Upload
addo
View
36
Download
0
Tags:
Embed Size (px)
DESCRIPTION
Security and Privacy in an Online Vehicle Infrastructure Erhan J. Kartaltepe, MCPD Lead Consultant, Denim Group Ltd. July 23 th , 2008. Overview. Intelligent Transportation Systems: A Primer Vehicle Infrastructure Communication Standards Embedded Commercial Fleet Vehicle Technology - PowerPoint PPT Presentation
Citation preview
Security and Privacy in an Online Vehicle InfrastructureErhan J. Kartaltepe, MCPD
Lead Consultant, Denim Group Ltd.
July 23th, 2008
2
Overview• Intelligent Transportation Systems: A Primer
• Vehicle Infrastructure Communication Standards
• Embedded Commercial Fleet Vehicle Technology
• Vehicle Infrastructure Initiative
• Challenges and Security Primitives
• Conclusions
3
Overview
• Intelligent Transportation Systems: A Primer
• Vehicle Infrastructure Communication Standards
• Embedded Commercial Fleet Vehicle Technology
• Vehicle Infrastructure Initiative
• Challenges and Security Primitives
• Conclusions
4
Intelligent Transportation Systems (ITS)
• ITS add information and communications technology to
– transportation infrastructure
– Individual and fleet vehicles
– traffic management centers (TMC)
• The Federal Highway Authority
– wanted ITS deployments in 75 major cities
– wanted them in 10 years (from January 2000)
– got what they wanted (over 100 “major” cities so far)
5
What are ITS Systems?
• To a civil engineer
• To an electrical engineer
• To a software engineer
6
ITS Hardware Components
• Sensors
– cameras (CCTV and VIVDS)
– inductor loops
– RFID antennas and tags
• Computing and Output Displays
– traffic lights
– dynamic message signs (DMS)
– servers, PCs, and laptops
7
ITS Software Components
• Software Applications Used by the Public– travel times– flow management– passive (informational) mapping
• Software Applications Used by the TMCs– incident management– data archiving– active (controller) mapping
• Plenty More on Both Sides
8
Overview• Intelligent Transportation Systems: A Primer
• Vehicle Infrastructure Communication Standards
• Embedded Commercial Fleet Vehicle Technology
• Vehicle Infrastructure Initiative
• Challenges and Security Primitives
• Conclusions
9
Software Standards
• Communication between systems are generally proprietary
• Some standards exist under NTCIP (National Transportation Communications for ITS Protocol)
– DMS sign communication
– CCTV camera high-level control
– C2C applications
• Many NTCIP protocols use XML and HTTP-like communication
10
NTCIP Protocols• National Transportation Communications for ITS Protocol (NTCIP)
– Comprised of working groups to standardize protocols
– Both hardware and software protocols
– Working body for message format and markup
• Standardization
– Goal of NTCIP working groups is to get work ratified
– Protocols tend to be request or request-response
– Messages use simple proprietary markups
• Now tend to use XML
11
Example—Multi Message Format• [128][30][2][TRAVEL TIME TO][LF][CULEBRA RD]
[LF][5-7 MINUTES][EL]
• Not self-describing
• Request-only protocol
• No security built into the schema
12
Multi Message Format Hardware Attack• [1][30][2][LEFT LANE CLOSED][LF][NEXT TWO MILES]
[LF][CHANGE LANES][EL]
• Attack only works per sign
• Physical access control limits value of attack
• Proprietary manufacturer’s hardware prevents “scalability”
13
Multi Message Format Software Attack• <xml><token>A39F7ED2</token><message><mfr>Gideon
</mfr><dms>[1][30][2][LEFT LANE CLOSED][LF][NEXT
TWO MILES][LF][CHANGE LANES][EL]</dms></mfr>
</message></xml>
• Application layer generally builds in security
— authentication — authorization — encryption
• Attacks scale to a facility, city, or (soon) a state
• Is the attack too “expensive” to be worth it?
14
More than Just Informational Systems• Passive Informational Mapping
– traffic data
– lane closures
– weather sensor information
• Active Control
– TMS Map and main GUI
– CCTV Camera control
– DMS and LCS control
– Police/EMS deployment
15
Overview• Intelligent Transportation Systems: A Primer
• Vehicle Infrastructure Communication Standards
• Embedded Commercial Fleet Vehicle Technology
• Vehicle Infrastructure Initiative
• Challenges and Security Primitives
• Conclusions
16
Embedded Technology
• Currently, ITS is mainly infrastructure-driven– CCTV cameras deployed on road– DMS and LCS over highways– inductor loops in ground– TMC centers as centralized hub
• Move ITS to be vehicle-driven– vehicle as mobile all-in-one sensor– cell phone or in-vehicle-navigation system as TMC– wireless communication to transmit data for analysis
17
Locational Technologies• Automated Vehicle Location systems
– geopositional systems (GPS)– inertia navigation systems (INS)– cell-phone positioning systems
• Convergent technologies in use today– Smart parking (Japan, San Francisco)– City transit and school buses– Police department and EMS vehicles– FedEx and UPS
18
Probe Data Platform• Probe data standards
– SAE J1939 (heavy-duty vehicles)
– SAE J1979 (“regular” vehicles)
• (a) Probe data is carried on CANbus• (b) An onboard unit extracts and send probe/GPS data to a roadside unit• (c) Roadside unit packages all messages to an ITS message for TMC• (d) TMC accepts the data from roadside units for processing• (e) Other applications compute relevant information for end user
— mapping — travel times — data archiving — env. systems• (f) Users get updates on internal screen display
19
Probe Data Platform Deployments• Integrated heavy-duty vehicle probe data into Texas Department of
Transportation fleet vehicles
• Incorporated the system into commercial fleet management for sparse system deployments (truck stops) in Texas
• Applied automated vehicle location technology for municipal heavy-duty vehicles in Florida
• More advanced and expensive technologies and routing algorithms in use– shipping companies– large department stores– police and emergency vehicles
20
Overview• Intelligent Transportation Systems: A Primer
• Vehicle Infrastructure Communication Standards
• Embedded Commercial Fleet Vehicle Technology
• Vehicle Infrastructure Initiative
• Challenges and Security Primitives
• Conclusions
21
Vehicle Infrastructure Integration• Federal Highway Administration (FHWA) Initiative
– fostering software and engineering research
– applications research and development
• Directly links road vehicles to their physical surroundings
– improve safety and efficiency
– Vehicle-to-infrastructure (V2I) communication
– later, vehicle-to-vehicle (V2V) communication
22
Why VII?• Safety
– On US highways (2006):• Nearly 43,000 fatalities, 3 million injuries• Over $230 billion cost to society
• Efficiency– Traffic jams waste time and fuel– In 2007, American drivers lost over four billion hours and six billion
gallons of fuel due to heavy traffic congestion
• Profit– Safety features and high-tech devices have become product
differentiators
23
Illustrated Deployment Example• Inexpensive to deploy and more accurate
• Security and privacy issues abound
• What are the consequences of opting out?
RSU
TMC
24
Security as an Afterthought
• Ubiquity and utility of V2I communication make them targets for attack
• Attacks may have deadly consequences
• VII working group
– Over one hundred VII applications
– Zero for security
25
Overview• Intelligent Transportation Systems: A Primer
• Vehicle Infrastructure Communication Standards
• Embedded Commercial Fleet Vehicle Technology
• Vehicle Infrastructure Initiative
• Challenges and Security Primitives
• Conclusions
26
Adversaries
• Greedy drivers
• Snoops
• Pranksters
• Industrial insiders
• Malicious attackers
27
Known Attacks in a New Environment
• Distributed Denial of Service (DDoS)– Attempts to overwhelm network– Dangerous if users rely on the service
• Message Suppression Attacks– Drop congestion alerts
• Fabrication– Lie about congestion ahead or lie about identity
• Alteration Attacks– Replay transmissions to simulate congestion
28
Authentication and Privacy Challenges
• Each vehicle should only have one identity
– Prevents spoofed congestion or platoon rerouting
– Allows use of external mechanisms for emergency vehicles
• Drivers value their privacy
– Legal requirements vary from country to country
– …and from state to state
– …and from city to city
29
Availability and Key Distro Challenges
• Applications will require real-time responses
– Increases vulnerability to DDoS
– Unreliable communication medium, like the “old days”
• Key distribution: Manufacturers or Government
– Manufacturers requires cooperation, interoperability, user’s trust
– Government: Handled at the state level; also requires cooperation
and interoperability
30
Bootstrap and Resiliency Challenges
• Initially, only a small number of vehicles will have access
– Limited support deployment of infrastructure
• Low tolerance for errors implies strong need for resiliency
– With so many cars, even if the application works 99.99999% of the time,
it likely will fail on a car in motion
– Life-and-death applications must be resilient to this
– Focus on prevention, rather than detection and recovery
– Safety-related apps may not have margin for driver reaction time
31
Secure Message Origin
• Prevents attacks– Attackers on road cannot spoof vehicles– Attackers cannot modify messages to simulate congestion
• Alternately, use entanglement– Each vehicle broadcasts its ID and which vehicles it has passed– Establishes relative ordering– Evaluates report consistency using aggregation
32
Anonymization Service
• May only need to deliver content to any vehicle, rather than a specific one– Authenticate to anonymization service with permanent ID– Anonymization service can issue a temporary ID
• Example environments: toll roads, border facilities– Controlled entrance and exit points– All IDs are issued temporarily by the same authorit
33
Other Security Primitives
• Secure Aggregation– Count vehicles to report congestion– Disregard outliers
• Key Establishment– Session keys for vehicle platooning– Session keys for automatic cruise control
• Message Authentication and Expiration– Prevent replay attacks– Prevent Sybil attacks
34
Overview• Intelligent Transportation Systems: A Primer
• Vehicle Infrastructure Communication Standards
• Embedded Commercial Fleet Vehicle Technology
• Vehicle Infrastructure Initiative
• Challenges and Security Primitives
• Conclusions
35
Conclusions• ITS systems add information and communications technology to
transportation infrastructure, individual and fleet vehicles, and TMCs
• ITS systems are distributed in nature, with internal and public-facing access points, and as demand grows, so does the attack surface area
• ITS and online vehicle infrastructure have security/privacy vulnerabilities
• Weaknesses in common with other web services and apps
• Unique weaknesses related to vehicular networks
• Potentially fatal losses due to insecure applications
36
Conclusions• Vehicle networks exist today and are moving from
– Fleet vehicles using proprietary and custom units
– Individuals’ vehicles using inexpensive, mass-produced on-board units
• Adversaries and attacks are rampant
— authentication — authorization — privacy
— availability — key management —initialization
• Security primitives exist and when applied can prevent attacks
– VII working group does not build security into standards
– Building security in early will prevent serious and possibly fatal attacks
37
Questions?