1 / 37

Overview

Security and Privacy in an Online Vehicle Infrastructure Erhan J. Kartaltepe, MCPD Lead Consultant, Denim Group Ltd. July 23 th , 2008. Overview. Intelligent Transportation Systems: A Primer Vehicle Infrastructure Communication Standards Embedded Commercial Fleet Vehicle Technology

addo
Download Presentation

Overview

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security and Privacy in an Online Vehicle InfrastructureErhan J. Kartaltepe, MCPDLead Consultant, Denim Group Ltd.July 23th, 2008

  2. Overview • Intelligent Transportation Systems: A Primer • Vehicle Infrastructure Communication Standards • Embedded Commercial Fleet Vehicle Technology • Vehicle Infrastructure Initiative • Challenges and Security Primitives • Conclusions

  3. Overview • Intelligent Transportation Systems: A Primer • Vehicle Infrastructure Communication Standards • Embedded Commercial Fleet Vehicle Technology • Vehicle Infrastructure Initiative • Challenges and Security Primitives • Conclusions

  4. Intelligent Transportation Systems (ITS) • ITS add information and communications technology to • transportation infrastructure • Individual and fleet vehicles • traffic management centers (TMC) • The Federal Highway Authority • wanted ITS deployments in 75 major cities • wanted them in 10 years (from January 2000) • got what they wanted (over 100 “major” cities so far)

  5. What are ITS Systems? • To a civil engineer • To an electrical engineer • To a software engineer

  6. ITS Hardware Components • Sensors • cameras (CCTV and VIVDS) • inductor loops • RFID antennas and tags • Computing and Output Displays • traffic lights • dynamic message signs (DMS) • servers, PCs, and laptops

  7. ITS Software Components • Software Applications Used by the Public • travel times • flow management • passive (informational) mapping • Software Applications Used by the TMCs • incident management • data archiving • active (controller) mapping • Plenty More on Both Sides

  8. Overview • Intelligent Transportation Systems: A Primer • Vehicle Infrastructure Communication Standards • Embedded Commercial Fleet Vehicle Technology • Vehicle Infrastructure Initiative • Challenges and Security Primitives • Conclusions

  9. Software Standards • Communication between systems are generally proprietary • Some standards exist under NTCIP (National Transportation Communications for ITS Protocol) • DMS sign communication • CCTV camera high-level control • C2C applications • Many NTCIP protocols use XML and HTTP-like communication

  10. NTCIP Protocols • National Transportation Communications for ITS Protocol (NTCIP) • Comprised of working groups to standardize protocols • Both hardware and software protocols • Working body for message format and markup • Standardization • Goal of NTCIP working groups is to get work ratified • Protocols tend to be request or request-response • Messages use simple proprietary markups • Now tend to use XML

  11. Example—Multi Message Format • [128][30][2][TRAVEL TIME TO][LF][CULEBRA RD] [LF][5-7 MINUTES][EL] • Not self-describing • Request-only protocol • No security built into the schema

  12. Multi Message Format Hardware Attack • [1][30][2][LEFT LANE CLOSED][LF][NEXT TWO MILES] [LF][CHANGE LANES][EL] • Attack only works per sign • Physical access control limits value of attack • Proprietary manufacturer’s hardware prevents “scalability”

  13. Multi Message Format Software Attack • <xml><token>A39F7ED2</token><message><mfr>Gideon </mfr><dms>[1][30][2][LEFT LANE CLOSED][LF][NEXT TWO MILES][LF][CHANGE LANES][EL]</dms></mfr> </message></xml> • Application layer generally builds in security — authentication — authorization — encryption • Attacks scale to a facility, city, or (soon) a state • Is the attack too “expensive” to be worth it?

  14. More than Just Informational Systems • Passive Informational Mapping • traffic data • lane closures • weather sensor information • Active Control • TMS Map and main GUI • CCTV Camera control • DMS and LCS control • Police/EMS deployment

  15. Overview • Intelligent Transportation Systems: A Primer • Vehicle Infrastructure Communication Standards • Embedded Commercial Fleet Vehicle Technology • Vehicle Infrastructure Initiative • Challenges and Security Primitives • Conclusions

  16. Embedded Technology • Currently, ITS is mainly infrastructure-driven • CCTV cameras deployed on road • DMS and LCS over highways • inductor loops in ground • TMC centers as centralized hub • Move ITS to be vehicle-driven • vehicle as mobile all-in-one sensor • cell phone or in-vehicle-navigation system as TMC • wireless communication to transmit data for analysis

  17. Locational Technologies • Automated Vehicle Location systems • geopositional systems (GPS) • inertia navigation systems (INS) • cell-phone positioning systems • Convergent technologies in use today • Smart parking (Japan, San Francisco) • City transit and school buses • Police department and EMS vehicles • FedEx and UPS

  18. Probe Data Platform • Probe data standards • SAE J1939 (heavy-duty vehicles) • SAE J1979 (“regular” vehicles) • (a) Probe data is carried on CANbus • (b) An onboard unit extracts and send probe/GPS data to a roadside unit • (c) Roadside unit packages all messages to an ITS message for TMC • (d) TMC accepts the data from roadside units for processing • (e) Other applications compute relevant information for end user — mapping — travel times — data archiving — env. systems • (f) Users get updates on internal screen display

  19. Probe Data Platform Deployments • Integrated heavy-duty vehicle probe data into Texas Department of Transportation fleet vehicles • Incorporated the system into commercial fleet management for sparse system deployments (truck stops) in Texas • Applied automated vehicle location technology for municipal heavy-duty vehicles in Florida • More advanced and expensive technologies and routing algorithms in use • shipping companies • large department stores • police and emergency vehicles

  20. Overview • Intelligent Transportation Systems: A Primer • Vehicle Infrastructure Communication Standards • Embedded Commercial Fleet Vehicle Technology • Vehicle Infrastructure Initiative • Challenges and Security Primitives • Conclusions

  21. Vehicle Infrastructure Integration • Federal Highway Administration (FHWA) Initiative • fostering software and engineering research • applications research and development • Directly links road vehicles to their physical surroundings • improve safety and efficiency • Vehicle-to-infrastructure (V2I) communication • later, vehicle-to-vehicle (V2V) communication

  22. Why VII? • Safety • On US highways (2006): • Nearly 43,000 fatalities, 3 million injuries • Over $230 billion cost to society • Efficiency • Traffic jams waste time and fuel • In 2007, American drivers lost over four billion hours and six billion gallons of fuel due to heavy traffic congestion • Profit • Safety features and high-tech devices have become product differentiators

  23. Illustrated Deployment Example • Inexpensive to deploy and more accurate • Security and privacy issues abound • What are the consequences of opting out?

  24. Security as an Afterthought • Ubiquity and utility of V2I communication make them targets for attack • Attacks may have deadly consequences • VII working group • Over one hundred VII applications • Zero for security

  25. Overview • Intelligent Transportation Systems: A Primer • Vehicle Infrastructure Communication Standards • Embedded Commercial Fleet Vehicle Technology • Vehicle Infrastructure Initiative • Challenges and Security Primitives • Conclusions

  26. Adversaries • Greedy drivers • Snoops • Pranksters • Industrial insiders • Malicious attackers

  27. Known Attacks in a New Environment • Distributed Denial of Service (DDoS) • Attempts to overwhelm network • Dangerous if users rely on the service • Message Suppression Attacks • Drop congestion alerts • Fabrication • Lie about congestion ahead or lie about identity • Alteration Attacks • Replay transmissions to simulate congestion

  28. Authentication and Privacy Challenges • Each vehicle should only have one identity • Prevents spoofed congestion or platoon rerouting • Allows use of external mechanisms for emergency vehicles • Drivers value their privacy • Legal requirements vary from country to country • …and from state to state • …and from city to city

  29. Availability and Key Distro Challenges • Applications will require real-time responses • Increases vulnerability to DDoS • Unreliable communication medium, like the “old days” • Key distribution: Manufacturers or Government • Manufacturers requires cooperation, interoperability, user’s trust • Government: Handled at the state level; also requires cooperation and interoperability

  30. Bootstrap and Resiliency Challenges • Initially, only a small number of vehicles will have access • Limited support deployment of infrastructure • Low tolerance for errors implies strong need for resiliency • With so many cars, even if the application works 99.99999% of the time, it likely will fail on a car in motion • Life-and-death applications must be resilient to this • Focus on prevention, rather than detection and recovery • Safety-related apps may not have margin for driver reaction time

  31. Secure Message Origin • Prevents attacks • Attackers on road cannot spoof vehicles • Attackers cannot modify messages to simulate congestion • Alternately, use entanglement • Each vehicle broadcasts its ID and which vehicles it has passed • Establishes relative ordering • Evaluates report consistency using aggregation

  32. Anonymization Service • May only need to deliver content to any vehicle, rather than a specific one • Authenticate to anonymization service with permanent ID • Anonymization service can issue a temporary ID • Example environments: toll roads, border facilities • Controlled entrance and exit points • All IDs are issued temporarily by the same authorit

  33. Other Security Primitives • Secure Aggregation • Count vehicles to report congestion • Disregard outliers • Key Establishment • Session keys for vehicle platooning • Session keys for automatic cruise control • Message Authentication and Expiration • Prevent replay attacks • Prevent Sybil attacks

  34. Overview • Intelligent Transportation Systems: A Primer • Vehicle Infrastructure Communication Standards • Embedded Commercial Fleet Vehicle Technology • Vehicle Infrastructure Initiative • Challenges and Security Primitives • Conclusions

  35. Conclusions • ITS systems add information and communications technology to transportation infrastructure, individual and fleet vehicles, and TMCs • ITS systems are distributed in nature, with internal and public-facing access points, and as demand grows, so does the attack surface area • ITS and online vehicle infrastructure have security/privacy vulnerabilities • Weaknesses in common with other web services and apps • Unique weaknesses related to vehicular networks • Potentially fatal losses due to insecure applications

  36. Conclusions • Vehicle networks exist today and are moving from • Fleet vehicles using proprietary and custom units • Individuals’ vehicles using inexpensive, mass-produced on-board units • Adversaries and attacks are rampant — authentication — authorization — privacy — availability — key management —initialization • Security primitives exist and when applied can prevent attacks • VII working group does not build security into standards • Building security in early will prevent serious and possibly fatal attacks

  37. Questions?

More Related