IETF Logo Mail Archive

Re: [its] V2I security problems

"Konstantin A. Khait" <khait@componentality.com> Mon, 14 October 2013 20:06 UTC

Return-Path: <khait@componentality.com>
X-Original-To: its@ietfa.amsl.com
Delivered-To: its@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 67CD421E811E for <its@ietfa.amsl.com>; Mon, 14 Oct 2013 13:06:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.778
X-Spam-Level:
X-Spam-Status: No, score=-1.778 tagged_above=-999 required=5 tests=[AWL=0.763, BAYES_00=-2.599, GB_I_LETTER=-2, HTML_MESSAGE=0.001, J_CHICKENPOX_65=0.6, MIME_HTML_ONLY=1.457]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9qljS5LGGMbw for <its@ietfa.amsl.com>; Mon, 14 Oct 2013 13:06:21 -0700 (PDT)
Received: from smtp-out2.electric.net (smtp-out2.electric.net [72.35.23.39]) by ietfa.amsl.com (Postfix) with ESMTP id 2A39021E80FB for <its@ietf.org>; Mon, 14 Oct 2013 13:06:20 -0700 (PDT)
Received: from 1VVoPD-0007l0-To by out2a.electric.net with emc1-ok (Exim 4.80.1) (envelope-from <khait@componentality.com>) id 1VVoPD-0007m0-Uu; Mon, 14 Oct 2013 13:06:19 -0700
Received: by emcmailer; Mon, 14 Oct 2013 13:06:19 -0700
Received: from [10.86.10.83] (helo=fuseout2c.electric.net) by out2a.electric.net with esmtps (TLSv1.1:DHE-RSA-AES256-SHA:256) (Exim 4.80.1) (envelope-from <khait@componentality.com>) id 1VVoPD-0007l0-To; Mon, 14 Oct 2013 13:06:19 -0700
Received: from mailanyone.net by fuseout2c.electric.net with esmtpsa (TLSv1:AES256-SHA:256) (MailAnyone extSMTP khait@componentality.com) id 1VVoPA-0005ER-NC; Mon, 14 Oct 2013 13:06:19 -0700
Date: Tue, 15 Oct 2013 00:06:13 +0400
From: "Konstantin A. Khait" <khait@componentality.com>
Organization: Componentality Oy
X-Priority: 3 (Normal)
Message-ID: <1351916964.20131015000613@componentality.com>
To: Rex Buddenberg <buddenbergr@gmail.com>
In-Reply-To: <1381768198.8469.88.camel@localhost>
References: <CAFfskNxSZjvYx-nmCmtD9dFVhsFn=PuMF=AoR0bz10JzqwFJ3A@mail.gmail.com> <1791874414.20131014121517@componentality.com> <1381768198.8469.88.camel@localhost>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----------55217157BDCF9"
X-FM-Authenticated: khait@componentality.com
X-Outbound-IP: 10.86.10.83
X-Env-From: khait@componentality.com
X-PolicySMART: 1429848
X-Virus-Status: Scanned by VirusSMART (c)
Cc: Alexander Pinaev <apinaev@gmail.com>, Alison Chaiken <alison@she-devel.com>, "its@ietf.org" <its@ietf.org>
Subject: Re: [its] V2I security problems
X-BeenThere: its@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Intelligent Transportation Systems discussion list." <its.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/its>, <mailto:its-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/its>
List-Post: <mailto:its@ietf.org>
List-Help: <mailto:its-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/its>, <mailto:its-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Oct 2013 20:06:25 -0000

Re: [its] V2I security problems No, no, no... I didn't mean that it is just an encryption issue. It is definitely strange that somebody simply propagates CAN to wireless communication area. Nobody took care of CAN security because it was designed as a wired bus for [in-particular] in-vehicle use. Moreover, it seems rather hard and expensive to make CAN secure, because encryption will affect the bus logic: either conflicts resolution approach or message priority.
It seems to me, the old school design of such things assumes a gateway between wireless portion and CAN bus which proceeds wireless commands and issues CAN messages. The set of commands is limited by required functions, so there's no way to provoke random CAN message. In this case wireless channel should be secured with using regular pre-shared or more probable public key approach and in-vehicle CAN remains unsecured.
What I meant, "old school design" is nothing if it is not an industry standard. It should be a common approach how to send functional data over the air and this standard must include a security method. So, it shall be like wireless MOST bus where each functional block has limited set of methods and properties predefined in the corresponded standard. MOST is unsecured (because it is again in-vehicle technology), but it is just an example. Wireless method should be based on something common (I'd say 802.11) and use corresponded security provisioning approaches.

Thanks,
Kostia

-----



-----
Konstantin A. Khait
Componentality Oy
Tel: +358(0)465662016
       +7(921)9005780
Skype: kostia.khait
E-Mail: khait@componentality.com
53100 Finland
Ratakatu 47
Lappeenranta


> The issue is not what encryption technology is used -- that's a
> discussion in the small. В What is at issue is the scope of the
> encryption. В 

> If the CAN is encrypted ... is the data protected in the radio
> network? В 

> The important objective is to secure the _data_ and to secure it
> end-to-end. В Rendering the most important security attributes
> (authenticity and confidentiality) irrelevant to whether the passengers
> can touch it. В 

> What the internet does, that none of the wannabes do, is provide
> end-to-end reliability over an infrastructure that we acknowledge to be
> less than perfect. В That's what all the ACK/NAC, packet numbering and
> the three-way handshake in TCP is about. В  What we have not done (at
> least not here) is apply the same principles to security -- we need
> end-to-end security over an infrastructure that we acknowledge is less
> than perfect. В 



> On Mon, 2013-10-14 at 12:15 +0400, Konstantin A. Khait wrote:
>> Hm... It is yet another reason why custom "...-based" protocols are
>> evil [in automotive]. IEEE1609 assumes elliptic encription, which is
>> very hard to attack (basically even harder than AES). But according to
>> what we see, nobody in automotive really concerns about security.
>> 
>> 
>> -----
>> 
>> 
>> 
>> -----
>> Konstantin A. Khait
>> Componentality Oy
>> Tel: +358(0)465662016
>> В  В  В  В +7(921)9005780
>> Skype: kostia.khait
>> E-Mail: khait@componentality.com
>> 53100 Finland
>> Ratakatu 47
>> Lappeenranta
>> 
>> 
>> > This "Shuttle bus with J1939 air-conditioning" connects an insecure
>> > CAN network with (typically at least) little security to the wider
>> > Internet: "Via a wireless communication based on the J1939 protocol,
>> > the individual HVAC systems are supervised by the climate control
>> > center in the operator’s office." В В The J1939 CAN-bus is exposed
>> near
>> > passengers on the shuttle-bus. В В В В Looks like a rolling security
>> > problem to me!
>> 
>> >
>> http://can-newsletter.org/engineering/applications/nr_shuttle-bus-with-j1939-air-conditioning_thermoking_131008/
>> 
>> В 
>> _______________________________________________
>> its mailing list
>> its@ietf.org
>> https://www.ietf.org/mailman/listinfo/its
>> 


> _______________________________________________
> its mailing list
> its@ietf.org
> https://www.ietf.org/mailman/listinfo/its
 

v2.23.0 | Report a Bug | By Email