Embed Size (px)
Citation preview
Cyber Security in the V2X Communications
Gunwant Dhadyalla
WMG (WP5 lead) Horiba MIRA Ltd Siemens PLC Visteon Engineering Services Ltd Highways England Ltd
Vodafone Group Services Ltd Huawei Technologies (UK) Co Ltd Coventry City Council Jaguar Land Rover Ltd Coventry University
UK CITE Partners
T5.1 – State-of-the-Art in V2X communications for ITS T5.2 – Threat Analysis and Risk Assessment T5.3 – CS architecture design T5.5 – Implementation of the CS architecture T5.6 – Determine the efficacy of the implemented CS measures T5.7 – Best practice guidelines for implementing CS for ITS
WP5: Cyber Security Assessment of DSRC and LTE-V (WMG lead, Siemens, MIRA, Vodafone, Huawei, JLR, Visteon)
UK CITE - Project Summary
Typical site
Overview of Process Followed at WMG
Use Cases
Relevant Threats
from Threat Model
WMG State-of-the-art
Experiment Capability 6 UKCITE
Applications 27 UKCITE Use Cases
Draft v0.4 (31 March 2017)
The threat analysis and risk assessment informs the security architecture (5.3) and security testing (5.6) tasks and
should be revisited throughout the project as security controls become implemented and tested
Threat identification and risk assessment (without controls)
Residual risk assessment (with planned controls)
Key findings
Privacy risk of location tracking due to message content being intercepted
Loss of availability due to jamming or physical sabotage
Message interception over LTE-V
Physical sabotage of RSU/LTE macro cell
T5.2 – Perform Threat Analysis and Risk Assessment and develop formal threat models including identification of the threat actors, attack vectors, motivations, known exploits to the subsystems.
T5.3 & T5.5 – Define the cyber secure architecture based on the best practices identified during Task 5.1. and 5.2
Overview of Process Followed at WMG
ITS Threats ITS Attacks
Confidentiality
and Privacy
52
Integrity and
data trust
56, 95, 98
Availability 1, 2, 3, 4, 5, 6, 7, 8, 9, 10a, 10b, 49, 53, 54
Authenticity 50, 51, 55
General
Threats
94
# - low; # - moderate; # - significant; # - major
Use Case Thumbnail V2V DSRC EEBL DENM OBU2OBU
Use Case Description The On Board Unit (OBU) (DSRC) based on the vehicle data, generates and broadcasts an
EEBL DENM when a hard braking event occurs. Any other on board unit receives the
message, assesses whether it is relevant (as defined by each OEMs system), and sends that
message to the receiving Vehicle System.
Pre-conditions TBC during test definition
Post-conditions TBC during test definition
Actor-Goal Table Originating Vehicle’s Driver
Originating Vehicle’s OBU
Originating Vehicle System
Receiving Vehicle(s)’ OBU(s)
Receiving Vehicle(s)’ Vehicle System
Receiving Vehicle(s)’ HMI(s)
Communications Channel(s)
Threat Actor(s)
Use Case
Relationships
Included by V2V EEBL DENM (ETSI UC005)
Use Case Text Main flow within the use case:
1.0 <Originating Vehicle’s Driver presses hard on the brake pedal to cause a deceleration
greater than 4m/s2>
2.0 <Originating Vehicle System generates a hard braking event>
3.0 <Originating Vehicle’s OBU generates an EEBL DENM message>
4.0 <Receiving Vehicle(s)’ OBU(s) receive(s) the EEBL DENM message(s)>
5.0 <Receiving Vehicle(s)’ OBU(s) assess(es) the EEBL DENM message(s) for relevance>
6.0 < Receiving Vehicle(s)’ OBU send(s) the message, if relevant, to its/their HMI>
Alternative Flow
Exceptions
Constraints Maximum latency time between EEBL trigger (in step 2.0) to triggering an appropriate
response, via the HMI, in receiving vehicles (in step 6.0) is 100 ms.
User Interface
Specifications
Metrics
Priority
Existing Highways
England Control Systems
NRTS Cellular
Siemens Stratos (In-Station)
Roadside InfrastructureLTE-V unit
Internet
Roadside InfrastructureDSRC unit
(NRTS)
Configuration & management
PKI
Security ServicesITS Message
System
HE Secure Gateway
2. OBU generates EEBL DENM and
broadcasts
1. Braking detected
6. Storage and processing
6. Reporting
5. Local storage and processing
Electronic Emergency
Brake LightsV2v / V2I: UC1
2. OBU Generates EEBL DENM and
broadcasts - DSRC
4. EEBL LTE-V Message broadcasted
4. Local storage and processing
5. All DENMs Reported
0. Vehicle brakes >4m/s
3. RSU repeats
EEBL DENM to vehicles
in AoR EEBL DSRC
DENM received by vehicle OBU
7. Stratos generated EEBL
a. Vehicle system receives message from
OBU
Threats Mapped Into
Extended Template
WMG Standard Template Threats Grouped for Test Planning
Application class Application # ETSI Use case UK CITE Active road safety Driving assistance -
Co-operative Awareness (CA) UC001 Emergency vehicle warning ® UC002 EVW
UC002 Slow vehicle indication UC003 Intersection collision warning UC004 Motorcycle approaching indication
Driving assistance - Road Hazard Warning (RHW)
UC005 Emergency electronic brake lights ® UC001 EEBL
UC006 Wrong way driving warning UC007 Stationary vehicle - accident UC008 Stationary vehicle - vehicle problem
UC009 Traffic condition warning ® UC003 TCW
UC010 Signal violation warning
UC011 Roadwork warning ® UC004 RwW
UC012 Collision risk warning
UC013 Decentralized floating car data - Hazardous location
UC014 Decentralized floating car data - Precipitations
UC015 Decentralized floating car data - Road adhesion ® UC005 FVD
UC016 Decentralized floating car data - Visibility UC017 Decentralized floating car data - Wind
Co-operative traffic efficiency
Speed Management (CSM) UC018 Regulatory/contextual speed limits notification UC019 Traffic light optimal speed advisory
Co-operative Navigation (CoNa) UC020 Traffic information and recommended itinerary UC021 Enhanced route guidance and navigation UC022 Limited access warning and detour notification
UC023 In-vehicle signage ® UC006 IVS
Co-operative local services
Location Based Services (LBS) UC024 Point of Interest notification
UC025 Automatic access control and parking management
UC026 ITS local electronic commerce UC027 Media downloading
Global internet services
Communities sServices (ComS) UC028 Insurance and financial services UC029 Fleet management UC030 Loading zone management
ITS station Life Cycle Management (LCM)
UC031 Vehicle software/data provisioning and update UC032 Vehicle and RSU data calibration
UK CITE Use Cases vs ETSI TS 102 637 v1.1.1 Basic Set of Applications
Test Groups and Types of Attacks
TG# Test group Attacks Importance
A Spoofing & Flooding
1 3 4 11 13 20 29 33 40 44 49 54 57 65 70 75 83 87 93 3 A1 GNSS A2 DSRC A3 LTE
B Tampering 2 8 10 10a 12 17 19 21 26 28 68 73 79 2
C Jamming
7 16 25 47 53 61
5 C1 GNSS C2 DSRC C3 LTE
D Interception 5 6 10b 14 23 24 30 34 38 41a 52 60 67 72 77 98 1
E
Software manipulation
9 15 18 22 27 31 32 35 36 37 39 41 42 43 46
4
E1 Comm
s
E2 Netwo
rk
F Man-in-the-Middle
45 50 58 66 71 76 9
F1 DSRC F2 LTE
G Replay & Sybil 48 51 55 59 61 8
H Network & LTE 56 63 64 74 78 96 7
I Malicious 69 80 81 82 84 85 86 88 89 94 97 6
J Other 90 91 92 95 10
Moderate Significant Major
ETSI Standard Performance Requirements
Minimum frequency of the CAM and DENM messages: 10 Hz.
Use Cases vs Test Groups
Completed In Progress Planned Not Completed Not ApplicableTest types: W1 – 3xD Simulator W2 – Desktop simulations W3 – Analysis M - MIRA
U
KC
ITE
Ap
plic
ati
on
s U
KC
ITE
Use
Ca
ses Test Groups
Interception Tampering Spoofing & Flooding Software manipulation Jamming Malicious LTE & Network Replay & Sybil Man-in-the-Middle Other
D B A1 - GNSS A2 - DSRC A3 - LTE E1 - Comms E2 - Net C1 - GNSS C2 - DSRC C3 - LTE I H G F1 - DSRC F2 - LTE J
EEB
L
UC1.1 M M W1 M N/A W1 M W1 W1 N/A W3 W3 W2 W3 N/A W3
UC1.2 M M W1 M N/A W1 M W1 W1 N/A W3 W3 W2 W3 N/A W3
UC1.3 M M W1 M N/A W1 M W1 W1 N/A W3 W3 W2 W3 N/A W3
UC1.4 M M W1 M W1 W1 M W1 W1 W1 W3 W3 W2 W3 W1 W3
UC1.5 M M W1 M W1 W1 M W1 W1 W1 W3 W3 W2 W3 W1 W3
UC1.6 M M W1 M W1 W1 M W1 W1 W1 W3 W3 W2 W3 W1 W3
EVW
UC2.1 M M W1 M N/A W1 M W1 W1 N/A W3 W3 W2 W3 N/A W3
UC2.2 M M W1 M N/A W1 M W1 W1 N/A W3 W3 W2 W3 N/A W3
UC2.3 M M W1 M N/A W1 M W1 W1 N/A W3 W3 W2 W3 N/A W3
UC2.4 M M W1 M W1 W1 M W1 W1 W1 W3 W3 W2 W3 W1 W3
UC2.5 M M W1 M W1 W1 M W1 W1 W1 W3 W3 W2 W3 W1 W3
UC2.6 M M W1 M W1 W1 M W1 W1 W1 W3 W3 W2 W3 W1 W3
TCW
UC3.1 M M W1 M N/A W1 M W1 W1 N/A W3 W3 W2 W3 N/A W3
UC3.2 M M W1 M N/A W1 M W1 W1 N/A W3 W3 W2 W3 N/A W3
UC3.3 M M W1 M N/A W1 M W1 W1 N/A W3 W3 W2 W3 N/A W3
UC3.4 M M W1 M W1 W1 M W1 W1 W1 W3 W3 W2 W3 W1 W3
UC3.5 M M W1 M W1 W1 M W1 W1 W1 W3 W3 W2 W3 W1 W3
UC3.6 M M W1 M W1 W1 M W1 W1 W1 W3 W3 W2 W3 W1 W3
Rw
W
UC4.1 M M W1 M N/A W1 M W1 W1 N/A W3 W3 W2 W3 N/A W3
UC4.2 M M W1 M N/A W1 M W1 W1 N/A W3 W3 W2 W3 N/A W3
UC4.3 M M W1 M N/A W1 M W1 W1 N/A W3 W3 W2 W3 N/A W3
FVD
UC5.1 M M W1 M W1 W1 M W1 W1 W1 W3 W3 W2 W3 W1 W3
UC5.2 M M W1 M N/A W1 M W1 W1 N/A W3 W3 W2 W3 N/A W3
UC5.3 M M W1 M N/A W1 M W1 W1 N/A W3 W3 W2 W3 N/A W3
UC5.4 M M W1 M W1 W1 M W1 W1 W1 W3 W3 W2 W3 W1 W3
IVS UC6.1 M M W1 M N/A W1 M W1 W1 N/A W3 W3 W2 W3 N/A W3
UC6.2 M M W1 N/A W1 W1 M W1 N/A W1 W3 W3 W2 N/A W1 W3
Test group C1 example: Jammers considered; GNSS frequency spectrum
