Report on PRESERVE Final Event

On 17th and 18th of June, 2015, the Royal Institute of Technology (KTH) in Stockholm, Sweden, was hosting a unique event on security and privacy of cooperative Intelligent Transportation Systems (cITS). Not only was the European FP7 project PRESERVE holding its final event, but PRESERVE was joined by partners from the Car-2-Car Communication Consortium's security working group, represented by its chairman Henrik Broberg from Volvo Cars, by ETSI TC ITS Working Group 5, represented by its chair Brigitte Lonc, and by the Harmonization Task Group 6 of the International ITS Cooperation task force, represented by Suzanne Sloan from the US Department of Transportation and Wolfgang Höfs from the European Commission.

About 45 participants mostly from Europe and the U.S. joined the two day event to experience the results of the PRESERVE project and discuss one overarching question: is cooperative ITS security ripe for deployment? Participants came in equal shares from academia, OEMs, suppliers, and public organizations. As a result, discussions reflected the full spectrum of viewpoints on cITS security.

C2C-CC Security WG Status

Day one was devoted to on-going activities in standardization and harmonization. After a warm welcome from Frank Kargl (University of Twente), coordinator of the PRESERVE project, Henrik Broberg kicked off the day by giving a detailed insight into the work and achievements of the C2C-CC's security working group that he is chairing.

One focus of his talk and the discussion was the status of the C2C-CC pilot PKI and production root CA, the later one is expected to become available later this year. Another topic of interest was the work of the in-vehicle task force. A major issue here, which was repeatedly discussed throughout the two days, is the matter of security evolution and flexibility. Too static demands and standards would prevent the security system from reacting to new threats. Therefore, we need to establish standards that are adaptable and allow the security system including the cryptographic mechanisms to evolve as the threats evolve.

Broberg also discussed the complementing relationship of the work in C2C-CC and in ETSI and warned that a reasonable minimum level of security is required to avoid a 'race to the bottom' in which cost advantages help those that implement weak security. This requires a certification process to be established to ensure this minimum level to be kept by all players. He also highlighted the fact that besides all the technical challenges, the cITS security community now also has to solve many organizational and economical issues to become ready for deployment and that the role of harmonization and standardization is crucial.

ETSI TC ITS WG 5 Status

This idea was taken up by Brigitte Lonc who is chairing the ETSI TC ITS working group 5 on security. In her talk, she reported about recent advancements in ETSI's ITS security standardization. She also stressed that the evolution of the security system to ensure scalability, extensibility, maintainability, and crypto-agility is currently being seen as one of the major challenges. ETSI's view on security services, PKI structure, and message formats and headers aligns nicely with the view of C2C-CC, showing the good level of harmonization achieved here. An interesting activity is the on-going work to extend IETF's TLS standard to allow vehicular certificates to be used in TLS authentication. Many participants welcomed this convergence of the ITS and Internet world.

Harmonization Task Group 6 Results

After lunch, the second half of the first day was devoted to the results of the Harmonization Task Group 6, which is active since 2014 and now presented their preliminary results on cITS security policy harmonization. The HTG raised the issue how one could ensure interoperability of systems if cars cross international borders and what level of international harmonization would be required especially with respect to PKI policies in order to allow, e.g., a European car to recognize a certificate from a US car. But also considerations regarding full car lifecycle including, e.g., private resale, are on HTG 6's agenda.

The challenge is to ensure that nearing operational deployments in various areas of the world will not be based on fundamentally incompatible assumptions regarding their security systems that would prevent this interoperability in the mid-term future. Here, the HTG presented a harmonized model of a trust management architecture termed CCMS or Cooperative-ITS Credential Management System and their recommendations of policy and trust harmonization. Like the previous speakers, flexibility and crypto-agility were also listed among the important requirements.

Overall, the HTG sees a strong need to act quickly on harmonization regarding operational processes for CCMS-CCMS and Inter-CCMS trust, auditing of PKIs, and identification of compliance standards, PKI bootstrap (installation, enrollment, certification), CA data center management, and vetting of organizations/personnel. As a multi-CCMS world is likely to occur, they recommend the development of a CCMS federation that regulates accreditation of new CCMS entities, sets policies with CCMS boards for the priority areas for harmonization, and takes ownership of standards to ensure that they are updated and evolved as needed.

With this, the first day of the workshop ended. Day two was then focusing on the achievements of the PRESERVE project. The second day was staged nicely in a former hospital chapel at KTH, the perfect place to 'preach' about the importance of security and privacy protection in cITS.

PRESERVE Final Event

The presentations started with an overview over the origins and results of PRESERVE, given by the project coordinator Frank Kargl from University of Twente. He illustrated how the idea for PRESERVE was built on top of results of a series of previous projects, namely SeVeCom, PRECIOSA, EVITA, and to some extent Oversee, from which PRESERVE also recruited most of its partners. The idea was to integrate their results in a way that they would become accessible to FOTs and pilot projects to be used in their work. Another goal of PRESERVE was to investigate scalability of security mechanisms and provide extensive testing results on the performance aspects of cITS security. Finally, at the time PRESERVE started there were still many open questions related to deployment of cITS security but also related to various research challenges that PRESERVE aimed to address.

This all culminates in the mission statement of PRESERVE: to design, implement, and test a secure and scalable V2X Security Subsystem for realistic deployment scenarios. Towards this goal, PRESERVE contributed many results that were presented throughout the day.

The first area of PRESERVE work focused on a harmonized V2X Security Architecture (VSA) which was presented by Norbert Bissmeyer from Fraunhofer SIT. The PRESERVE VSA, available in project deliverable D1.3, refines ETSI's ITS station reference architecture by detailing the various elements necessary for cITS security in the areas of ID management, message integrity, privacy protection, and misbehavior detection. The VSA also outlines their interactions and gives guidelines regarding implementation. Following discussions centered around communication with the backend, need for revocation mechanisms, and mechanisms for re-filling of pseudonyms via Road-Side Units (RSUs).

The VSA constitutes the basis for the implementation of PRESERVE's V2X Security Subsystem (VSS), which was presented in the following talk by Martin Moser from ESCRYPT. The VSS implements all major components of the VSA needed for a day 1 deployment both inside the vehicle and external PKI components. For the components on the vehicle side PRESERVE provides a software-only, open-source version of the VSS available for free download from the PRESERVE website. It already implements the full functionality of the VSS and runs on a variety of hardware including major CPU architectures (x86, ARM, MIPS, PPC).

The VSS comes in the form of a library which is integrated into the communication stack by means of a flexible API interface called harmonization layer. This harmonization layer allows fast and easy integration, as PRESERVE was able to show by integrating the VSS with communication stacks from Hitachi, NEC, Denso, and others. While the VSS can rely on software-backends like OpenSSL or ESCYPT Cycurlib for all cryptographic operations, it only unfolds its full power when adding the PRESERVE Hardware Security Module (HSM), an ASIC that was designed and built during the project. The HSM offers additional functionality like secure key storage, cryptographic acceleration, and a true random number generator (TRNG). As the HSM became available only shortly before this event, Martin Moser reported only preliminary benchmarks at reduced clock speed. For the most important performance figure, the ECDSA signature verifications, the measurements resulted in 805 verifications per second. For the final clock speed, we can interpolate a rate of 1,238 ver./s, well above the target rate of 1,000 ver./s that PRESERVE aimed for.

An external part of the VSS is the PKI backend. In close cooperation with C2C-CC and ETSI, PRESERVE partners SIT and ESCRYPT designed and realized two independent and interoperable implementations of the vehicular public key infrastructure which they then extended into C2C-CC's pilot PKI.

The following talk by Norbert Bissmeyer was then dedicated to PRESERVE's testing results. Over its lifetime, PRESERVE had a series of internal and external testing campaigns. After a first internal functional test of the VSS Kit in 2012, we conducted joint tests with the French Score@F project at the Versailles-Satory test track near Paris. Furthermore, PRESERVE participated in the two ETSI plugtests in 2013 and 2015 where it could demonstrate its good compatibility with ETSI standards and interoperability with other platforms. Finally, PRESERVE also conducted extensive tests in its internal testbed consisting of up to 25 NEXCOM OBUs setup at KTH. Here, we investigated how large security payload leads to significantly increased packet loss in loaded channels and how the HSM can help to handle high verification loads which regular OBUs cannot handle anymore in software.

The next talk, given by Christophe Jouvray from Trialog, now focused on availability and exploitation of PRESERVE results. He reported that the VSS Kit was already downloaded more than 50 times since the availability of the VSS Kit 2 software-only version via the PRESERVE website in December 2014. Interested parties are requested to voluntarily fill-in a small form when downloading. From this we learned that the downloading organizations include 6 car makers, 21 solution providers, 10 research laboratories, and 5 standardization groups from countries in Europe (Germany, France, UK, Austria, Lithuania) and the rest of the world (China, India, Japan, Mexico, US, Israel, Taiwan). Our partners Trialog (VSS Software), ESCYPT (HSM, PKI), and Fraunhofer (SIT) are dedicated to continue exploitation of the main PRESERVE results beyond the end of the project.

The lunch break featured an integrated demo session, where participants could see a total of four demos from PRESERVE: One demo illustrated how the VSS can protect from external attackers, a second demo showed the PKI operations including refilling of pseudonyms from the pseudonym CA, a performance demo visualized HSM benchmarks, and the fourth demo consisted of a guided tour through the testbed.

After lunch, Panos Papadimitratos from KTH then continued with a presentation giving an overview over the work of PRESERVE on deployment and research challenges. With over 50 peer-reviewed scientific publications and over 100 presentations about project results given at conferences and other venues, PRESERVE made a substantial contribution to the state of the art in the field of cITS security and privacy. Through our close cooperation with C2C-CC Security WG and ETSI TC ITS WG 5 and active participation in Harmonization Task Groups 1 and 6, we also ensured that those results were disseminated and taken into consideration in harmonization and standardization. Other events like organization of the PRESERVE / EIT-ICTlabs summer school, the PRESERVE / C2C-CC security architecture workshop, research seminars, workshops, and conferences also contributed to keeping the research community connected and to ensure best use and uptake of research results in the process towards deployment.

The event continued with a panel discussion where William Whyte (Security Innovations, HTG), Henrik Broberg (Volvo Cars, C2C-CC), Panos Papadimitratos (KTH, PRESERVE), and Frank Kargl (University of Twente, PRESERVE) discussed the question whether we can finally implement and deploy security in cITS given the results from PRESERVE and other efforts. The experts agreed that the overall framework is well defined, but some work may be required within the subsystems, e.g., on misbehavior detection. It remains to be discussed whether all these problems need and even can be solved for a day 1 deployment or could better be solved stepwise in later revisions.

The panlists also realized that cITS is still a rapidly moving target and progress at times outpaces what is laid down in standards. Frank Kargl cautioned that a step-wise approach may be difficult once that first systems are deployed. As can be seen in the Internet, successful deployment in volume creates the need for backwards compatibility and makes introduction of novel features to core technologies a lot more complicated.

The following discussion centered a lot around the cost argument where industry warned about the dangers of too high costs, e.g., of HSMs. The question is which security level should be mandated from developers to not allow a race to the bottom where the one with least security enjoys the cost benefits but endangers security of all communicating parties. The group also discussed the effect a legal requirement for cITS deployment like currently discussed in the US would have. The discussion then moved on towards a more long-term perspective, where cITS may converge with the vision of automated driving. This will inevitably require a higher level of security and privacy protection compared to some day 1 applications.

This discussion was a good lead-over to the following invited talk by Jonathan Petit from University College Cork who spoke on 'Security and Privacy Challenges for Automated Vehicles'. He stressed that for automated vehicles we require a broader view on security including the sensors providing data but also the control algorithms that then make a vehicle react on such data. He highlighted the problem of secure sensor data by showing results from successful experiments on attacking an industrial LIDAR scanner. Another aspect of the talk focused on required privacy protection.

Conclusions

In the final wrap-up, Frank Kargl from PRESERVE and Wolfgang Höfs from the European Commission agreed that the two day event was a unique and very successful meeting of cITS experts from various domains that was very helpful in exchanging results and positions. Since the early days of initial research, cITS in general and the cITS security community involving researchers, developers, industry, and political stakeholders in specific managed to stay very well connected. This led to a fast and well harmonized development of standards based on initial results from academic research.

There was a general agreement that – also thanks to the contributions of PRESERVE – cITS security and privacy protection is well understood up to a level that, from our perspective, a day 1 deployment can move forward. At the same time, everyone is aware that this deployment but also future applications like automated driving will create new challenges and attacks and this requires the security system to be flexible and adaptable. The research activities should therefore not stop and the good dialogue and interchange between academia, industry, and political stakeholders should continue in the future. As this is a world-wide challenge, it should also be addressed in a world-wide, harmonized way.

As a project, PRESERVE hopes to have contributed to the vision of secure and privacy-preserving cITS that will make our mobility safer, more comfortable, more efficient, and also more friendly to our environment.

All slides from the event are available at: https://www.preserve-project.eu/final-event