Re: [its] V2I security problems
Alexandru Petrescu <alexandru.petrescu@gmail.com> Thu, 17 October 2013 08:02 UTC
Return-Path: <alexandru.petrescu@gmail.com>
X-Original-To: its@ietfa.amsl.com
Delivered-To: its@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C00F611E820C for <its@ietfa.amsl.com>; Thu, 17 Oct 2013 01:02:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.845
X-Spam-Level:
X-Spam-Status: No, score=-10.845 tagged_above=-999 required=5 tests=[AWL=0.804, BAYES_00=-2.599, GB_I_LETTER=-2, HELO_EQ_FR=0.35, J_CHICKENPOX_65=0.6, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id u+V1lzorpuwJ for <its@ietfa.amsl.com>; Thu, 17 Oct 2013 01:02:46 -0700 (PDT)
Received: from oxalide-out.extra.cea.fr (oxalide-out.extra.cea.fr [132.168.224.8]) by ietfa.amsl.com (Postfix) with ESMTP id ABB7411E80FC for <its@ietf.org>; Thu, 17 Oct 2013 01:02:42 -0700 (PDT)
Received: from nephilia.intra.cea.fr (nephilia.intra.cea.fr [132.166.88.33]) by oxalide.extra.cea.fr (8.14.2/8.14.2/CEAnet-Internet-out-2.3) with ESMTP id r9H82fld011919 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for <its@ietf.org>; Thu, 17 Oct 2013 10:02:41 +0200
Received: from muguet1.intra.cea.fr (muguet1.intra.cea.fr [132.166.192.6]) by nephilia.intra.cea.fr (8.14.4/8.14.4) with ESMTP id r9H82e1T001900 for <its@ietf.org>; Thu, 17 Oct 2013 10:02:41 +0200 (envelope-from alexandru.petrescu@gmail.com)
Received: from [127.0.0.1] (is010446-4.intra.cea.fr [10.8.33.116]) by muguet1.intra.cea.fr (8.13.8/8.13.8/CEAnet-Intranet-out-1.2) with ESMTP id r9H82acS031933 for <its@ietf.org>; Thu, 17 Oct 2013 10:02:40 +0200
Message-ID: <525F999C.5030202@gmail.com>
Date: Thu, 17 Oct 2013 10:02:36 +0200
From: Alexandru Petrescu <alexandru.petrescu@gmail.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Thunderbird/24.0.1
MIME-Version: 1.0
To: its@ietf.org
References: <CAFfskNxSZjvYx-nmCmtD9dFVhsFn=PuMF=AoR0bz10JzqwFJ3A@mail.gmail.com> <1791874414.20131014121517@componentality.com> <1381768198.8469.88.camel@localhost> <1351916964.20131015000613@componentality.com> <CAELeQoaN24BiAEwWKjW49V5ZCZakTQ1xbDqJvx9GcyA+5-wG1g@mail.gmail.com>
In-Reply-To: <CAELeQoaN24BiAEwWKjW49V5ZCZakTQ1xbDqJvx9GcyA+5-wG1g@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Subject: Re: [its] V2I security problems
X-BeenThere: its@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Intelligent Transportation Systems discussion list." <its.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/its>, <mailto:its-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/its>
List-Post: <mailto:its@ietf.org>
List-Help: <mailto:its-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/its>, <mailto:its-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Oct 2013 08:02:50 -0000
Le 15/10/2013 10:33, Alexander Pinaev a écrit : > CAN to wireless gateway is a gift which makes vulnerable CAN easily > exploitable without a cable connection. Not sure if they are > concerned if their system protected properly. I have just noticed an early prototype in which the vehicle's 'username/password' (the vehicle is a 'user') communicated over CAN for electrical charge billing would be relayed over the air - in clear. This should be protected. The protection - e.g. hashing the password - is known practice to those inclined to security, but is additional hurdle to getting things done to those inclined to early communications. I think in the domain of vehicular communications we are at an early stage where security expertise is very much needed. Yours, Alex > > > On Tue, Oct 15, 2013 at 12:06 AM, Konstantin A. Khait > <khait@componentality.com <mailto:khait@componentality.com>> wrote: > > No, no, no... I didn't mean that it is just an encryption issue. It > is definitely strange that somebody simply propagates CAN to wireless > communication area. Nobody took care of CAN security because it was > designed as a wired bus for [in-particular] in-vehicle use. Moreover, > it seems rather hard and expensive to make CAN secure, because > encryption will affect the bus logic: either conflicts resolution > approach or message priority. It seems to me, the old school design > of such things assumes a gateway between wireless portion and CAN bus > which proceeds wireless commands and issues CAN messages. The set of > commands is limited by required functions, so there's no way to > provoke random CAN message. In this case wireless channel should be > secured with using regular pre-shared or more probable public key > approach and in-vehicle CAN remains unsecured. What I meant, "old > school design" is nothing if it is not an industry standard. It > should be a common approach how to send functional data over the air > and this standard must include a security method. So, it shall be > like wireless MOST bus where each functional block has limited set of > methods and properties predefined in the corresponded standard. MOST > is unsecured (because it is again in-vehicle technology), but it is > just an example. Wireless method should be based on something common > (I'd say 802.11) and use corresponded security provisioning > approaches. > > Thanks, Kostia > > ----- > > > > ----- Konstantin A. Khait Componentality Oy Tel: +358(0)465662016 > +7(921)9005780 Skype: kostia.khait E-Mail: khait@componentality.com > <mailto:khait@componentality.com> 53100 Finland Ratakatu 47 > Lappeenranta > > >> The issue is not what encryption technology is used -- that's a >> discussion in the small. В What is at issue is the scope of the >> encryption. В > > >> If the CAN is encrypted ... is the data protected in the radio >> network? В > > >> The important objective is to secure the _data_ and to secure it >> end-to-end. В Rendering the most important security attributes > >> (authenticity and confidentiality) irrelevant to whether the >> passengers can touch it. В > > >> What the internet does, that none of the wannabes do, is provide >> end-to-end reliability over an infrastructure that we acknowledge >> to be less than perfect. В That's what all the ACK/NAC, packet >> numbering and the three-way handshake in TCP is about. В What we >> have not done (at > >> least not here) is apply the same principles to security -- we >> need end-to-end security over an infrastructure that we acknowledge >> is less than perfect. В > > > > >> On Mon, 2013-10-14 at 12:15 +0400, Konstantin A. Khait wrote: >>> Hm... It is yet another reason why custom "...-based" protocols >>> are evil [in automotive]. IEEE1609 assumes elliptic encription, >>> which is very hard to attack (basically even harder than AES). >>> But according to what we see, nobody in automotive really >>> concerns about security. >>> >>> >>> ----- >>> >>> >>> >>> ----- Konstantin A. Khait Componentality Oy Tel: >>> +358(0)465662016 В В В В +7(921)9005780 > >>> Skype: kostia.khait E-Mail:khait@componentality.com >>> <mailto:khait@componentality.com> 53100 Finland Ratakatu 47 >>> Lappeenranta >>> >>> >>>> This "Shuttle bus with J1939 air-conditioning" connects an >>>> insecure CAN network with (typically at least) little security >>>> to the wider Internet: "Via a wireless communication based on >>>> the J1939 protocol, the individual HVAC systems are supervised >>>> by the climate control center in the operator’s office." В В >>>> The J1939 CAN-bus is exposed >>> near >>>> passengers on the shuttle-bus. В В В В Looks like a rolling >>>> security > >>>> problem to me! >>> >>>> >>> http://can-newsletter.org/engineering/applications/nr_shuttle-bus-with-j1939-air-conditioning_thermoking_131008/ > >>> >> >>> В > >>> _______________________________________________ its mailing list >>> its@ietf.org <mailto:its@ietf.org> >>> https://www.ietf.org/mailman/listinfo/its >>> > > >> _______________________________________________ its mailing list >> its@ietf.org <mailto:its@ietf.org> >> https://www.ietf.org/mailman/listinfo/its > > > > > _______________________________________________ its mailing list > its@ietf.org https://www.ietf.org/mailman/listinfo/its >
- [its] V2I security problems Alison Chaiken
- Re: [its] V2I security problems Bless, Roland (TM)
- Re: [its] V2I security problems Konstantin A. Khait
- Re: [its] V2I security problems Rex Buddenberg
- Re: [its] V2I security problems Alison Chaiken
- Re: [its] V2I security problems Konstantin A. Khait
- Re: [its] V2I security problems Rex Buddenberg
- Re: [its] V2I security problems Konstantin A. Khait
- Re: [its] V2I security problems Alexander Pinaev
- Re: [its] V2I security problems Alexandru Petrescu