ETSI TC ITS WG5
STANDARDIZATION
ACTIVITIES
ETSI ITS Workshop 2011
Purpose and scope of WG5
WG5 exists to provide security standards within
the ITS Standards platform
• To protect the ITS platform (ITS-S?)
• To protect the ITS infrastructure (RSU and beyond)
• To protect the ITS user
WG5 also exists to provide guidance on the use
of security standards to protect the ITS
applications
2
Is security necessary?
Yes
• Society depends on effective transport and society
•
•
3
needs assurance that it will be free from attack
The scope for manipulation of transport networks
is too extensive to hope it will be able to serve us
without security control to prevent ITS serving
only the criminal community
The data gathered from use of ITS is personal data
and needs to be protected using Privacy
Enhancing Technologies
Stakeholders in ITS Security
Society
• ITS provides benefit to all of society
Industry
• 100s of millions of vehicles, billions of phones, billions
of internet connected
devices, billions of people
able
Security
standardisation
aims
to move and interact with transport networks
toGovernment
protect
all
the
stakeholders
• Need to manage ITS as a societal benefit and ensure it
fits to the other government managed societal
benefits
• Need to ensure global cooperation for ITS
4
WG5 WORKING METHODS
Risk analysis and countermeasure specification
5
Technical domain of ITS Security
ComSec
• Giving assurance to the user that data is transferred without being
vulnerable to interception and misrouting
AppSec
• Giving assurance to the user that the ITS application works without
harming the user
SysSec
• Giving assurance that the ITS system is not harming its environment
(or spreading harm from the environment to its users)
DataSec
• Giving assurance that data in the ITS system is accurate, timely, and
free from manipulation
Regulatory compliance
• Data protection, privacy protection, export control of algorithms, etc.
6
Working methods in ITS WG5
TR 102 893
7
TS 102 731
ES 202 867
Security analysis (TVRA)
Understanding the user’s communication
scenarios:
• Correspondents know and trust one another and
•
•
•
•
•
•
the network
Correspondents know and trust one another but
don’t trust the network
Correspondents know but don’t trust one another
but trust the network
Correspondents don’t know one another (V2V)
Communications network is public (V2I)
Communications network is private
Etc.
Overview
Current work
• Standard for deploying signed CAM and DENM using
IEEE 1609.2
• PKI design to support IEEE 1690.2 and privacy
• Whilst maintaining regulatory compliance
• Minimum standards to support EU Mandates for ITS
Future work
• Extension for full communications technology suite
• Extension for full applications technology suite
• Extension for non-vehicle centric ITS
9
THE REGULATORY AND SOCIETAL
DIMENSION
10
Basic concepts in ETSI ITS #1
Access to transport infrastructure is highly regulated and
policed
• Driver and vehicle licensing
• Different roads have different restrictions (vehicle and driver)
• Infrastructure is operated both commercially and noncommercially
Transport infrastructure supports many different transport
uses
•
•
•
•
11
Movement of individuals
Movement of livestock
Movement of dangerous goods
Summarised in many licensing schemes:
• Private, Light goods, Heavy Goods, For hire, Multi-user.
Basic concepts in ETSI ITS #2
ITS stations send environmental (event) and (vehicle) status data to
other ITS stations
ITS stations may exist in vehicles
ITS stations may exist in roadside furniture
ITS stations may be applets on internet connected devices
• Android or Apple Apps for example
ITS stations may be networked together
Interpretation of received data may assist in driver safety
• E.g. Collision avoidance
Interpretation of received data may assist in regulatory compliance
• E.g. Speed limit notification and adherence
Different data has different authority
• E.g. Speed limit notification from an authority versus speed assertion
from an ITS station
12
Regulatory issues
Deployment regulation
• Specific to some of the involved ITS industries
R&TTE directive
• Placement of radio equipment on the market
Privacy
• Article 12 UDHR:
• Article 8 EU Convention for the Protection of Human Rights and
Fundamental Freedoms: Right to respect for private and family
life
Data protection
Crypto export
Support to law enforcement
• Data retention and lawful interception
13
Privacy, data protection and security
Assigns rights to citizens on how data related to
them is protected
• Enshrined in law in Directive 95/46/EC of the
European Parliament and of the Council of 24 October
1995 on the protection of individuals with regard to
the processing of personal data and on the free
movement of such data
• Supplemented by Directive 2002/58/EC of the
European Parliament and of the Council of 12 July
2002 concerning the processing of personal data and
the protection of privacy in the electronic
communications sector (Directive on privacy and
electronic communications)
14
Privacy, data protection and security
Personal data
• shall mean any information relating to an identified or identifiable natural
person ('data subject'); an identifiable person is one who can be identified,
directly or indirectly, in particular by reference to an identification number or
to one or more factors specific to his physical, physiological, mental,
economic, cultural or social identity
Processing of personal data
• shall mean any operation or set of operations which is performed upon
personal data, whether or not by automatic means, such as collection,
recording, organization, storage, adaptation or alteration, retrieval,
consultation, use, disclosure by transmission, dissemination or otherwise
making available, alignment or combination, blocking, erasure or destruction
“data subject’s” consent
• shall mean any freely given specific and informed indication of his wishes by
which the data subject signifies his agreement to personal data relating to
him being processed
15
Privacy, data protection and security
The means to give assurance of the
confidentiality, integrity and availability of data
and services
• Offers technical and procedural means to support
regulation
Security supports …
• Privacy (Privacy Enhancing Technologies)
• COM(2007) 228 final: “COMMUNICATION FROM THE
COMMISSION TO THE EUROPEAN PARLIAMENT AND THE
COUNCIL on Promoting Data Protection by Privacy
Enhancing Technologies (PETs)”
• Data protection
16
CURRENT WORK PROGRAMME
Aims of WG5 in the year or so to come
17
Main work focus
Keying strategies for ITS
• Assuming correspondents don’t know one another
• Assuming limited infrastructure access
• Assuming minimising of cryptographic load (number
of algorithms, number of mechanisms, number of
keys)
• Assuming need to reinforce regulation frameworks
• For telecommunications and all other regulations
• Minimal development of “novel” security solutions
• Maximum re-use of existing best practices
18
Identity and role
All vehicles have identities
•
•
•
•
Make and model
Colour and specification
VIN
Registration mark
Many identifiers have an authority
• VIN = Manufacturer
• Registration mark = National vehicle licensing centre
Some vehicles take on special roles
• Emergency services
Some vehicles and their roles imply behaviour
• Farm Tractor – slow vehicle
• Motorbike
19
PKI and Certificates
certificate
Alice
[
]
1. Verify certificate
Certificate Authority (CA)
• Trustworthy entity: OEM,
government, etc.
2. Verify message
Bob
What is a certificate:
• A signed (by the CA) public key (of Alice or Bob)
• A certificate binds an identity (Alice) and/or a role (e.g. emergency
vehicle) to a public key
• Certificate(Alice)
= [Alice,
, SigCA(Alice,
)
20
PKI Design Approach
TVRA
Countermeasures
Design input
being gathered
Stakeholder
Limitations and
Interests
Security Services
PKI Requirements
PKI Design
21
Enrolment Authority: Example
European
Enrolment
Authority CA
OEM
Production Line
1. Request
2. Enrolment
Credential
22
Sub-CA
Euro A National
Enrolment Authority
Euro B National
Enrolment Authority
CLOSING AND THANKS
And some acknowledgments
23
Acknowledgements
Members of ETSI TC ITS WG5 and ISO TC204
WG16.7
• Including the members of ETSI STF397 and STF408
FP7 project i-TOUR
• The chair is supported in part by the i-TOUR
project funded from European Community’s
Seventh Framework Programme (FP7/2007-2013)
under the Grant Agreement number 234239.
24
BACK UP SLIDES (PKI OPTIONS)
If really really needed and if time is available
25
Enrolment Authority: Example
European
Enrolment
Authority CA
Can this level be omitted?
Sub-CA
Euro A National
Enrolment Authority
OEM
Production Line
1. Request
2. Enrolment
Credential
26
Euro B National
Enrolment Authority
Sub-CA
OEM 1 Enrolment
Authority
OEM 2 Enrolment
Authority
Safety Ticket Authority: Examples
1
European Safety Ticket
Authority CA
2
European Safety Ticket
Authority CA
Sub-CA
Euro A National
Safety Ticket
Authority
27
Euro B National
Safety Ticket
Authority
Commercial and Information Ticket
Authority: Example
Could include
another countrylevel CA
European Commercial and
Information Ticket Authority
Sub-CA
OEM 1 Ticket
Authority
Sub-CA
Tier 1 Ticket
Authority
28
Euro A Ticket
Authority
Root authority certifies
provider authorities (need
to satisfy minimum
requirements).
Then basically any
structure is allowed
• OEMs offering
services
• 3rd party service
providers
• Government agencies
• etc.