Opendata, web and dolomites

Report

Teaser, summary, work performed and final results

Periodic Reporting for period 1 - SAFERtec (Security Assurance FramEwoRk for neTworked vEhicular teChnology)

Teaser

SAFERtec addresses security assurance challenges for the ‘connected vehicle system’ (CVS) i.e., a dynamic system of highly-equipped infrastructure-connected vehicles. Our research aims to introduce an assurance framework that will assess the level of confidence that the...

Summary

SAFERtec addresses security assurance challenges for the ‘connected vehicle system’ (CVS) i.e., a dynamic system of highly-equipped infrastructure-connected vehicles. Our research aims to introduce an assurance framework that will assess the level of confidence that the involved security-, privacy- and safety- needs of the CVS are satisfied. The focus is both on V2R (Vehicle-to-Roadside station) and V2C (Vehicle-to-Cloud) communications realized in carefully selected use cases of automotive information exchange. Due to their large attack surface and trust-establishment processes among numerous entities, the vulnerability assessment and elicitation of the security requirements calls for innovative methodologies. With those requirements at hand, the SAFERtec framework relies on the so-far most credible approach i.e., the Common Criteria (CC) and aims to provide high assurance level for the CVS combined with lower cost. The framework’s experimental evaluation (and refinement) will be carried-out over a reference implementation that includes a prototype vehicle, dedicated hardware and third-party services, integrated to realize the SAFERtec use-cases. The development of an on-line toolkit to realize the application of the framework in given automotive settings will complement the set of the project’s outcomes.
The main objectives of the SAFERtec project are summarised as follows:
• Design, introduce and evaluate a security assurance framework tailored for the automotive environment (beyond the available generic and costly frameworks). The SAFERtec assurance framework insights seek to influence the whole System Development Life Cycle of the CVS (from the design up to its maintenance).
• Provide an innovative attack modelling and vulnerability analysis six-stages methodology to more accurately assess security threats and identify countermeasures. Furthermore, enhance penetration testing techniques to meet the CVS requirements.
• Introduce methods for defining security requirements and controls related to system reliability, safety, security and privacy.
• Identify gaps in current security assurance practices and International standards and set the basis of future standardization activities for automotive security assurance.
• Improve European industrial competitiveness in secure & trusted Connected Vehicles relying on the SAFERtec automated (online) tools and apply the Assurance Framework on an integrated CVS developed by industrial partners.

Work performed

The set of the so-far significant SAFERtec achievements is summarized below:
• Identification of relevant V2R and V2C use cases realising instances of real-world communications (falling under the vehicle-to-infrastructure case). A set of pervasive and timely use-cases have been carefully-selected and specified in terms of objectives, main data flow and interfaces on the basis of safe-criticality, EU-suggestions for day-one ITS services and industrial trends. Those use-cases will help us validate the proposed assurance framework.
• Introduction of an innovative combination of three available methodologies i.e., EBIOS, SecureTropos and PriS and their integration into a SAFERtec six-stages process to assist engineers in reasoning about (automotive) threats, attacks and vulnerabilities. Our approach bridges the gap between the design and implementation phases starting with the elicitation of high-level objectives and ending with the suggestion of specific security, privacy and safety measures.
• Specification, design, implementation and (on-going) integration of the hardware and software modules to comprise the CVS. The overall CVS architecture together with the security aspects involved in vehicular communications have been prescribed. All relevant components, communication interfaces and low-level details of the employed protocols have been specified and developed.
• A systematic study of the existing and established approaches to assurance frameworks and introduction of the (preliminary) SAFERtec approach have been carried-out. The design of the modular assurance framework includes the definition of specific set of security features, controls and requirements per each interacting system asset of the CVS. The specification of these sets covers a plethora of configurations leading to the definition of an implementation-independent protection profile.
• The identification of interdependencies, gaps and emerging standardization activities related to the project scope has been concluded. A standardization plan and relevant recommendations have been introduced to identify emerging opportunities and help SAFERtec partners direct their work to appropriate standardization targets.
• In non-technical terms, a set of internal processes (e.g., consortium meetings) and online tools (e.g., Redmine platform) have been employed to assure the high quality of the project’s outcome. The project has also set-up a comprehensive plan for the dissemination of the achieved results through numerous channels (i.e. conferences, forums) aiming at maximum impact.

Final results

SAFERtec has already achieved progress beyond the state of the art mainly in the work corresponding to the first work-packages (WP2) and (WP3); up to this point in the project’s lifetime, it is those research areas that lend to innovations. The development effort (WP4) mainly amounts to the usage of standard automotive technologies (e.g., dedicated short-range communications) to accurately realise the SAFERtec use-cases.The WP2 work on the risk analysis of the SAFERtec use cases introduces an innovative combination of methodologies to jointly account for security, safety and privacy concerns when identifying the vulnerabilities, the security objectives and the security requirements. The proposed combination allows the transformation of high level security, privacy and safety requirements into specific technical requirements and respective measures.
The main innovation of the SAFERtec assurance framework (WP3) amounts to the optimization/extension of the most credible yet generic assurance framework i.e., the Common Criteria, to make it meet the automotive setting requirements; a number of evaluation processes will be carefully enhanced (relying on the idea of parallel execution) and through the introduction of dedicated tools and knowledge-bases will become faster and most notably, of less cost. The SAFERtec innovation is complemented with the design of a modular protection profile for the central part of the CVS.
Until the completion of the project, SAFERtec envisions significant contributions across key points of the automotive security assurance:
• Completion of the first (to the best of our knowledge) security assurance framework tailored for the connected vehicle paradigm.
• Contribution to standardization activities and close collaboration to industrial platforms (i.e., Car2Car consortium).
• Implementation and launch of the assurance framework toolkit to realize an instance of the SAFERtec framework circumventing the high cost of typical security evaluation processes.

The impact of the project’s outcomes (to become relevant in the latest stages and after its completion) can be summarised as follows:
• Contribute to the reduction of required time and cost for security assurance of connected vehicle functions.
• Influence the research and industrial trends in the European automotive arena.
• Increase of trust in connected vehicles and V2I communications.

Website & more info

More info: https://www.safertec-project.eu/.