Eyal Hamo Berry Shnaider בס " ד 1

Outline Introduction. VANET security. Different between VANET security and PC security. Security Architectures Tamper-proof device Digital signatures CRL IEEE P standard Vehicle Safety Communication (VSC) Secure Vehicle Communication (SeVeCom) Network on Wheels (NoW) Car2Car Communication Consortium (C2C-CC) Challenges of Data Security in Vehicular Networks. 2

Introduction IT software and hardware in VANET VANET – V2V – V2I Infotainment Applications 3 Software+ hardware rest

IT safety & IT security 4

VANET applications Secure: - Driver - Manufacturer. - Suppliers. Why to protect on Applications? Malicious manipulation Financial loss. 5

Different between VANET security and PC security Embedded computing platforms: Hardware – processors, memory. Vehicles Lifespan. Communication: Bandwidth limited. Vehicles Lifespan. Attackers Types. Privacy – The system is reachability (e.g. mechanics, valets). Connections Types. Secure connection. 6

Security Architectures Tamper-proof device Each vehicle carries a tamper-proof device Contains the secrets of the vehicle itself Has its own battery Has its own clock (notably in order to be able to sign timestamps) Is in charge of all security operations Is accessible only by authorized personnel 7

Digital signatures Symmetric cryptography is not suitable: messages are standalone, large scale, non-repudiation requirement Hence each message should be signed with a DS Liability-related messages should be stored in the EDR 8

certificate revocation Lists (CRL) List of serial numbers for certificates. Certificate Authority in VANET. 9

Vehicle infrastructure integration (VII) Directly linking road vehicles to their physical surroundings. Provide a communications link between vehicles on the road and between vehicles and the roadside infrastructure. Increase the safety, efficiency, and convenience of the transportation system 10

Vehicle infrastructure integration (VII) 11

Vehicle Safety Communications(VSC) A key VII initiative is the development of Vehicle Safety Communication (VSC) technologies Processing systems with wireless communications for real-time transmission and processing of relevant safety data to provide: warnings of hazards predict dangerous scenarios help avoid collisions 12

Vehicle Safety Communications(VSC) - Examples Traffic Signal Violation Warning Curve Speed Warning Emergency Electronic Brake Lights Pre-Crash Warning Stop Sign Movement Assistance 13

Vehicle Safety Communications Consortiums (VSCC) The Vehicle Safety Communications Consortium (VSCC) of CAMP, which consists of seven OEMs (Original Equipment Manufacturer): BMW, DaimlerChrysler, Ford, GM, Nissan, Toyota, and Volkswagen was formed to investigate the potential of using vehicle-to vehicle and vehicle-to-roadside communications as a means of improving crash prevention performance. 14

Vehicle Safety Communications Consortiums (VSCC) - GOALS identify and evaluate the safety benefits of vehicle safety communication applications, and estimate their deployment feasibility assess the associated communication and data requirements specific for VSC applications investigate any issues that might affect the successful deployment of vehicle safety applications contribute to the formation of the necessary technical standards and communication protocols (Vehicle Safety Communications Consortium) 15

IEEE P standard Standard for Wireless Access in Vehicular Environments -Security Services for Applications and Management Messages. defines secure message formats and processing. This standard also defines the circumstances for using secure message exchanges and how those messages should be processed based upon the purpose of the exchange. 16

Illustration of the IEEE standard 17

Secure Vehicular Communications(SEVECOM) The SeVeCom project is an European project that was specifically set up in order to develop a complete security architecture. Threats, such as bogus information, denial of service or identity cheating. Requirements: authentication, availability, and privacy. Operational Properties: network scale, privacy, cost and trust 18

Network on Wheels (NoW) Active between 2004 and 2008, funded by the German government Main objectives of NOW Communication protocols and data security algorithms for inter- vehicle ad hoc communication systems To support active safety applications, infotainment applications with infrastructure and between vehicles Radio systems based on IEEE technology Standardization on European level with the Car2Car Communication Consortium Implementation of a reference system Planning of introduction strategies and business models 19

Car2Car Communication Consortium (C2C-CC) The CAR 2 CAR system shall provide the following top level features: automatic fast data transmission between vehicles and between vehicles and road side units transmission of traffic information, hazard warnings and entertainment data support of ad hoc CAR 2 CAR Communications without need of a pre-installed network infrastructure the CAR 2 CAR system is based on short range Wireless LAN technology and free of transmission costs 20

Challenges of Data Security in Vehicular Networks Security in vehicular networks: Risk potential Financial assets Cost Usability Mobility Privacy New business models Market penetration Legislation 21

Risk potential The risk involved in vehicular networks Software/Driver - take over control of a vehicle. driver’s reaction to the warning Usually attacks - (hacking, phishing, pharming..) Effects of hacked application. Global attacked. 22

Financial assets Applications based on vehicular communication. Digital infotainment content. Location based services Financial gain. system might be manipulated by: vehicle owner \ hackers. third parties. 23

Road Tolling Built-in automotive payment functions. hacking, phishing. 24

Cost Cost of security solutions in VANET. Anti-virus software and firewalls. Vehicle buyers. 25

Usability Security software (PC / VANET) Installed. Configured and adjusted automatically. Updating. 26

Mobility Not moved in groups. Secure channel limited. 27

Privacy Driver’s location and behavior. carried out on privacy : Technical. Organizational. 28

Reliability Malicious modifications. Software updates - Remote. Financial loss. 29

New business models Vehicular applications relies on strong security functionality. Selling software for vehicles will make for a completely new business model Example: Optimizations for a sporty vs. updates to the vehicle’s entertainment system 30

Market penetration Details USA vehicles : 7 million vehicles sold per year. Around 243 million vehicles altogether Supporting Infrastructure available in the form of roadside units (RSUs). Potential security solutions should work with a low penetration rate of radio enabled vehicles and small number of deployed RSUs 31

Legislation Provide strong security and privacy solutions. Complexity of a security certificatio. For example, in Europe.trucks are required to use a digital tachograph. 32

The End 33