• No results found

Securing Wireless Access for Vehicular Environments (WAVE)

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Securing Wireless Access for Vehicular Environments (WAVE)"

Copied!
25
0
0

Loading.... (view fulltext now)

Download now ( 25 Page )

Full text

(1)

Securing Wireless Access for Vehicular Environments

(WAVE)

May 7, 2009

CTST, New Orleans

Tim Weil – CISSP/CISA

Security Architect – ITS Engineering

Booz Allen Hamilton

(2)

The concept of VII started upon the basic premise of facilitating communication

between vehicles and road side infrastructure.

(3)
(4)
(5)

IEEE 1609.2: WAVE Security Services for Applications and Management Messages

– Defines 5.9 GHz DSRC Security

Anonymity, Authenticity and Confidentiality

IEEE 1609.3: WAVE Networking Services

– Provides description and management of the DSRC Protocol Stack

– Application interfaces, Network configuration management

– WAVE Short Message (WSM) transmission and reception

IEEE 1609.4: WAVE Multi-Channel Operation

– Provides DSRC frequency band coordination and management

IEEE 802.11p: Wireless LAN Medium Access Control (MAC) and physical layer Wireless Access for Vehicular Environments (WAVE) Standards

(6)
(7)

Identity and Access Management for ITS Device and Individual System Access

ITS Entity Management

– Processes and technologies that manage the lifecycle of the OBE’s and RSE’s credentials as well as system users

Credentialing

– Creation, revocation, and reconciliation of credentials for OBE’s, RSE’s, as well as individuals

Authentication

– Verification /validation of OBE’s, RSE’s and system users

Authorization

– Validation of an OBE’s access rights to the network and value added services

Storage

– Where required, protection of the identifiable information attributes

(8)

Introduction

ITS Use Cases Services and Applications

Traveler Information

– Travel Times, Incident Alerts,

– Road Closures, Work Zones

In Vehicle Signage

– Local Signage (School Zones, Stop Signs)

– Highway Next Exit Services

Navigation

– Off Board Navigation

– Reroute Information

Traffic Management

– Ramp Metering

– Signal Timing Optimization

– Corridor Management Planning Assistance

– Corridor Management Load Balancing

– Pothole Maintenance

Weather Information

– Traveler Notification (Icy Bridge Warning)

– Improved Weather Observing

– Winter Maintenance

Safety

– Emergency Electronic Brake Light

– Traffic Signal Violation Warning

– Stop Sign Violation Warning

– Curve Speed Warning

Electronic Payment

– Parking

– Toll Roads

(9)

Introduction

USDOT ITS National Architecture

(10)

WAVE Architecture Integration

Component Services (1609.2/1609.3)

WAVE

Provisioning

(WMIE, WSA)

ITS Service

Provisioning

Network

Services

Identity

Management

Configuration

Management

Public Key

Infrastructure

Protocol

Enhancements

WAVE

Monitoring

(11)
(12)
(13)

ITS Identity Management (PSID Creation) – 1 of 2

PSID Definition is WAVE(1609.3) Configurable data element

published in the RSE Identity Certificate

(14)

ITS Identity Management (PSID Creation) – 2 of 2

The RSE Certificate Manager provides management of the certificates within an RSE required to secure the communications of Identifying applications over the WAVE radio access network. The RSE Certificate Manager communicates with the Certificate Authority to acquire and replace certificates and to process certificate revocations .

A Certificate Signing Request (CSR) is used to request RSE Identity Certificates

(15)

Public Key Infrastructure - Certificate Authority Architecture

Transaction Service Provider – , Network Users that send and receive information to or from other Network Users, Vehicles or Public Service Vehicles using facilities provided by the ITS System. Example: State DOT Transportation Traffic Management Center.

(16)
(17)

IEEE P1609.11 - Standard for WAVE - Over-the-Air Data Exchange Protocol for ITS Interoperability –Electronic Payment Services (Proposed for 2010)

SCOPE

9 This standard defines a basic level of technical interoperability for electronic payment equipment, i.e. onboard unit (OBU) and roadside equipment (RSE) using DSRC.

9 It does not provide a full solution for interoperability, and it does not define other parts of the electronic payment-system, other services, other technologies and non-technical elements of interoperability.

9 This standard is not intended to define technology and processes to activate and store data into the OBU (“personalization”)

(18)

Thank you for joining us!

(19)
(20)

1609/WAVE WSA WSIE Frame Formats and 1609.2 Summary

(21)

WAVE Networking Services – WAVE Service Information Element

Services offered to user (OBU) applications are announced on the air interface via a WSIE inside a WAVE announcement frame

(22)

WAVE Networking Services – WAVE Service Advertisement

(23)

1609.2 Security Functions

IEEE Draft Std 1609.2-2006 was issued July 6, 2006

It contains formats for secured messages

– Signed and encrypted

– Elliptic curve cryptography (bandwidth)

It contains mechanisms for identified authentication

– Custom cert format

It contains certificate issue and expiry mechanisms

It does not contain:

– Anonymous authentication mechanisms

– Secure session protocols optimized for DSRC/WAVE setting (though note that standard internet secure protocols may be appropriate)

– Any discussion of platform certification

Note: The 1609 stack mandates 1609.2 security for WSAs. For all other applications, using 1609.2 security is optional.

(24)

ITS project: Security

Implemented:

– 1609.2 in software security libraries

ƒ Including some modifications to encrypted messages

– ECC accelerator (250 verifications / sec with 256-bit keys)

– Prototype secure session protocols

– CA and protocol to communicate with it

– Anonymous authentication mechanism

Research projects on:

– Anonymous authentication

ƒ Detailed analysis of one particular mechanism for over-the-air anonymous authentication

ƒ Implemented this mechanism in the security libraries

(25)

1609.2/ITS Security Overhead

Increase in bandwidth

– ~ 200 bytes for a signed message with one certificate

ƒ If cert is known to receiver reduce overhead to ~ 90 bytes.

– ~ 150 bytes for an encrypted message with one recipient

Computationally intensive

– Software: 100 verifications / sec on 400 MHz PC

– 5-ms latency requirement requires hardware acceleration

ƒ No COTS ECC hardware currently available for this throughput

– First signed message received from a given cert requires two verifications

Infrastructure requirements

– Issue certs and CRLs

ƒ When app is installed / when vehicle is fitted out / when OBE is built

– Accurate local time and position (also a requirement for the whole ITS project)

Conclusions:

– Bandwidth is acceptable

References

Download now ( PDF - 25 Page - 5.89 MB )

Related documents

xseries 225 Type 8649

You can receive hardware service through IBM Integrated Technology Services or through your IBM reseller, if your reseller is authorized by IBM to provide warranty service. Go

A review of the current automotive manufacturing practice from an energy perspective.

• Energy e fficiency strategies for HVAC involve the use of a higher- efficiency electric chiller, solar energy for heating, recovered cooling water from other sources (beneficial

Analysis of business opportunities for car-related shared mobility services

Nowadays, users of carsharing, ridesharing, and singular and shared ride-hailing services often need to be customers of more than one service to cover all their transport

GenomicInteractions: An R/Bioconductor package for manipulating and investigating chromatin interaction data

Results and conclusion: We have developed GenomicInteractions, a freely available R/Bioconductor package designed for processing, analysis and visualisation of data generated

Variational iteration method for solving multispecies Lotka–Volterra equations

Konuralp, The use of variational iteration method, differential transform method and Adomian decomposition method for solving different types of nonlinear partial

Employment and Labour Bulletin. Medical Marijuana in the Workplace: Risks for Employers. 1. Introduction

Despite developing clear and transparent policies regarding the use of medical marijuana in the workplace, employers often wish to subject employees to drug testing to

Experiment 2 Wave Shaping Circuits

On the space provided at the data and results section sketch both input and output waveforms showing the positive and the negative peak values for both.. Slowly increase

Machinery’s handbook 28 edition

The CD contains additional material that is not included in the toolbox or large print edi- tions, including an extensive index of materials and standards referenced in the