Presentation is loading. Please wait.

Presentation is loading. Please wait.

ETSI TC ITS WG5 STANDARDIZATION ACTIVITIES ETSI ITS Workshop 2011.

Published byAnabel Hutchinson Modified over 8 years ago

Similar presentations

Presentation on theme: "ETSI TC ITS WG5 STANDARDIZATION ACTIVITIES ETSI ITS Workshop 2011."— Presentation transcript:

1 ETSI TC ITS WG5 STANDARDIZATION ACTIVITIES ETSI ITS Workshop 2011

2 Purpose and scope of WG5 WG5 exists to provide security standards within the ITS Standards platform To protect the ITS platform (ITS-S?) To protect the ITS infrastructure (RSU and beyond) To protect the ITS user WG5 also exists to provide guidance on the use of security standards to protect the ITS applications 2

3 Is security necessary? Yes Society depends on effective transport and society needs assurance that it will be free from attack The scope for manipulation of transport networks is too extensive to hope it will be able to serve us without security control to prevent ITS serving only the criminal community The data gathered from use of ITS is personal data and needs to be protected using Privacy Enhancing Technologies 3

4 Stakeholders in ITS Security Society ITS provides benefit to all of society Industry 100s of millions of vehicles, billions of phones, billions of internet connected devices, billions of people able to move and interact with transport networks Government Need to manage ITS as a societal benefit and ensure it fits to the other government managed societal benefits Need to ensure global cooperation for ITS 4 Security standardisation aims to protect all the stakeholders

5 WG5 WORKING METHODS Risk analysis and countermeasure specification 5

6 Technical domain of ITS Security ComSec Giving assurance to the user that data is transferred without being vulnerable to interception and misrouting AppSec Giving assurance to the user that the ITS application works without harming the user SysSec Giving assurance that the ITS system is not harming its environment (or spreading harm from the environment to its users) DataSec Giving assurance that data in the ITS system is accurate, timely, and free from manipulation Regulatory compliance Data protection, privacy protection, export control of algorithms, etc. 6

7 Working methods in ITS WG5 7 TR 102 893 TS 102 731ES 202 867

8 Security analysis (TVRA) Understanding the user’s communication scenarios: Correspondents know and trust one another and the network Correspondents know and trust one another but don’t trust the network Correspondents know but don’t trust one another but trust the network Correspondents don’t know one another (V2V) Communications network is public (V2I) Communications network is private Etc.

9 Overview Current work Standard for deploying signed CAM and DENM using IEEE 1609.2 PKI design to support IEEE 1690.2 and privacy Whilst maintaining regulatory compliance Minimum standards to support EU Mandates for ITS Future work Extension for full communications technology suite Extension for full applications technology suite Extension for non-vehicle centric ITS 9

10 THE REGULATORY AND SOCIETAL DIMENSION 10

11 Basic concepts in ETSI ITS #1 Access to transport infrastructure is highly regulated and policed Driver and vehicle licensing Different roads have different restrictions (vehicle and driver) Infrastructure is operated both commercially and non- commercially Transport infrastructure supports many different transport uses Movement of individuals Movement of livestock Movement of dangerous goods Summarised in many licensing schemes: Private, Light goods, Heavy Goods, For hire, Multi-user. 11

12 Basic concepts in ETSI ITS #2 ITS stations send environmental (event) and (vehicle) status data to other ITS stations ITS stations may exist in vehicles ITS stations may exist in roadside furniture ITS stations may be applets on internet connected devices Android or Apple Apps for example ITS stations may be networked together Interpretation of received data may assist in driver safety E.g. Collision avoidance Interpretation of received data may assist in regulatory compliance E.g. Speed limit notification and adherence Different data has different authority E.g. Speed limit notification from an authority versus speed assertion from an ITS station 12

13 Regulatory issues Deployment regulation Specific to some of the involved ITS industries R&TTE directive Placement of radio equipment on the market Privacy Article 12 UDHR: Article 8 EU Convention for the Protection of Human Rights and Fundamental Freedoms: Right to respect for private and family life Data protection Crypto export Support to law enforcement Data retention and lawful interception 13

14 Privacy, data protection and security Assigns rights to citizens on how data related to them is protected Enshrined in law in Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data Supplemented by Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications) 14

15 Privacy, data protection and security Personal data shall mean any information relating to an identified or identifiable natural person ('data subject'); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity Processing of personal data shall mean any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction “data subject’s” consent shall mean any freely given specific and informed indication of his wishes by which the data subject signifies his agreement to personal data relating to him being processed 15

16 Privacy, data protection and security The means to give assurance of the confidentiality, integrity and availability of data and services Offers technical and procedural means to support regulation Security supports … Privacy (Privacy Enhancing Technologies) COM(2007) 228 final: “COMMUNICATION FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT AND THE COUNCIL on Promoting Data Protection by Privacy Enhancing Technologies (PETs)” Data protection 16

17 CURRENT WORK PROGRAMME Aims of WG5 in the year or so to come 17

18 Main work focus Keying strategies for ITS Assuming correspondents don’t know one another Assuming limited infrastructure access Assuming minimising of cryptographic load (number of algorithms, number of mechanisms, number of keys) Assuming need to reinforce regulation frameworks For telecommunications and all other regulations Minimal development of “novel” security solutions Maximum re-use of existing best practices 18

19 Identity and role All vehicles have identities Make and model Colour and specification VIN Registration mark Many identifiers have an authority VIN = Manufacturer Registration mark = National vehicle licensing centre Some vehicles take on special roles Emergency services Some vehicles and their roles imply behaviour Farm Tractor – slow vehicle Motorbike 19

20 PKI and Certificates 20 Certificate Authority (CA) Trustworthy entity: OEM, government, etc. Alice Bob certificate What is a certificate: A signed (by the CA) public key (of Alice or Bob) A certificate binds an identity (Alice) and/or a role (e.g. emergency vehicle) to a public key Certificate(Alice) = [Alice,, Sig CA (Alice, ) [ ] 1.Verify certificate 2.Verify message

21 PKI Design Approach 21 TVRA Countermeasures Security Services Stakeholder Limitations and Interests PKI Requirements PKI Design Design input being gathered

22 Enrolment Authority: Example Euro A National Enrolment Authority European Enrolment Authority CA OEM Production Line Sub-CA 1. Request 2. Enrolment Credential Euro B National Enrolment Authority 22

23 CLOSING AND THANKS And some acknowledgments 23

24 Acknowledgements Members of ETSI TC ITS WG5 and ISO TC204 WG16.7 Including the members of ETSI STF397 and STF408 FP7 project i-TOUR The chair is supported in part by the i-TOUR project funded from European Community’s Seventh Framework Programme (FP7/2007-2013) under the Grant Agreement number 234239. 24

25 BACK UP SLIDES (PKI OPTIONS) If really really needed and if time is available 25

26 Enrolment Authority: Example Euro A National Enrolment Authority European Enrolment Authority CA OEM Production Line Sub-CA 1. Request 2. Enrolment Credential Euro B National Enrolment Authority OEM 1 Enrolment Authority OEM 2 Enrolment Authority Sub-CA Can this level be omitted? 26

27 Safety Ticket Authority: Examples European Safety Ticket Authority CA Euro A National Safety Ticket Authority Sub-CA Euro B National Safety Ticket Authority 1 2 27

28 Commercial and Information Ticket Authority: Example Root authority certifies provider authorities (need to satisfy minimum requirements). Then basically any structure is allowed OEMs offering services 3 rd party service providers Government agencies etc. European Commercial and Information Ticket Authority OEM 1 Ticket Authority Tier 1 Ticket Authority Euro A Ticket Authority Sub-CA Could include another country- level CA 28

Download ppt "ETSI TC ITS WG5 STANDARDIZATION ACTIVITIES ETSI ITS Workshop 2011."

Similar presentations

Potential Smart Grid standardisation work in ETSI Security and privacy aspects Carmine Rizzo on behalf of Scott CADZOW, C3L © ETSI 2010. All rights reserved.

Potential Smart Grid standardisation work in ETSI Security and privacy aspects Carmine Rizzo on behalf of Scott CADZOW, C3L © ETSI All rights reserved.
A strategy for a Secure Information Society –

A strategy for a Secure Information Society –
Public Sector Information & Data Protection: A plea for personal privacy settings for the re-use of PSI Bart van der Sloot Institute for Information Law.

Public Sector Information & Data Protection: A plea for personal privacy settings for the re-use of PSI Bart van der Sloot Institute for Information Law.
NATIONAL INFORMATION GOVERNANCE BOARD

NATIONAL INFORMATION GOVERNANCE BOARD
Data Protection & Human Rights. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.

Data Protection & Human Rights. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.
Data Protection Billy Hawkes Data Protection Commissioner Irish Human Rights Commission 20 November 2010.

Data Protection Billy Hawkes Data Protection Commissioner Irish Human Rights Commission 20 November 2010.
DATA PROTECTION and Research University Research Ethics Committee – 30.05.2008 David Cauchi David Cauchi Office of the Commissioner for Data Protection.

DATA PROTECTION and Research University Research Ethics Committee – David Cauchi David Cauchi Office of the Commissioner for Data Protection.
Introduction to basic principles of Regulation (EC) 45/2001 Sophie Louveaux María Verónica Pérez Asinari.

Introduction to basic principles of Regulation (EC) 45/2001 Sophie Louveaux María Verónica Pérez Asinari.
Vehicle-infrastructure integration: creating co-operative mobility systems and services Hearing EU Parliament, 22 January 2009 Hermann Meyer, CEO.

Vehicle-infrastructure integration: creating co-operative mobility systems and services Hearing EU Parliament, 22 January 2009 Hermann Meyer, CEO.
Net Neutrality, What Else? Wim Nauwelaerts Partner Hunton & Williams.

Net Neutrality, What Else? Wim Nauwelaerts Partner Hunton & Williams.
Cranfield Safety and Accident Investigation Centre Independent Investigation How it works in aviation Prof Graham Braithwaite.

Cranfield Safety and Accident Investigation Centre Independent Investigation How it works in aviation Prof Graham Braithwaite.
Data Protection and the GRA. 1. Commentary on Data Protection 2. The GRA’s Role The Register Investigations, Mediation and Compensation Enforcement Notices.

Data Protection and the GRA. 1. Commentary on Data Protection 2. The GRA’s Role The Register Investigations, Mediation and Compensation Enforcement Notices.
DATA PROTECTION and Research University Research Ethics Committee – 08.05.2006 David Cauchi Office of the Data Protection Commissioner.

DATA PROTECTION and Research University Research Ethics Committee – David Cauchi Office of the Data Protection Commissioner.
An Ocean of Opportunity: An integrated maritime policy for the EU 1 Places of refuge: General legal framework and developments within IMO and the EU Alexandros.

An Ocean of Opportunity: An integrated maritime policy for the EU 1 Places of refuge: General legal framework and developments within IMO and the EU Alexandros.
Information security An introduction to Technology and law with focus on e-signature, encryption and third party service Yue Liu Feb.2008.

Information security An introduction to Technology and law with focus on e-signature, encryption and third party service Yue Liu Feb.2008.
Europol’s tailor-made data protection framework

Europol’s tailor-made data protection framework
E-Government Security and necessary Infrastructures Dimitrios Lekkas Dept. of Systems and Products Design Engineering University of the Aegean

E-Government Security and necessary Infrastructures Dimitrios Lekkas Dept. of Systems and Products Design Engineering University of the Aegean
Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.

Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.
Www.enisa.europa.eu European Union Agency for Network and Information Security Follow ENISA: ENISA and standards Sławomir Górniak European Union Agency.

European Union Agency for Network and Information Security Follow ENISA: ENISA and standards Sławomir Górniak European Union Agency.
Data Protection: International. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.

Data Protection: International. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.

Similar presentations

Ads by Google