The SAFERtec project Introducing a Security Assurance Framework

The SAFERtec project Introducing a Security Assurance Framework for Connected Vehicles Sammy Haddad, Research Manager, Oppida TRUESSEC. eu Symposium, Lille, France 12 December 2018

Security assurance for connected vehicles � Motivation: Connected Vehicles integrate a large set of 3 rd party components and applications ◦ Numerous interfaces and an increased surface are exposed attack Focus on V 2 I � To what extent are we ‘sure’ that the involved technology meets the requirements for � Quantification of assurance is costly (and complex)! ◦ Typically relies on generic frameworks not accounting-for the connectedvehicle-ecosystem details 12 December 2018 TRUESSEC. eu Symposium, Lille, France 2

Consortium and SAFERtec scope � A consortium of high complementarity and distinct roles Project facts Start date: January 2017 Duration: 36 months Budget: 3. 81 MEuros � to work on: • Attack modeling and vulnerability analysis on the most challenging V 2 I use-cases • Design of an agile assurance framework • Realization of the use-cases with prototype vehicle and 3 rd party software & hardware • Verification of the framework’s accuracy • ‘Transforming‘ the framework into an online toolkit 12 December 2018 TRUESSEC. eu Symposium, Lille, France 3

WORK IN THE COURSE OF TIME. . Now January 2018 March 2018 September 2018 June 2018 December 2018 March 2019 …. Modeling of V 2 I use-cases Use-cases, attack modeling, risk analysis & security controls Development of the connected-vehicle system Prototype vehicle with 3 rd party HW/SW connected to infrastructure Design of a Security Assurance Framework Considerably Enhance the most credible security assurance framework Evaluation of the framework just started Under two general V 2 I instances we study: Optimal driving-speed advice ◦ Real-time traffic-hazard information ◦ Priority request in intersection-crossing ◦ 12 December 2018 TRUESSEC. eu Symposium, Lille, France 4

A BIT OF TECHNICALITIES: REQUIREMENTS ELICITATION & MODELLING A novel 6 -stages approach integrating 3 methodologies (EBIOS, Secure. Tropos and Pri. S) Input: the high level description of the V 2 I considered use-cases Output: identified security and privacy requirements and countermeasures Threat elicitation is based on ETSI standards 12 December 2018 TRUESSEC. eu Symposium, Lille, France 5

Introducing the SAFERtec assurance framework enhancements to the most credible security assurance approach so-far 12 December 2018 TRUESSEC. eu Symposium, Lille, France 6

What does SAFERtec improve? • Dedicated ITS Protection Profiles • SAFERtec PPS • Based on community requirements and expertise • SAFERtec, C 2 C, ETSI WG 5, etc. • To be standardized • Parallel execution of tasks • Limited use of official and accredited bodies during evaluation… • Components vs system • Assurance by assurance task vs classical component certification • No official certification body • Only type approval process • Vulnerability test, Developer security audits, Confidential data (e. g. product architecture) • Licensed laboratory only for specific tasks • Providing SAFERtec dedicated tools for ITS security • • • Ø Innovative combination of EBIOS, Secure. Tropos and Pri. S WP 6 tool box Reduce the cost and shorten overall evaluation time Should lower costs by 30% and shorten evaluation time by 40% for high assurance 12 December 2018 TRUESSEC. eu Symposium, Lille, France 7

The Connected Vehicle System (to evaluate the framework) • Objective Realize and set-up a Connected Vehicle System (CVS) to be used as a real world reference system for SAFERtec • Enable testing and development of security solutions and controls • Enable to apply the SAFERtec Assurance framework in different application scenarios 12 December 2018 TRUESSEC. eu Symposium, Lille, France 8

Vehicle Bench (integration to be finalized) 12 December 2018 TRUESSEC. eu Symposium, Lille, France 9

Evaluation of the proposed framework use the Connected Vehicle System as a test-bed � To evaluate and provide enough evidence of the suitability of the proposed SAFERtec Assurance Framework and its developed tools and methodologies � To compare existing approaches for security assurance with the proposed SAFERtec Assurance Framework � To evaluate its extensibility, granularity, flexibility and adaptation to changing conditions � To evaluate its cost efficiency at component and system level 12 December 2018 TRUESSEC. eu Symposium, Lille, France 10

An online toolkit to realize the framework � Objectives definition of the AFT reference architecture • First conceptual (actors, relations) and then technical (computational, storage needs) implementation of the AFT as a modular software platform • Enabled to host the security related specification of the modules and computational interpretations • To output security assurance evaluations (e. g. , definition of security targets, identification of tests to help the developer) Interpretation of the framework logic into rule programs Expert user • Writes rules • Updates components Normal user • Generate evaluations 12 December 2018 Inference Engine connected to a database of rules and assets TRUESSEC. eu Symposium, Lille, France 11

EXPECTED ACHIEVEMENTS AND IMPACT … Innovative modeling work for the emerging risks/vulnerability Introduction of an agile security assurance framework tailored for V 2 I Experimental validation of the framework using a prototype vehicle and dedicated SW and HW Contribution to relevant standards Toolkit to enable (semi-)automated generation of assurance levels for Connected Vehicles Assurance Framework Toolkit 12 December 2018 TRUESSEC. eu Symposium, Lille, France 12

Conclusions Establishing vehicular connectivity comes with further cyber-security, privacy and safety concerns An under-explored area: Automotive Security Assurance ◦ Degree of confidence that the realized automotive (cyber-)security controls will reduce anticipated risks EU SAFERtec advances the V 2 I security assurance research aiming to increase trust in connected vehicles/ITS 12 December 2018 TRUESSEC. eu Symposium, Lille, France 13

Thank you! Any Questions? Sammy Haddad, Research Manager, Oppida sammy. haddad@oppida. fr "This work is a part of the SAFERtec project. This project has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement no 732319"