Download
slide1 n.
Skip this Video
Loading SlideShow in 5 Seconds..
Overview PowerPoint Presentation

Overview

132 Vues Download Presentation
Télécharger la présentation

Overview

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Security and Privacy in an Online Vehicle InfrastructureErhan J. Kartaltepe, MCPDLead Consultant, Denim Group Ltd.July 23th, 2008

  2. Overview • Intelligent Transportation Systems: A Primer • Vehicle Infrastructure Communication Standards • Embedded Commercial Fleet Vehicle Technology • Vehicle Infrastructure Initiative • Challenges and Security Primitives • Conclusions

  3. Overview • Intelligent Transportation Systems: A Primer • Vehicle Infrastructure Communication Standards • Embedded Commercial Fleet Vehicle Technology • Vehicle Infrastructure Initiative • Challenges and Security Primitives • Conclusions

  4. Intelligent Transportation Systems (ITS) • ITS add information and communications technology to • transportation infrastructure • Individual and fleet vehicles • traffic management centers (TMC) • The Federal Highway Authority • wanted ITS deployments in 75 major cities • wanted them in 10 years (from January 2000) • got what they wanted (over 100 “major” cities so far)

  5. What are ITS Systems? • To a civil engineer • To an electrical engineer • To a software engineer

  6. ITS Hardware Components • Sensors • cameras (CCTV and VIVDS) • inductor loops • RFID antennas and tags • Computing and Output Displays • traffic lights • dynamic message signs (DMS) • servers, PCs, and laptops

  7. ITS Software Components • Software Applications Used by the Public • travel times • flow management • passive (informational) mapping • Software Applications Used by the TMCs • incident management • data archiving • active (controller) mapping • Plenty More on Both Sides

  8. Overview • Intelligent Transportation Systems: A Primer • Vehicle Infrastructure Communication Standards • Embedded Commercial Fleet Vehicle Technology • Vehicle Infrastructure Initiative • Challenges and Security Primitives • Conclusions

  9. Software Standards • Communication between systems are generally proprietary • Some standards exist under NTCIP (National Transportation Communications for ITS Protocol) • DMS sign communication • CCTV camera high-level control • C2C applications • Many NTCIP protocols use XML and HTTP-like communication

  10. NTCIP Protocols • National Transportation Communications for ITS Protocol (NTCIP) • Comprised of working groups to standardize protocols • Both hardware and software protocols • Working body for message format and markup • Standardization • Goal of NTCIP working groups is to get work ratified • Protocols tend to be request or request-response • Messages use simple proprietary markups • Now tend to use XML

  11. Example—Multi Message Format • [128][30][2][TRAVEL TIME TO][LF][CULEBRA RD] [LF][5-7 MINUTES][EL] • Not self-describing • Request-only protocol • No security built into the schema

  12. Multi Message Format Hardware Attack • [1][30][2][LEFT LANE CLOSED][LF][NEXT TWO MILES] [LF][CHANGE LANES][EL] • Attack only works per sign • Physical access control limits value of attack • Proprietary manufacturer’s hardware prevents “scalability”

  13. Multi Message Format Software Attack • <xml><token>A39F7ED2</token><message><mfr>Gideon </mfr><dms>[1][30][2][LEFT LANE CLOSED][LF][NEXT TWO MILES][LF][CHANGE LANES][EL]</dms></mfr> </message></xml> • Application layer generally builds in security — authentication — authorization — encryption • Attacks scale to a facility, city, or (soon) a state • Is the attack too “expensive” to be worth it?

  14. More than Just Informational Systems • Passive Informational Mapping • traffic data • lane closures • weather sensor information • Active Control • TMS Map and main GUI • CCTV Camera control • DMS and LCS control • Police/EMS deployment

  15. Overview • Intelligent Transportation Systems: A Primer • Vehicle Infrastructure Communication Standards • Embedded Commercial Fleet Vehicle Technology • Vehicle Infrastructure Initiative • Challenges and Security Primitives • Conclusions

  16. Embedded Technology • Currently, ITS is mainly infrastructure-driven • CCTV cameras deployed on road • DMS and LCS over highways • inductor loops in ground • TMC centers as centralized hub • Move ITS to be vehicle-driven • vehicle as mobile all-in-one sensor • cell phone or in-vehicle-navigation system as TMC • wireless communication to transmit data for analysis

  17. Locational Technologies • Automated Vehicle Location systems • geopositional systems (GPS) • inertia navigation systems (INS) • cell-phone positioning systems • Convergent technologies in use today • Smart parking (Japan, San Francisco) • City transit and school buses • Police department and EMS vehicles • FedEx and UPS

  18. Probe Data Platform • Probe data standards • SAE J1939 (heavy-duty vehicles) • SAE J1979 (“regular” vehicles) • (a) Probe data is carried on CANbus • (b) An onboard unit extracts and send probe/GPS data to a roadside unit • (c) Roadside unit packages all messages to an ITS message for TMC • (d) TMC accepts the data from roadside units for processing • (e) Other applications compute relevant information for end user — mapping — travel times — data archiving — env. systems • (f) Users get updates on internal screen display

  19. Probe Data Platform Deployments • Integrated heavy-duty vehicle probe data into Texas Department of Transportation fleet vehicles • Incorporated the system into commercial fleet management for sparse system deployments (truck stops) in Texas • Applied automated vehicle location technology for municipal heavy-duty vehicles in Florida • More advanced and expensive technologies and routing algorithms in use • shipping companies • large department stores • police and emergency vehicles

  20. Overview • Intelligent Transportation Systems: A Primer • Vehicle Infrastructure Communication Standards • Embedded Commercial Fleet Vehicle Technology • Vehicle Infrastructure Initiative • Challenges and Security Primitives • Conclusions

  21. Vehicle Infrastructure Integration • Federal Highway Administration (FHWA) Initiative • fostering software and engineering research • applications research and development • Directly links road vehicles to their physical surroundings • improve safety and efficiency • Vehicle-to-infrastructure (V2I) communication • later, vehicle-to-vehicle (V2V) communication

  22. Why VII? • Safety • On US highways (2006): • Nearly 43,000 fatalities, 3 million injuries • Over $230 billion cost to society • Efficiency • Traffic jams waste time and fuel • In 2007, American drivers lost over four billion hours and six billion gallons of fuel due to heavy traffic congestion • Profit • Safety features and high-tech devices have become product differentiators

  23. Illustrated Deployment Example • Inexpensive to deploy and more accurate • Security and privacy issues abound • What are the consequences of opting out?

  24. Security as an Afterthought • Ubiquity and utility of V2I communication make them targets for attack • Attacks may have deadly consequences • VII working group • Over one hundred VII applications • Zero for security

  25. Overview • Intelligent Transportation Systems: A Primer • Vehicle Infrastructure Communication Standards • Embedded Commercial Fleet Vehicle Technology • Vehicle Infrastructure Initiative • Challenges and Security Primitives • Conclusions

  26. Adversaries • Greedy drivers • Snoops • Pranksters • Industrial insiders • Malicious attackers

  27. Known Attacks in a New Environment • Distributed Denial of Service (DDoS) • Attempts to overwhelm network • Dangerous if users rely on the service • Message Suppression Attacks • Drop congestion alerts • Fabrication • Lie about congestion ahead or lie about identity • Alteration Attacks • Replay transmissions to simulate congestion

  28. Authentication and Privacy Challenges • Each vehicle should only have one identity • Prevents spoofed congestion or platoon rerouting • Allows use of external mechanisms for emergency vehicles • Drivers value their privacy • Legal requirements vary from country to country • …and from state to state • …and from city to city

  29. Availability and Key Distro Challenges • Applications will require real-time responses • Increases vulnerability to DDoS • Unreliable communication medium, like the “old days” • Key distribution: Manufacturers or Government • Manufacturers requires cooperation, interoperability, user’s trust • Government: Handled at the state level; also requires cooperation and interoperability

  30. Bootstrap and Resiliency Challenges • Initially, only a small number of vehicles will have access • Limited support deployment of infrastructure • Low tolerance for errors implies strong need for resiliency • With so many cars, even if the application works 99.99999% of the time, it likely will fail on a car in motion • Life-and-death applications must be resilient to this • Focus on prevention, rather than detection and recovery • Safety-related apps may not have margin for driver reaction time

  31. Secure Message Origin • Prevents attacks • Attackers on road cannot spoof vehicles • Attackers cannot modify messages to simulate congestion • Alternately, use entanglement • Each vehicle broadcasts its ID and which vehicles it has passed • Establishes relative ordering • Evaluates report consistency using aggregation

  32. Anonymization Service • May only need to deliver content to any vehicle, rather than a specific one • Authenticate to anonymization service with permanent ID • Anonymization service can issue a temporary ID • Example environments: toll roads, border facilities • Controlled entrance and exit points • All IDs are issued temporarily by the same authorit

  33. Other Security Primitives • Secure Aggregation • Count vehicles to report congestion • Disregard outliers • Key Establishment • Session keys for vehicle platooning • Session keys for automatic cruise control • Message Authentication and Expiration • Prevent replay attacks • Prevent Sybil attacks

  34. Overview • Intelligent Transportation Systems: A Primer • Vehicle Infrastructure Communication Standards • Embedded Commercial Fleet Vehicle Technology • Vehicle Infrastructure Initiative • Challenges and Security Primitives • Conclusions

  35. Conclusions • ITS systems add information and communications technology to transportation infrastructure, individual and fleet vehicles, and TMCs • ITS systems are distributed in nature, with internal and public-facing access points, and as demand grows, so does the attack surface area • ITS and online vehicle infrastructure have security/privacy vulnerabilities • Weaknesses in common with other web services and apps • Unique weaknesses related to vehicular networks • Potentially fatal losses due to insecure applications

  36. Conclusions • Vehicle networks exist today and are moving from • Fleet vehicles using proprietary and custom units • Individuals’ vehicles using inexpensive, mass-produced on-board units • Adversaries and attacks are rampant — authentication — authorization — privacy — availability — key management —initialization • Security primitives exist and when applied can prevent attacks • VII working group does not build security into standards • Building security in early will prevent serious and possibly fatal attacks

  37. Questions?