european framework for c-its security - etsi · european framework for. c-its security. 6. th. of...
TRANSCRIPT
European Framework forC-ITS Security6th of March 2018Gerhard MenzelEuropean Commission
Key EU Policy Milestones to deliver C-ITS in Europe by 2019
Cooperative Intelligent Transport Systems
Connected Vehicles
Automated Vehicles
A European Strategy on Cooperative Intelligent Transport Systems, November 2016
Commission Delegated Act on Cooperative Intelligent Transport Systems, foreseen 2018
European Certificate & Security Policy for Deployment and Operation of European C-ITS, June
& December 2017
• Setting the scene for the Pan-European Deployment of Cooperative, Connected and Automated Vehicles
• Common vision and identification of open issues
C-ITS platform final report & Annexes available at:http://ec.europa.eu/transport/themes/its/c-its_en.htm
C-ITS Platform Phase I
C-ITS Platform Phase II
• Implement recommendations of first phase• Analyse how cooperation, connectivity and
automation converge
C-ITS Strategy
• COM (2016) 766 - A European strategy on Cooperative Intelligent Transport Systems, a milestone towards cooperative, connected and automated mobility
• Clear path on C-ITS Security in the EU from the Commission
https://ec.europa.eu/transport/themes/its/c-its_en
EU C-ITS StrategyCOM (2016) 766
https://ec.europa.eu/transport/themes/its/c-its_en
June / December 2017:C-ITS Certificate & Security Policy published!
C-ITS SecurityEU Trust Model
EU Coordination Role"TLM/CPOC"
… e.g. run by
Member State 1
… run by the EC for all who don’t run their
own
. . . Root CA NRoot CA 1 Root CA 2
Policy Authority
… e.g. privately run by a manu-
facturer
Root CA 2
… e.g. run by
Member State 2
… in theory many Root
CAs are possible run by public or
private
Legend:TLM … Trust List ManagerCPOC … C-ITS Point of Contact CA … Certificate Authority
EU Root CA
Scope of EU CCMS pilotphase
European Union C-ITS Security Credential Management System – Pilot Phase (EU CCMS)
• 4 year fully financed pilot operation of an European C-ITS Credential Management System ("PKI") implemented and operated by the European Commission
• Funds of CEF Public Support Action (Work Programme2016)
• Provision of common European elements: Full setup of CPOC, TLM and EU Root CA to support initial C-ITS deployment in Europe as defined in Release 1 of the certificate & security policy documents
• Time Horizon Pilot Phase: 2018-2021
European Union C-ITS Security Credential Management System – Pilot Phase (EU CCMS)
• First Tenders expected to be launched 2018, currently in preparation – mainly for CPOC protocol definitions and TLM setup
• Goal is to provide a first prototype version of the TLM / CPOC functionalities already in 2018 for early deployment initativesfor testing purposes (e.g. C-Roads Member States or single OEMs) – to be confirmed
• Open to all stakeholders and C-ITS Day 1 deployment initiatives
C-ITS Security: Current topics (1/4)• Timely Update of Certificate Policy Release 1 is needed
• Alignment with Security Policy Release 1
• Update of “yellow” items & inconsistencies, some commitments for the update of the Certificate Policy were already taken in December C-ITS Security Workshop in Brussels, e.g.:
• Protection Profiles SOG-IS process
• AT Validity period 1 week, max. 100 ATs valid in parallel
• TS 103 097 v1.3.1 applies migration needs! (e.g. EU CCMS TLM/CPOC will not support old versions of this standard)
• Workshop planned spring 2018 – details & invitations will follow
C-ITS Security: Current topics (2/4)• Update of ETSI Standards
• Urgent Call for ETSI to release new version of ETSI TS 102 941 in alignment with TS 103 097 v1.3.1
• Updated ETSI 102 941 is needed for all deployment initiatives as well as the EU CCMS activities!
C-ITS Security: Current topics (3/4)• Applicability of EU Certificate & Security Policy (CP/SP)
• Reminder: C-ITS services and hence C-ITS security needs to be fully interoperable. There is only 1 single trust domain in Europe.
• The CP/SP are fully communication technology layer agnostic. They equally and fully apply to short range (e.g. ITS-G5) or long range cellular based technologies (Hybrid!).
• Secure communication is NOT enough! (e.g. through proprietary solutions)
• ITS stations sign messages with certificates to ensure Authenticity (from a trusted source) & Integrity (not modified). ALL ITS stations need to comply to CP/SP and EU CCMS for EU wide interoperability, no matter the communication technology.
C-ITS Security: Current topics (4/4)• Protection Profiles for C-ITS Stations
• CP/SP demands protection profiles certified through SOG-IS process
• At this moment no publicly available protection profile exists for mobile or fixed C-ITS stations
• Any updates on that by the C-ITS community?
• EC happy to assist wherever possible and needed.
More InformationCooperative, connected and automated mobility (C-ITS):
https://ec.europa.eu/transport/themes/its/c-its_en
Thank you for your attention!Gerhard Menzel
[email protected] Commission - DG JRC
E.3: Cyber & Digital Citizens‘ Security