flexibility against security
• Non‐repudiation of receipto Future issue: “I was not aware of the speed limit in force!”
• Data aggregationo Good for efficiency , what about security?
14
V2X sec/priv/trustat COSEC
• Overview of security issues in V2X• Hindering false event dissemination in V2X• V2X for enforcement
o Privacy-preserving speed controlo V2X-based fine notificationo Evidence management to report misbehaving vehicleso Use of steganography to hide information in V2X communicationso Patent: Privacy-preserving check of driving authorizations without
stop
15
Summary
• V2X security, privacy and trust deserve attention in the near term
o Industry – upcoming developmentso Research – open challenges
• Existing state-of-the-art technologies call for a final step ahead
• In this talk, a short overview on security, privacy and trust in V2X has been presented
16
V2X security, privacy and trust
overviewDr. José María de Fuentes ([email protected])
COSEC LabUniversity Carlos III de Madrid
17
Related Documents
