SlideShare ist ein Scribd-Unternehmen logo

Locking Down and Re-Using V2X Security - Lessons for Smart Cities

OnBoard Security, Inc. - a Qualcomm Company
OnBoard Security, Inc. - a Qualcomm Company

This presentation by OnBoard Security's Drew van Duren was given at the IEEE 4th World Forum on Internet of Things 05-08 February 2018 in Singapore. Topics covered include: – Connected Vehicle Architectures and Applications – IEEE 1609.2 V2X security stack and uses – Issues and Lessons Learned in U.S. CV Pilots – Potential Unmanned aircraft systems (Drones) applications – Re-tasking V2X security to other uses

Technologie
1 von 21
Downloaden Sie, um offline zu lesen
Locking Down and Re-Using V2X Security: Lessons for Smart Cities
Agenda § V2X Security and the U.S. Connected Vehicle Pilots – Connected Vehicle Architectures and Applications – IEEE 1609.2 V2X security stack and uses – Issues and Lessons Learned in U.S. CV Pilots § V2X Security: Tools for Smart Cities – Potential Unmanned aircraft systems (Drones) applications – Re-tasking V2X security to other uses 2JANUARY 31, 2018ONBOARD SECURITY
Connected Vehicle Architecture - Communications § CV “Applications” => What we want to ‘do’ § Architecture => Framework for doing it ’in’ – Connected Vehicle Implementation Architecture (CVRIA) – Entities, Views, Message Flows § Connected Vehicle Data Dictionary – SAE J2735 => Basic Safety Messages, Traveler Information, Map, Signal Phase, Signal Request, Signal Status, etc. § IEEE 1609 Transport services (local broadcast or network) § IEEE 1609.2 Security services Bus ASD + Light-Duty Vehicle ASD + Truck ASD Roadside Equipment (RSE) ITS Roadway Equipment NYCDOT Traffic Management Center (TMC) Bus Databus + Light-Duty Vehicle Databus + Truck Databus Light-Duty Vehicle Operator + MTA Operators + Truck Operator Light-Duty Vehicle Operator + MTA Operators + Truck Operator Vehicle Intersection Warning RSE Intersection Safety Roadway Signal Control TMC Intersection Safety TMC Signal Control Event Data Collection Location Determination Host Vehicle Status (PP) Local Accelerometers Event Data Analysis & Archive Alerts Monitor RSE Status (VPN) (2B) signal control commands (OOS) (2B) signal control status (OOS) (2B) intersection safety application info (SNMP) (2B) intersection safety application status (SNMP) (1A) intersection control status + conflict monitor Status (VPN) BSM (1609-s) SPaT (1609-s) MAP (1609-s) Intersection Geometric Data (SNMP)
Connected Vehicle Applications § Variety of ‘applications’ supported by the CVRIA architecture § Some have been test- deployed § Many-to-many association between Apps and J2735 Data Dictionary messages
§ DSRC/WAVE – a suite of standards § IEEE 1609.2 is an application- to-application security layer, independent of the transport § Secures machine-to-machine (application to application) communications IEEE 1609.2 V2X Security Stack UDP / TCP LLC PHY WAVE MAC (including channel coordination) IPv6 WSMP Networking Protocols 1609.3 1609.12 1609.2 Management Security 1609.4 802.11 Higher layer standards 1609.11 WSMP Transport Protocols
Uses of 1609.2 in V2X § Vehicle-to-Vehicle (V2V) and Vehicle-to-Infrastructure (V2I) message security – Authentication (Private key signing) § Basic Safety Messages (automotive equivalent of ADS-B) using small, implicit certificates (useful in bandwidth constrained environments) – Integrity – Protection from message tampering (provides detection forged messages) – Replay Protection (timing and message equivalency consistency checks) – Confidentiality – Encrypt, using public key, to a private key holder (mostly used with V2I) – Geographic consistency - Certificates can be constrained to a Geographic area (native certificate-based geofencing). Message recipients can validate that the message sender was authorized to communicate a given message ‘in a given area’ – Fine-grained Permissions (Service Specific Permissions – SSP) § Ability to define for a given vehicle what authorizations it has to send certain message content. For example, first responders may sign and transmit a traffic signal preemption command, but no one else can. § Inherent authorizations WITHOUT an AUTHORIZATION SERVER and network connection
1609.2 Credential SSP Message Authorization PSID A SSP SSP Application Identifier Service-Specific Permissions (SSP)
Issue: Application Security vs. Regional Architectures § Applications operate between: – Traffic Management Centers (TMC) – Roadside Equipment (RSE) – Vehicle Onboard Equipment (OBE) – Other online service providers § Vehicles are mobile and need to interoperate with other regions’ infrastructures – They may not have real-time connectivity to any central coordination service ==> application logic must be fully specified ahead of time and configurable using only local means § Goal: Consistent application security properties between regions § Impediment: One region’s architecture may not fit the security assumptions of the application designer § Where are application security configurations and assumptions reflected?
Application Security Profiles § Simplify the job of an application designer in specifying how to use 1609.2 security services § Determine proper security behavior of sender and receiver § Specify which consistency checks (geospatial, temporal), replay detection (yes/no), etc. to perform § Specify messaging behavior, crypto, time/location tolerances (timeouts), when to re-sign, re-verify, when to encrypt, etc. for: – Sending – Receiving – Security (Certificate) management
Example § Roadside Unit (RSU) Placement Impacts – Architecturally: One CV Pilot site signs TMC information in the RSU. The other sites sign the messages at the TMC (gaining end-to-end integrity and source authentication protections) – Result: Different architectures demanded differences in security profile settings – Result: Vehicles driving in one of the cities may not ‘behave’ correctly when receiving equivalent application messages in the other city. – Application designer’s assumptions may be false and security vulnerabilities may emerge – Vehicles are mobile – They WILL move between the different regions, therefore vehicle will have to become smart and adapt to regional ‘personalities’ unless minimal baseline interoperability is specified for some applications – Who owns the application? – Who has the right to specify the security interoperability settings between regions?
Lesson-Learned #1: Determine what applications MUST be interoperable between regions § E.g., Does a firetruck in Los Angeles need to be able to perform certain applications in Houston, Texas? (e.g., traffic signal preemption) § What vulnerabilities may emerge when one city’s infrastructure makes different assumptions about how vehicles should handle its messages?
Lesson-Learned #2: Standardize the interoperable application specifications before you deploy § Connected vehicle pilots in the U.S. only have one completed specification, SAE J2945/1, which describes proper application behavior for V2V Basic-Safety-Message communications § Application specifications, especially V2I, will help designers developing architectures § IF THIS IS NOT POSSIBLE, then consider regional configurations (application personalities) that actuate in the vehicle when it moves from one region to the other (and hope that everyone is using the right ‘personality’)
Issue: Message Dictionary Clarity § SAE J2735 => Basic Safety Messages, Traveler Information, Map, Signal Phase, Signal Request, Signal Status, etc. § Identifies: – datagram structures – Message data elements and data types by message – Mandatory vs. Optional fields § Challenge for CV Pilot security: Message Dictionary contains many repeated, overlapping and otherwise un-normalized information types § Result: Establishing security authorization rules (SSPs) over such messages is exceedingly difficult and prone to error. Too much flexibility (in how to express message information) to application designers can be a huge security issue
Lesson-Learned #3: Build ‘clean’ message dictionaries § Don’t repeat information in so many places § Standards bodies: Normalize your message data types/elements – Make it easier for application designers and security engineers § Application Designers: Specify with clarity how to construct messages and secure the vulnerable ones using SSPs – These SSPs go INTO the 1609.2 credential and are issued by the PKI
Lesson 4: Include system security engineers throughout the process § When developing message dictionaries § When developing Application specifications (for which security matters) § For determining regional architectural impacts on applications and vs. versa § For risk modeling overall system: They can help with the holistic picture and where security issues are likely to arise
V2X Security: Tools for Smart Cities § IEEE 1609.2 is a full security stack, credential-driven, decentralized messaging security model created for the transportation industry § IEEE 1609.2 certificates are small (~1/2 the size of X.509), saving bandwidth (but still employ strong cryptography) § 1609.2 security model employs substantial geospatial and time-based consistency checking mechanisms embedded right in the certificate and encoded in each application’s tailorable security profile § WHERE ELSE CAN WE USE THIS????
Potential application of 1609.2 to DRONE identification and tracking FAA Law Enforcement Operators
Potential Unmanned Aircraft Applications of 1609.2 § Augment existing aviation messages (such as ADS-B) with message-level cryptographic security – Prevent message forgery, replay, message tampering of aircraft position reports – Adds ~180 Bytes for the crypto (signature, certificate and container encoding) – Unauthenticated position reporting should not be allowed in urban environments – too many risks – Robotic, automated systems will increasingly rely on the remote position reporting data for self-guidance decisions ?? ?? ??
Potential Unmanned Aircraft Applications of 1609.2 (cont.) § UAS to UAS Ad-hoc Messaging – Being considered in Unmanned Traffic Management (UTM) circles to augment drone messaging in network-disconnected environments § UAS to Ground Control Station (controller) – Application / telemetry / telematics messaging § UAS to Connected Ground Vehicles – Ground and low altitude airborne vehicle situational awareness § UAS to Infrastructure – Localized applications reporting information such as tall obstacles, weather, roadway information, shipping port data, etc.
Re-tasking 1609.2 to other uses § Development of new message dictionaries OR adding security over existing ones (e.g., ADS-B) § Development and specification of other automation applications (e.g., drone apps) § Development of authorization models (SSPs) for new applications § Adaptation of PKI (Security Credential Management System) to support new applications – Most likely a simplification of the ground vehicle V2X system
Summary § Connected vehicle technology has been in the making for a long time, but is poised for massive growth. Security and trust of the ecosystem is vital. § Disconnects between standards bodies, application designers and regulators are understandable, but rigorous system security engineering principles still need to be maintained § Smart cities and nations wanting to secure and expand their ’Mobile IoT’ portfolios’ (e.g., to include drones and other automated, mobile systems) have an off-the-shelf security stack in the form of IEEE 1609.2 that can be easily tailored

Empfohlen

Secure Drone-to-X Communication - AUVSI XPONENTIAL 2018
Secure Drone-to-X Communication - AUVSI XPONENTIAL 2018 Secure Drone-to-X Communication - AUVSI XPONENTIAL 2018
Secure Drone-to-X Communication - AUVSI XPONENTIAL 2018
OnBoard Security, Inc. - a Qualcomm Company
 
Car cybersecurity: What do automakers really think?
Car cybersecurity: What do automakers really think?Car cybersecurity: What do automakers really think?
Car cybersecurity: What do automakers really think?
OnBoard Security, Inc. - a Qualcomm Company
 
A Review on various Security Attacks in Mobile Adhoc Network
A Review on various Security Attacks in Mobile Adhoc NetworkA Review on various Security Attacks in Mobile Adhoc Network
A Review on various Security Attacks in Mobile Adhoc Network
IRJET Journal
 
Software defined networking players
Software defined networking playersSoftware defined networking players
Software defined networking players
Ameer Sameer
 
The Security and Privacy Requirements in VANET
The Security and Privacy Requirements in VANETThe Security and Privacy Requirements in VANET
The Security and Privacy Requirements in VANET
Ankit Singh
 
Restricted Usage of Anonymous Credentials in VANET for Misbehaviour Detection
Restricted Usage of Anonymous Credentials in VANET for Misbehaviour DetectionRestricted Usage of Anonymous Credentials in VANET for Misbehaviour Detection
Restricted Usage of Anonymous Credentials in VANET for Misbehaviour Detection
Ankit Singh
 
From Connected To Self-Driving - Securing the Automotive Revolution
From Connected To Self-Driving - Securing the Automotive RevolutionFrom Connected To Self-Driving - Securing the Automotive Revolution
From Connected To Self-Driving - Securing the Automotive Revolution
Alexander Schellong
 
Security Vision for Software on Wheels (Autonomous Vehicles)
Security Vision for Software on Wheels (Autonomous Vehicles)Security Vision for Software on Wheels (Autonomous Vehicles)
Security Vision for Software on Wheels (Autonomous Vehicles)
Ankit Singh
 

Empfohlen

Secure Drone-to-X Communication - AUVSI XPONENTIAL 2018
Secure Drone-to-X Communication - AUVSI XPONENTIAL 2018 Secure Drone-to-X Communication - AUVSI XPONENTIAL 2018
Secure Drone-to-X Communication - AUVSI XPONENTIAL 2018
OnBoard Security, Inc. - a Qualcomm Company
 
Car cybersecurity: What do automakers really think?
Car cybersecurity: What do automakers really think?Car cybersecurity: What do automakers really think?
Car cybersecurity: What do automakers really think?
OnBoard Security, Inc. - a Qualcomm Company
 
A Review on various Security Attacks in Mobile Adhoc Network
A Review on various Security Attacks in Mobile Adhoc NetworkA Review on various Security Attacks in Mobile Adhoc Network
A Review on various Security Attacks in Mobile Adhoc Network
IRJET Journal
 
Software defined networking players
Software defined networking playersSoftware defined networking players
Software defined networking players
Ameer Sameer
 
The Security and Privacy Requirements in VANET
The Security and Privacy Requirements in VANETThe Security and Privacy Requirements in VANET
The Security and Privacy Requirements in VANET
Ankit Singh
 
Restricted Usage of Anonymous Credentials in VANET for Misbehaviour Detection
Restricted Usage of Anonymous Credentials in VANET for Misbehaviour DetectionRestricted Usage of Anonymous Credentials in VANET for Misbehaviour Detection
Restricted Usage of Anonymous Credentials in VANET for Misbehaviour Detection
Ankit Singh
 
From Connected To Self-Driving - Securing the Automotive Revolution
From Connected To Self-Driving - Securing the Automotive RevolutionFrom Connected To Self-Driving - Securing the Automotive Revolution
From Connected To Self-Driving - Securing the Automotive Revolution
Alexander Schellong
 
Security Vision for Software on Wheels (Autonomous Vehicles)
Security Vision for Software on Wheels (Autonomous Vehicles)Security Vision for Software on Wheels (Autonomous Vehicles)
Security Vision for Software on Wheels (Autonomous Vehicles)
Ankit Singh
 
Mobile slide
Mobile slideMobile slide
Mobile slide
Aman singh
 
Distance bounding
Distance boundingDistance bounding
Distance bounding
Harish Kumar
 
Design methodology for ip secured tunel based embedded platform for aaa server
Design methodology for ip secured tunel based embedded platform for aaa serverDesign methodology for ip secured tunel based embedded platform for aaa server
Design methodology for ip secured tunel based embedded platform for aaa server
ijmnct
 
Enhancement of the Authentication and Key Agreement Protocol in 4G Mobile Net...
Enhancement of the Authentication and Key Agreement Protocol in 4G Mobile Net...Enhancement of the Authentication and Key Agreement Protocol in 4G Mobile Net...
Enhancement of the Authentication and Key Agreement Protocol in 4G Mobile Net...
Ahmad K. Kabbara
 
User location tracking attacks for LTE networks using the Interworking Functi...
User location tracking attacks for LTE networks using the Interworking Functi...User location tracking attacks for LTE networks using the Interworking Functi...
User location tracking attacks for LTE networks using the Interworking Functi...
Siddharth Rao
 
Abbie Barbir Tcg Final
Abbie Barbir Tcg FinalAbbie Barbir Tcg Final
Abbie Barbir Tcg Final
Abbie Barbir
 
De-Authentication attack on wireless network 802.11i using Kali Linux
De-Authentication attack on wireless network 802.11i using Kali LinuxDe-Authentication attack on wireless network 802.11i using Kali Linux
De-Authentication attack on wireless network 802.11i using Kali Linux
IRJET Journal
 
IRJET- Software Defined Network: DDOS Attack Detection
IRJET- Software Defined Network: DDOS Attack DetectionIRJET- Software Defined Network: DDOS Attack Detection
IRJET- Software Defined Network: DDOS Attack Detection
IRJET Journal
 
Identifying How WAP Can Be Used For Secure mBusiness
Identifying How WAP Can Be Used For Secure mBusinessIdentifying How WAP Can Be Used For Secure mBusiness
Identifying How WAP Can Be Used For Secure mBusiness
Oliver Pfaff
 
Improving Security Features In MANET Authentication Through Scrutiny Of The C...
Improving Security Features In MANET Authentication Through Scrutiny Of The C...Improving Security Features In MANET Authentication Through Scrutiny Of The C...
Improving Security Features In MANET Authentication Through Scrutiny Of The C...
Editor IJMTER
 
K43066774
K43066774K43066774
K43066774
IJERA Editor
 
An Integrated Multi-level Security Model for Malicious Attacks Resiliency in ...
An Integrated Multi-level Security Model for Malicious Attacks Resiliency in ...An Integrated Multi-level Security Model for Malicious Attacks Resiliency in ...
An Integrated Multi-level Security Model for Malicious Attacks Resiliency in ...
Dr.Irshad Ahmed Sumra
 
Cyber Security and Cyber-Resilience for RPAS
Cyber Security and Cyber-Resilience for RPASCyber Security and Cyber-Resilience for RPAS
Cyber Security and Cyber-Resilience for RPAS
Giovanni Panice
 
DYNAMIC IDP SIGNATURE PROCESSING BY FAST ELIMINATION USING DFA
DYNAMIC IDP SIGNATURE PROCESSING BY FAST ELIMINATION USING DFADYNAMIC IDP SIGNATURE PROCESSING BY FAST ELIMINATION USING DFA
DYNAMIC IDP SIGNATURE PROCESSING BY FAST ELIMINATION USING DFA
IJNSA Journal
 
Wireless security
Wireless securityWireless security
Wireless security
paripec
 
20320140501016
2032014050101620320140501016
20320140501016
IAEME Publication
 
Will future vehicles be secure?
Will future vehicles be secure?Will future vehicles be secure?
Will future vehicles be secure?
Alan Tatourian
 
Connected vehicles: An Overview on Security, Vulnerabilities and Remedies
Connected vehicles: An Overview on Security, Vulnerabilities and RemediesConnected vehicles: An Overview on Security, Vulnerabilities and Remedies
Connected vehicles: An Overview on Security, Vulnerabilities and Remedies
Madhur Gupta
 
Privacy & Security Aspects in Mobile Networks
Privacy & Security Aspects in Mobile NetworksPrivacy & Security Aspects in Mobile Networks
Privacy & Security Aspects in Mobile Networks
DefCamp
 
santoskumaarResume - updated
santoskumaarResume - updatedsantoskumaarResume - updated
santoskumaarResume - updated
Santos Kumaar.S
 
Security for Connected Vehicle: Successes and Challenges
Security for Connected Vehicle: Successes and ChallengesSecurity for Connected Vehicle: Successes and Challenges
Security for Connected Vehicle: Successes and Challenges
OnBoard Security, Inc. - a Qualcomm Company
 
Jb3515641568
Jb3515641568Jb3515641568
Jb3515641568
IJERA Editor
 

Weitere ähnliche Inhalte

Was ist angesagt?

Design methodology for ip secured tunel based embedded platform for aaa server
Design methodology for ip secured tunel based embedded platform for aaa serverDesign methodology for ip secured tunel based embedded platform for aaa server
Design methodology for ip secured tunel based embedded platform for aaa server
ijmnct
 
Enhancement of the Authentication and Key Agreement Protocol in 4G Mobile Net...
Enhancement of the Authentication and Key Agreement Protocol in 4G Mobile Net...Enhancement of the Authentication and Key Agreement Protocol in 4G Mobile Net...
Enhancement of the Authentication and Key Agreement Protocol in 4G Mobile Net...
Ahmad K. Kabbara
 
Improving Security Features In MANET Authentication Through Scrutiny Of The C...
Improving Security Features In MANET Authentication Through Scrutiny Of The C...Improving Security Features In MANET Authentication Through Scrutiny Of The C...
Improving Security Features In MANET Authentication Through Scrutiny Of The C...
Editor IJMTER
 
An Integrated Multi-level Security Model for Malicious Attacks Resiliency in ...
An Integrated Multi-level Security Model for Malicious Attacks Resiliency in ...An Integrated Multi-level Security Model for Malicious Attacks Resiliency in ...
An Integrated Multi-level Security Model for Malicious Attacks Resiliency in ...
Dr.Irshad Ahmed Sumra
 
DYNAMIC IDP SIGNATURE PROCESSING BY FAST ELIMINATION USING DFA
DYNAMIC IDP SIGNATURE PROCESSING BY FAST ELIMINATION USING DFADYNAMIC IDP SIGNATURE PROCESSING BY FAST ELIMINATION USING DFA
DYNAMIC IDP SIGNATURE PROCESSING BY FAST ELIMINATION USING DFA
IJNSA Journal
 
Wireless security
Wireless securityWireless security
Wireless security
paripec
 
Will future vehicles be secure?
Will future vehicles be secure?Will future vehicles be secure?
Will future vehicles be secure?
Alan Tatourian
 
santoskumaarResume - updated
santoskumaarResume - updatedsantoskumaarResume - updated
santoskumaarResume - updated
Santos Kumaar.S
 

Was ist angesagt? (20)

Mobile slide
Mobile slideMobile slide
Mobile slide
 
Distance bounding
Distance boundingDistance bounding
Distance bounding
 
Design methodology for ip secured tunel based embedded platform for aaa server
Design methodology for ip secured tunel based embedded platform for aaa serverDesign methodology for ip secured tunel based embedded platform for aaa server
Design methodology for ip secured tunel based embedded platform for aaa server
 
Enhancement of the Authentication and Key Agreement Protocol in 4G Mobile Net...
Enhancement of the Authentication and Key Agreement Protocol in 4G Mobile Net...Enhancement of the Authentication and Key Agreement Protocol in 4G Mobile Net...
Enhancement of the Authentication and Key Agreement Protocol in 4G Mobile Net...
 
User location tracking attacks for LTE networks using the Interworking Functi...
User location tracking attacks for LTE networks using the Interworking Functi...User location tracking attacks for LTE networks using the Interworking Functi...
User location tracking attacks for LTE networks using the Interworking Functi...
 
Abbie Barbir Tcg Final
Abbie Barbir Tcg FinalAbbie Barbir Tcg Final
Abbie Barbir Tcg Final
 
De-Authentication attack on wireless network 802.11i using Kali Linux
De-Authentication attack on wireless network 802.11i using Kali LinuxDe-Authentication attack on wireless network 802.11i using Kali Linux
De-Authentication attack on wireless network 802.11i using Kali Linux
 
IRJET- Software Defined Network: DDOS Attack Detection
IRJET- Software Defined Network: DDOS Attack DetectionIRJET- Software Defined Network: DDOS Attack Detection
IRJET- Software Defined Network: DDOS Attack Detection
 
Identifying How WAP Can Be Used For Secure mBusiness
Identifying How WAP Can Be Used For Secure mBusinessIdentifying How WAP Can Be Used For Secure mBusiness
Identifying How WAP Can Be Used For Secure mBusiness
 
Improving Security Features In MANET Authentication Through Scrutiny Of The C...
Improving Security Features In MANET Authentication Through Scrutiny Of The C...Improving Security Features In MANET Authentication Through Scrutiny Of The C...
Improving Security Features In MANET Authentication Through Scrutiny Of The C...
 
K43066774
K43066774K43066774
K43066774
 
An Integrated Multi-level Security Model for Malicious Attacks Resiliency in ...
An Integrated Multi-level Security Model for Malicious Attacks Resiliency in ...An Integrated Multi-level Security Model for Malicious Attacks Resiliency in ...
An Integrated Multi-level Security Model for Malicious Attacks Resiliency in ...
 
Cyber Security and Cyber-Resilience for RPAS
Cyber Security and Cyber-Resilience for RPASCyber Security and Cyber-Resilience for RPAS
Cyber Security and Cyber-Resilience for RPAS
 
DYNAMIC IDP SIGNATURE PROCESSING BY FAST ELIMINATION USING DFA
DYNAMIC IDP SIGNATURE PROCESSING BY FAST ELIMINATION USING DFADYNAMIC IDP SIGNATURE PROCESSING BY FAST ELIMINATION USING DFA
DYNAMIC IDP SIGNATURE PROCESSING BY FAST ELIMINATION USING DFA
 
Wireless security
Wireless securityWireless security
Wireless security
 
20320140501016
2032014050101620320140501016
20320140501016
 
Will future vehicles be secure?
Will future vehicles be secure?Will future vehicles be secure?
Will future vehicles be secure?
 
Connected vehicles: An Overview on Security, Vulnerabilities and Remedies
Connected vehicles: An Overview on Security, Vulnerabilities and RemediesConnected vehicles: An Overview on Security, Vulnerabilities and Remedies
Connected vehicles: An Overview on Security, Vulnerabilities and Remedies
 
Privacy & Security Aspects in Mobile Networks
Privacy & Security Aspects in Mobile NetworksPrivacy & Security Aspects in Mobile Networks
Privacy & Security Aspects in Mobile Networks
 
santoskumaarResume - updated
santoskumaarResume - updatedsantoskumaarResume - updated
santoskumaarResume - updated
 

Ähnlich wie Locking Down and Re-Using V2X Security - Lessons for Smart Cities

RELIABLE SOFTWARE FRAMEWORK FOR VEHICULAR SAFETY APPLICATIONS ON CLOUD
RELIABLE SOFTWARE FRAMEWORK FOR VEHICULAR SAFETY APPLICATIONS ON CLOUDRELIABLE SOFTWARE FRAMEWORK FOR VEHICULAR SAFETY APPLICATIONS ON CLOUD
RELIABLE SOFTWARE FRAMEWORK FOR VEHICULAR SAFETY APPLICATIONS ON CLOUD
IJCI JOURNAL
 
Cross domain security reference architecture
Cross domain security reference architectureCross domain security reference architecture
Cross domain security reference architecture
Wen Zhu
 
A NEW GENERATION OF DRIVER ASSISTANCE AND SECURITY
A NEW GENERATION OF DRIVER ASSISTANCE AND SECURITYA NEW GENERATION OF DRIVER ASSISTANCE AND SECURITY
A NEW GENERATION OF DRIVER ASSISTANCE AND SECURITY
IJCI JOURNAL
 
inter vehicle communication
inter vehicle communicationinter vehicle communication
inter vehicle communication
Nitish Tanwar
 
Iaetsd zigbee for vehicular communication systems
Iaetsd zigbee for vehicular communication systemsIaetsd zigbee for vehicular communication systems
Iaetsd zigbee for vehicular communication systems
Iaetsd Iaetsd
 
Survey on VSPN: VANET-Based Secure and Privacy-Preserving Navigation
Survey on VSPN: VANET-Based Secure and Privacy-Preserving NavigationSurvey on VSPN: VANET-Based Secure and Privacy-Preserving Navigation
Survey on VSPN: VANET-Based Secure and Privacy-Preserving Navigation
IJERA Editor
 
White paper: Enhance mobility and driver experience with multihop data exchan...
White paper: Enhance mobility and driver experience with multihop data exchan...White paper: Enhance mobility and driver experience with multihop data exchan...
White paper: Enhance mobility and driver experience with multihop data exchan...
Yaroslav Domaratsky
 
A Lightweight Message Authentication Framework in the Intelligent Vehicles Sy...
A Lightweight Message Authentication Framework in the Intelligent Vehicles Sy...A Lightweight Message Authentication Framework in the Intelligent Vehicles Sy...
A Lightweight Message Authentication Framework in the Intelligent Vehicles Sy...
theijes
 

Ähnlich wie Locking Down and Re-Using V2X Security - Lessons for Smart Cities (20)

Security for Connected Vehicle: Successes and Challenges
Security for Connected Vehicle: Successes and ChallengesSecurity for Connected Vehicle: Successes and Challenges
Security for Connected Vehicle: Successes and Challenges
 
Jb3515641568
Jb3515641568Jb3515641568
Jb3515641568
 
RELIABLE SOFTWARE FRAMEWORK FOR VEHICULAR SAFETY APPLICATIONS ON CLOUD
RELIABLE SOFTWARE FRAMEWORK FOR VEHICULAR SAFETY APPLICATIONS ON CLOUDRELIABLE SOFTWARE FRAMEWORK FOR VEHICULAR SAFETY APPLICATIONS ON CLOUD
RELIABLE SOFTWARE FRAMEWORK FOR VEHICULAR SAFETY APPLICATIONS ON CLOUD
 
Deepak
DeepakDeepak
Deepak
 
Deepak
DeepakDeepak
Deepak
 
Cross domain security reference architecture
Cross domain security reference architectureCross domain security reference architecture
Cross domain security reference architecture
 
IEEE 2014 NS2 Projects
IEEE 2014 NS2 ProjectsIEEE 2014 NS2 Projects
IEEE 2014 NS2 Projects
 
IEEE 2014 NS2 Projects
IEEE 2014 NS2 ProjectsIEEE 2014 NS2 Projects
IEEE 2014 NS2 Projects
 
[Cisco Connect 2018 - Vietnam] Satit adirek hn under_the_hood_sdwan deep_dive
[Cisco Connect 2018 - Vietnam] Satit adirek hn under_the_hood_sdwan deep_dive[Cisco Connect 2018 - Vietnam] Satit adirek hn under_the_hood_sdwan deep_dive
[Cisco Connect 2018 - Vietnam] Satit adirek hn under_the_hood_sdwan deep_dive
 
A NEW GENERATION OF DRIVER ASSISTANCE AND SECURITY
A NEW GENERATION OF DRIVER ASSISTANCE AND SECURITYA NEW GENERATION OF DRIVER ASSISTANCE AND SECURITY
A NEW GENERATION OF DRIVER ASSISTANCE AND SECURITY
 
inter vehicle communication
inter vehicle communicationinter vehicle communication
inter vehicle communication
 
Iaetsd zigbee for vehicular communication systems
Iaetsd zigbee for vehicular communication systemsIaetsd zigbee for vehicular communication systems
Iaetsd zigbee for vehicular communication systems
 
Survey on VSPN: VANET-Based Secure and Privacy-Preserving Navigation
Survey on VSPN: VANET-Based Secure and Privacy-Preserving NavigationSurvey on VSPN: VANET-Based Secure and Privacy-Preserving Navigation
Survey on VSPN: VANET-Based Secure and Privacy-Preserving Navigation
 
Schneider-Electric & NextNine – Comparing Remote Connectivity Solutions
Schneider-Electric & NextNine – Comparing Remote Connectivity SolutionsSchneider-Electric & NextNine – Comparing Remote Connectivity Solutions
Schneider-Electric & NextNine – Comparing Remote Connectivity Solutions
 
CA API Gateway: Web API and Application Security
CA API Gateway: Web API and Application SecurityCA API Gateway: Web API and Application Security
CA API Gateway: Web API and Application Security
 
White paper: Enhance mobility and driver experience with multihop data exchan...
White paper: Enhance mobility and driver experience with multihop data exchan...White paper: Enhance mobility and driver experience with multihop data exchan...
White paper: Enhance mobility and driver experience with multihop data exchan...
 
Jvvnl 071108
Jvvnl 071108Jvvnl 071108
Jvvnl 071108
 
A Lightweight Message Authentication Framework in the Intelligent Vehicles Sy...
A Lightweight Message Authentication Framework in the Intelligent Vehicles Sy...A Lightweight Message Authentication Framework in the Intelligent Vehicles Sy...
A Lightweight Message Authentication Framework in the Intelligent Vehicles Sy...
 
Forming Vehicular Web of Trust in VANET
Forming Vehicular Web of Trust in VANETForming Vehicular Web of Trust in VANET
Forming Vehicular Web of Trust in VANET
 
Autonomous driving end-to-end security architecture
Autonomous driving end-to-end security architectureAutonomous driving end-to-end security architecture
Autonomous driving end-to-end security architecture
 

Mehr von OnBoard Security, Inc. - a Qualcomm Company

Mehr von OnBoard Security, Inc. - a Qualcomm Company (11)

Garbled Circuits for Secure Credential Management Services
Garbled Circuits for Secure Credential Management ServicesGarbled Circuits for Secure Credential Management Services
Garbled Circuits for Secure Credential Management Services
 
Lattice-based Signatures
Lattice-based SignaturesLattice-based Signatures
Lattice-based Signatures
 
Binary Hash Tree based Certificate Access Management for Connected Vehicles (...
Binary Hash Tree based Certificate Access Management for Connected Vehicles (...Binary Hash Tree based Certificate Access Management for Connected Vehicles (...
Binary Hash Tree based Certificate Access Management for Connected Vehicles (...
 
A Short Review of the NTRU Cryptosystem
A Short Review of the NTRU CryptosystemA Short Review of the NTRU Cryptosystem
A Short Review of the NTRU Cryptosystem
 
Automotive Cybersecurity: The Gap Still Exists
Automotive Cybersecurity: The Gap Still ExistsAutomotive Cybersecurity: The Gap Still Exists
Automotive Cybersecurity: The Gap Still Exists
 
IEEE 1609.2 and Connected Vehicle Security: Standards Making in a Pocket Univ...
IEEE 1609.2 and Connected Vehicle Security: Standards Making in a Pocket Univ...IEEE 1609.2 and Connected Vehicle Security: Standards Making in a Pocket Univ...
IEEE 1609.2 and Connected Vehicle Security: Standards Making in a Pocket Univ...
 
Connected Cars: What Could Possibly Go Wrong
Connected Cars: What Could Possibly Go WrongConnected Cars: What Could Possibly Go Wrong
Connected Cars: What Could Possibly Go Wrong
 
Certificate Management Protocols for 1609.2 Certificates
Certificate Management Protocols for 1609.2 CertificatesCertificate Management Protocols for 1609.2 Certificates
Certificate Management Protocols for 1609.2 Certificates
 
Scaling Systems Securely: Challenges and Risks
Scaling Systems Securely: Challenges and RisksScaling Systems Securely: Challenges and Risks
Scaling Systems Securely: Challenges and Risks
 
Misbehavior Handling Throughout the V2V System Lifecycle
Misbehavior Handling Throughout the V2V System LifecycleMisbehavior Handling Throughout the V2V System Lifecycle
Misbehavior Handling Throughout the V2V System Lifecycle
 
Quantum Safety in Certified Cryptographic Modules
Quantum Safety in Certified Cryptographic ModulesQuantum Safety in Certified Cryptographic Modules
Quantum Safety in Certified Cryptographic Modules
 

Kürzlich hochgeladen

Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 

Kürzlich hochgeladen (20)

Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 

Locking Down and Re-Using V2X Security - Lessons for Smart Cities

  • 1. Locking Down and Re-Using V2X Security: Lessons for Smart Cities
  • 2. Agenda § V2X Security and the U.S. Connected Vehicle Pilots – Connected Vehicle Architectures and Applications – IEEE 1609.2 V2X security stack and uses – Issues and Lessons Learned in U.S. CV Pilots § V2X Security: Tools for Smart Cities – Potential Unmanned aircraft systems (Drones) applications – Re-tasking V2X security to other uses 2JANUARY 31, 2018ONBOARD SECURITY
  • 3. Connected Vehicle Architecture - Communications § CV “Applications” => What we want to ‘do’ § Architecture => Framework for doing it ’in’ – Connected Vehicle Implementation Architecture (CVRIA) – Entities, Views, Message Flows § Connected Vehicle Data Dictionary – SAE J2735 => Basic Safety Messages, Traveler Information, Map, Signal Phase, Signal Request, Signal Status, etc. § IEEE 1609 Transport services (local broadcast or network) § IEEE 1609.2 Security services Bus ASD + Light-Duty Vehicle ASD + Truck ASD Roadside Equipment (RSE) ITS Roadway Equipment NYCDOT Traffic Management Center (TMC) Bus Databus + Light-Duty Vehicle Databus + Truck Databus Light-Duty Vehicle Operator + MTA Operators + Truck Operator Light-Duty Vehicle Operator + MTA Operators + Truck Operator Vehicle Intersection Warning RSE Intersection Safety Roadway Signal Control TMC Intersection Safety TMC Signal Control Event Data Collection Location Determination Host Vehicle Status (PP) Local Accelerometers Event Data Analysis & Archive Alerts Monitor RSE Status (VPN) (2B) signal control commands (OOS) (2B) signal control status (OOS) (2B) intersection safety application info (SNMP) (2B) intersection safety application status (SNMP) (1A) intersection control status + conflict monitor Status (VPN) BSM (1609-s) SPaT (1609-s) MAP (1609-s) Intersection Geometric Data (SNMP)
  • 4. Connected Vehicle Applications § Variety of ‘applications’ supported by the CVRIA architecture § Some have been test- deployed § Many-to-many association between Apps and J2735 Data Dictionary messages
  • 5. § DSRC/WAVE – a suite of standards § IEEE 1609.2 is an application- to-application security layer, independent of the transport § Secures machine-to-machine (application to application) communications IEEE 1609.2 V2X Security Stack UDP / TCP LLC PHY WAVE MAC (including channel coordination) IPv6 WSMP Networking Protocols 1609.3 1609.12 1609.2 Management Security 1609.4 802.11 Higher layer standards 1609.11 WSMP Transport Protocols
  • 6. Uses of 1609.2 in V2X § Vehicle-to-Vehicle (V2V) and Vehicle-to-Infrastructure (V2I) message security – Authentication (Private key signing) § Basic Safety Messages (automotive equivalent of ADS-B) using small, implicit certificates (useful in bandwidth constrained environments) – Integrity – Protection from message tampering (provides detection forged messages) – Replay Protection (timing and message equivalency consistency checks) – Confidentiality – Encrypt, using public key, to a private key holder (mostly used with V2I) – Geographic consistency - Certificates can be constrained to a Geographic area (native certificate-based geofencing). Message recipients can validate that the message sender was authorized to communicate a given message ‘in a given area’ – Fine-grained Permissions (Service Specific Permissions – SSP) § Ability to define for a given vehicle what authorizations it has to send certain message content. For example, first responders may sign and transmit a traffic signal preemption command, but no one else can. § Inherent authorizations WITHOUT an AUTHORIZATION SERVER and network connection
  • 7. 1609.2 Credential SSP Message Authorization PSID A SSP SSP Application Identifier Service-Specific Permissions (SSP)
  • 8. Issue: Application Security vs. Regional Architectures § Applications operate between: – Traffic Management Centers (TMC) – Roadside Equipment (RSE) – Vehicle Onboard Equipment (OBE) – Other online service providers § Vehicles are mobile and need to interoperate with other regions’ infrastructures – They may not have real-time connectivity to any central coordination service ==> application logic must be fully specified ahead of time and configurable using only local means § Goal: Consistent application security properties between regions § Impediment: One region’s architecture may not fit the security assumptions of the application designer § Where are application security configurations and assumptions reflected?
  • 9. Application Security Profiles § Simplify the job of an application designer in specifying how to use 1609.2 security services § Determine proper security behavior of sender and receiver § Specify which consistency checks (geospatial, temporal), replay detection (yes/no), etc. to perform § Specify messaging behavior, crypto, time/location tolerances (timeouts), when to re-sign, re-verify, when to encrypt, etc. for: – Sending – Receiving – Security (Certificate) management
  • 10. Example § Roadside Unit (RSU) Placement Impacts – Architecturally: One CV Pilot site signs TMC information in the RSU. The other sites sign the messages at the TMC (gaining end-to-end integrity and source authentication protections) – Result: Different architectures demanded differences in security profile settings – Result: Vehicles driving in one of the cities may not ‘behave’ correctly when receiving equivalent application messages in the other city. – Application designer’s assumptions may be false and security vulnerabilities may emerge – Vehicles are mobile – They WILL move between the different regions, therefore vehicle will have to become smart and adapt to regional ‘personalities’ unless minimal baseline interoperability is specified for some applications – Who owns the application? – Who has the right to specify the security interoperability settings between regions?
  • 11. Lesson-Learned #1: Determine what applications MUST be interoperable between regions § E.g., Does a firetruck in Los Angeles need to be able to perform certain applications in Houston, Texas? (e.g., traffic signal preemption) § What vulnerabilities may emerge when one city’s infrastructure makes different assumptions about how vehicles should handle its messages?
  • 12. Lesson-Learned #2: Standardize the interoperable application specifications before you deploy § Connected vehicle pilots in the U.S. only have one completed specification, SAE J2945/1, which describes proper application behavior for V2V Basic-Safety-Message communications § Application specifications, especially V2I, will help designers developing architectures § IF THIS IS NOT POSSIBLE, then consider regional configurations (application personalities) that actuate in the vehicle when it moves from one region to the other (and hope that everyone is using the right ‘personality’)
  • 13. Issue: Message Dictionary Clarity § SAE J2735 => Basic Safety Messages, Traveler Information, Map, Signal Phase, Signal Request, Signal Status, etc. § Identifies: – datagram structures – Message data elements and data types by message – Mandatory vs. Optional fields § Challenge for CV Pilot security: Message Dictionary contains many repeated, overlapping and otherwise un-normalized information types § Result: Establishing security authorization rules (SSPs) over such messages is exceedingly difficult and prone to error. Too much flexibility (in how to express message information) to application designers can be a huge security issue
  • 14. Lesson-Learned #3: Build ‘clean’ message dictionaries § Don’t repeat information in so many places § Standards bodies: Normalize your message data types/elements – Make it easier for application designers and security engineers § Application Designers: Specify with clarity how to construct messages and secure the vulnerable ones using SSPs – These SSPs go INTO the 1609.2 credential and are issued by the PKI
  • 15. Lesson 4: Include system security engineers throughout the process § When developing message dictionaries § When developing Application specifications (for which security matters) § For determining regional architectural impacts on applications and vs. versa § For risk modeling overall system: They can help with the holistic picture and where security issues are likely to arise
  • 16. V2X Security: Tools for Smart Cities § IEEE 1609.2 is a full security stack, credential-driven, decentralized messaging security model created for the transportation industry § IEEE 1609.2 certificates are small (~1/2 the size of X.509), saving bandwidth (but still employ strong cryptography) § 1609.2 security model employs substantial geospatial and time-based consistency checking mechanisms embedded right in the certificate and encoded in each application’s tailorable security profile § WHERE ELSE CAN WE USE THIS????
  • 17. Potential application of 1609.2 to DRONE identification and tracking FAA Law Enforcement Operators
  • 18. Potential Unmanned Aircraft Applications of 1609.2 § Augment existing aviation messages (such as ADS-B) with message-level cryptographic security – Prevent message forgery, replay, message tampering of aircraft position reports – Adds ~180 Bytes for the crypto (signature, certificate and container encoding) – Unauthenticated position reporting should not be allowed in urban environments – too many risks – Robotic, automated systems will increasingly rely on the remote position reporting data for self-guidance decisions ?? ?? ??
  • 19. Potential Unmanned Aircraft Applications of 1609.2 (cont.) § UAS to UAS Ad-hoc Messaging – Being considered in Unmanned Traffic Management (UTM) circles to augment drone messaging in network-disconnected environments § UAS to Ground Control Station (controller) – Application / telemetry / telematics messaging § UAS to Connected Ground Vehicles – Ground and low altitude airborne vehicle situational awareness § UAS to Infrastructure – Localized applications reporting information such as tall obstacles, weather, roadway information, shipping port data, etc.
  • 20. Re-tasking 1609.2 to other uses § Development of new message dictionaries OR adding security over existing ones (e.g., ADS-B) § Development and specification of other automation applications (e.g., drone apps) § Development of authorization models (SSPs) for new applications § Adaptation of PKI (Security Credential Management System) to support new applications – Most likely a simplification of the ground vehicle V2X system
  • 21. Summary § Connected vehicle technology has been in the making for a long time, but is poised for massive growth. Security and trust of the ecosystem is vital. § Disconnects between standards bodies, application designers and regulators are understandable, but rigorous system security engineering principles still need to be maintained § Smart cities and nations wanting to secure and expand their ’Mobile IoT’ portfolios’ (e.g., to include drones and other automated, mobile systems) have an off-the-shelf security stack in the form of IEEE 1609.2 that can be easily tailored