Presentation is loading. Please wait.

Presentation is loading. Please wait.

The SAFERtec project on V2I security assurance: concept and vision

Published bySabina Pope Modified over 5 years ago

Similar presentations

Presentation on theme: "The SAFERtec project on V2I security assurance: concept and vision"— Presentation transcript:

1 The SAFERtec project on V2I security assurance: concept and vision
Panagiotis Pantazopoulos, PhD Institute of Communication and Computer Systems SAFERtec session, Oslo, Norway 14 September 2017

2 Presentation break-down
Where is our focus placed-on? Why we consider the problem interesting/important? How do we tackle it ? 14 September 2017 SAFERtec workshop (in conjunction with ESORICS), Oslo, Norway 2

3 What is SAFERtec all about?
(out of 187 words taken from the project abstract and the summary of the ‘proposed solution’ text-box) 14 September 2017 SAFERtec workshop (in conjunction with ESORICS), Oslo, Norway 3

4 Connected vehicles: an emerging paradigm
a dynamic Cyber-physical system comprised by highly-equipped infrastructure-connected vehicles They integrate a large set 3rd party components (including GNSS Receiver) and apps Numerous interfaces and an increased attack surface are exposed To what extent are we ‘sure’ that the involved technology meets the requirements for safety/security/privacy… Focus on V2I 14 September 2017 SAFERtec workshop (in conjunction with ESORICS), Oslo, Norway 4

5 Quantifying assurance levels..
Quantification of the involved levels is complex and costly ! Typically relies on generic frameworks not tailored for the connected-vehicle-ecosystem Strong dependencies between modules The ‘connected vehicles’ attack surface is large.. ‘Connected Vehicles’ that are equipped with consumer electronics and telematic services typically integrate a large set 3rd party components and applications. Applications “outside the vehicle” introduced by 3rd party application providers, or an application provider of RSUs/ traffic management centre/cloud-based services have different requirements and impact. Combining security with safety (at all stages of the analysis; threat, vulnerability and risk assessment) is one of the cornerstones of SAFERtec. The main research-question that SAFERtec addresses is to quantify the degree of confidence that all security needs (involved in V2I communication instances) are satisfied. Existing standards and approaches such as NIST FIPS 140-X, ISO Common Criteria 1.3 and recommendations published by the Car-to-Car consortium do not cover all aspects related to the automotive and connected vehicle eco-system, are rather generic and with limited scope, difficult and slow to adapt. 14 September 2017 SAFERtec workshop (in conjunction with ESORICS), Oslo, Norway 5

6 SAFERtec project in a nutshell
Security assurance for connected vehicles …includes work on: Attack modeling and vulnerability analysis on challenging V2I use-cases Design of an agile assurance framework Realization of the use-cases with prototype vehicle(s) and 3rd party hardware Verification of the framework’s accuracy ‘Transforming‘ the framework into an online toolkit Project facts Start date: January 2017 Duration: 36 months Budget: 3.81 Meuro Project Coordinator: Dr. Angelos Amditis, ICCS 14 September 2017 SAFERtec workshop (in conjunction with ESORICS), Oslo, Norway 6

7 SAFERtec Project objectives
Description Comment 1 Provide security assurance Framework for the whole System Development Life Cycle Aim to cover: design, implementation, verification, operation (and maintenance) 2 Provide methods for threat analysis and attack modeling 3 Enhance vulnerability analysis and penetration testing in connected vehicles and V2I systems 4 Define of Metrics (quantification) and KPIs related to system reliability, safety, security and privacy 5 Provide a flexible and cost-efficient security assurance process Aim to have: framework across all modules/system 6 Foster the adaptation of more flexible and cost-efficient assurance methods for the automotive industry, 7 Improve European industrial competitiveness in secure & trusted Connected Vehicle and V2X based ICT 8 Identify gaps in current security assurance practices, formal methods and international accepted standards Standardization plan 9 Assess and evaluate the assurance framework through real world use case scenarios 14 September 2017 SAFERtec workshop (in conjunction with ESORICS), Oslo, Norway 7

8 How to work: the SAFERtec work plan
WP1 Management WP2 modeling & requirements WP3 Assurance framework(AF) WP4 Connected Vehicle System WP5 AF Evaluation WP6 AF Toolkit WP7 Dissemination 14 September 2017 SAFERtec workshop (in conjunction with ESORICS), Oslo, Norway 8

9 The SAFERtec Vehicle-to-Infrastructure Use-Cases
Graphics courtesy of Car 2 Car consortium 14 September 2017 SAFERtec workshop (in conjunction with ESORICS), Oslo, Norway 9

10 Thank you! Any Questions?
Panagiotis Pantazopoulos, PhD Researcher/Technical Project Manager ICCS

11 Back-up slides

12 Project objectives 12 July 2017
Check if a certain product meets the SAFERtec requirements; if not, the product is suggested to be sent back to the manufacturer for ‘improvements’. Thus, we impact the design. Project objectives Objectives Description Comment 1 Provide security assurance Framework for the whole System Development Life Cycle Aim to cover: design, implementation, verification, operation (and maintenance) 2 Provide methods for threat analysis and attack modeling 3 Enhance vulnerability analysis and penetration testing in connected vehicles and V2I systems 4 Define of Metrics (quantification) and KPIs related to system reliability, safety, security and privacy D2.2 “Expression of security needs” 5 Provide a flexible and cost-efficient security assurance process WP3 : same basic set of rules for 80% of the studied cases 6 Foster the adaptation of more flexible and cost-efficient assurance methods for the automotive industry, -//- 7 Improve European industrial competitiveness in secure & trusted Connected Vehicle and V2X based ICT 8 Identify gaps in current security assurance practices, formal methods and international accepted standards Standardization plan already in the proposal. Updates to be discussed explicit contribution, extension or recommendation to a relevant standard 9 Assess and evaluate the assurance framework through real world use case scenarios 12 July 2017 SAFERtec workshop (in conjunction with ESORICS), Oslo, Norway 12

13 Risk management A risk matrix set up at the project kick- off
Updated in the D1.2 –Risk and Quality Procedures Manual To be updated in every quarter of the project 12 July 2017 SAFERtec workshop (in conjunction with ESORICS), Oslo, Norway 13

Download ppt "The SAFERtec project on V2I security assurance: concept and vision"

Similar presentations

Module 1 Evaluation Overview © Crown Copyright (2000)

Module 1 Evaluation Overview © Crown Copyright (2000)
The design process IACT 403 IACT 931 CSCI 324 Human Computer Interface Lecturer:Gene Awyzio Room:3.117 Phone:4221 4090

The design process IACT 403 IACT 931 CSCI 324 Human Computer Interface Lecturer:Gene Awyzio Room:3.117 Phone:
GAMMA Overview. Key Data Grant Agreement n° 312382 Starting date: 1 st September 2013 Duration: 48 months (end date 31 st August 2017) Total Budget: 14.837.981.

GAMMA Overview. Key Data Grant Agreement n° Starting date: 1 st September 2013 Duration: 48 months (end date 31 st August 2017) Total Budget:
ITIL: Service Transition

ITIL: Service Transition
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
UGDIE KICK-OFF MEETING F-MAN 1 ΑΝΝΕΧ 1-A by UGDIE.

UGDIE KICK-OFF MEETING F-MAN 1 ΑΝΝΕΧ 1-A by UGDIE.
Framework for Improving Critical Infrastructure Cybersecurity Overview and Status Executive Order 13636 “Improving Critical Infrastructure Cybersecurity”

Framework for Improving Critical Infrastructure Cybersecurity Overview and Status Executive Order “Improving Critical Infrastructure Cybersecurity”
Project Presentation.

Project Presentation.
Assurance Case Approach TECNALIA Inspiring Business Novara November, 2013 TRIAL WS.

Assurance Case Approach TECNALIA Inspiring Business Novara November, 2013 TRIAL WS.
IP-Based Emergency Applications and Services for Next Generation Networks PEACE Presented by Suji Gunaratne PhD.

IP-Based Emergency Applications and Services for Next Generation Networks PEACE Presented by Suji Gunaratne PhD.
ESA/ESTEC, TEC-QQS August 8, 2005 SAS_05_ESA SW PA R&D_Winzer,Prades Slide 1 Software Product Assurance (PA) R&D Road mapping Activities ESA/ESTEC TEC-QQS.

ESA/ESTEC, TEC-QQS August 8, 2005 SAS_05_ESA SW PA R&D_Winzer,Prades Slide 1 Software Product Assurance (PA) R&D Road mapping Activities ESA/ESTEC TEC-QQS.
Benoît ESNAULT Commission de Régulation de l’Energie 17th Madrid Forum Madrid, 15 January 2010 10-year network development plan ERGEG recommendations.

Benoît ESNAULT Commission de Régulation de l’Energie 17th Madrid Forum Madrid, 15 January year network development plan ERGEG recommendations.
Halifax, 31 Oct – 3 Nov 2011ICT Accessibility For All SMART GRID ICT: SECURITY, INTEROPERABILITY & NEXT STEPS John O’Neill, Senior Project Manager CSA.

Halifax, 31 Oct – 3 Nov 2011ICT Accessibility For All SMART GRID ICT: SECURITY, INTEROPERABILITY & NEXT STEPS John O’Neill, Senior Project Manager CSA.
ISO 9001:2008 to ISO 9001:2015 Summary of Changes

ISO 9001:2008 to ISO 9001:2015 Summary of Changes
Project co-funded by the European Commission within the 7th Framework Program (Grant Agreement No. 619682 ) Business Convergence WS#2 Smart Grid Technologies.

Project co-funded by the European Commission within the 7th Framework Program (Grant Agreement No ) Business Convergence WS#2 Smart Grid Technologies.
SAFESPOT Project Kick off Meeting February 16 th and 17 th 2006 Rome 1 Integrated Project Co-operative Systems for Road Safety “Smart Vehicles on Smart.

SAFESPOT Project Kick off Meeting February 16 th and 17 th 2006 Rome 1 Integrated Project Co-operative Systems for Road Safety “Smart Vehicles on Smart.
The use of Formal Standards to Boost Creativity for Computing Students Gill Whitney Principal Lecturer, Middlesex University, School of Engineering and.

The use of Formal Standards to Boost Creativity for Computing Students Gill Whitney Principal Lecturer, Middlesex University, School of Engineering and.
MANISH GUPTA. Presentation Outline Introduction Motivation Content Expected Impact Funding Schemes & Budget.

MANISH GUPTA. Presentation Outline Introduction Motivation Content Expected Impact Funding Schemes & Budget.
Financial Services Sector Coordinating Council (FSSCC) 2011 KEY FSSCC INITIATIVES 2011 Key FSSCC Initiatives Project Name: Project Description: All-Hazards.

Financial Services Sector Coordinating Council (FSSCC) 2011 KEY FSSCC INITIATIVES 2011 Key FSSCC Initiatives Project Name: Project Description: All-Hazards.
Experience from H2020 Proposals (a personal assessment)

Experience from H2020 Proposals (a personal assessment)

Similar presentations

Ads by Google