Presentation is loading. Please wait.

Presentation is loading. Please wait.

Proposal for an achievable, cost effective Security Concept for EOBRs C. Hardinge / A. Lindinger.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Proposal for an achievable, cost effective Security Concept for EOBRs C. Hardinge / A. Lindinger."— Presentation transcript:

1 Proposal for an achievable, cost effective Security Concept for EOBRs C. Hardinge / A. Lindinger

2 Problem domain Solution General PKI Digital Signature Data Storage Certification Roadside Enforcement Summary Content 2011-10-24 2Charles Hardinge & Andreas Lindinger © Continental AG

3 RODS Data is stored at different system nodes with no inherent protection Data can be modified without leaving any trace Enforcement cannot rely on the data Basic security goals not achieved: data integrity authenticity non-repudiation Problem Domain 2011-10-24 3Charles Hardinge & Andreas Lindinger © Continental AG EOBR Host System servers Enforcement servers Secure communication Possible point of manipulation Enforcement device Secure communication

4 Focus on the protection of the data, not the communication path Protecting the complete communication path is costly and does not solve the problem of maintenance of data integrity Protecting the data allows cost effective transmission and storage of the data Any modification of the data, intentional or accidental can be easily detected Roadside enforcement can rely on the data authenticity, non- repudiation and integrity The data is protected using digital signatures provided by a Public Key Infrastructure (PKI) implementation State of the art. Encouraged by NIST for federal agencies (800-25) Solution – General 2011-10-24 4Charles Hardinge & Andreas Lindinger © Continental AG

5 Solution – Public Key infrastructure 2011-10-24 5Charles Hardinge & Andreas Lindinger © Continental AG

6 Solution – Public Key infrastructure 2011-10-24 6Charles Hardinge & Andreas Lindinger © Continental AG Bob‘s Private Key BOB_SK Bob‘s Public Key BOB_PK Registration Authority Is Bob Bob ? Is Bob trustworthy? Certification Authority CA‘s Private Key CA_SK Please trust me OK to create certificate Bob’s Public Key Certificate data Signature CA_SK Generate certificate and sign with CA_SK

7 Solution – Digital Signature with asymmetrical cryptography 2011-10-24 7Charles Hardinge & Andreas Lindinger © Continental AG Hash Function Message Signature EOBR Private Key Encryption Digest Message Decryption ExpectedDigestActualDigest Hash Function Signer - EOBR Receiver - Enforcement Channel DigestAlgorithm DigestAlgorithm EOBR certificate Validated EOBR Public Key EOBR certificate

8 Data storage based on RODS flat file format. New elements needed. Solution – Data Storage 2011-10-24 8Charles Hardinge & Andreas Lindinger © Continental AG Data ElementData Element DefinitionTypeLengthSign EOBR ID Unique ID of the EOBR – same ID as in the certificate. N10 - TBDYes Session BeginDate and time of session beginN15Yes Session EndDate and time of session endN15Yes Digital Signature ASCII representation of Digital Signature of all relevant data elements since the last Digital Signature was recorded A40-500No Certificate ASCII representation of an EOBR public key certificate A130-1050No Record SignedIndicates whether the record has been signed or not (optional depending on data storage concept – see 4.1.3.3) A1

9 Digital signatures calculated only using relevant original data Maximum flexibility provided, to maintain existing storage concepts Example of a simplified RODS file structure showing a Session with digital signature: Could interleave annotations but would need a „sign“ element. Solution – Data Storage 2011-10-24 9Charles Hardinge & Andreas Lindinger © Continental AG

10 At least the following rules must be applied (non exhaustive list): whenever a new Session is started, a Session Begin is recorded whenever a Session is finished a Session End is recorded each Session must include an EOBR ID record the Digital Signature is calculated for all records between, and including, the Session begin and end records the Digital Signature is stored in the RODS file directly after the Session End the EOBR Certificate is stored in the RODS file directly after the Digital Signature the element Event Update Status Code must be excluded from the signature calculation (Sign = N) the EOBR must ensure that only, and all original records are signed, not annotations, regardless of the source of the annotation annotated records must not replace original records. Solution – Data Storage Rules 2011-10-24 10Charles Hardinge & Andreas Lindinger © Continental AG

11 Independent EOBR certification is needed to ensure that the critical security and functional elements of the system are handled correctly and consistently by all manufacturers: EOBR generation, storage and processing of HOS/RODS records key generation and installation key storage Interoperability of EOBRs and enforcement devices The detailed EOBR security requirements must be defined in order to be able to perform a certification Possible certification standard: Common Criteria An EOBR and its manufacturer must have achieved security certification before they are permitted to install any “hot” keys. Solution – Certification 2011-10-24 11Charles Hardinge & Andreas Lindinger © Continental AG

12 Roadside enforcement is the central issue of the EOBR. Without efficient enforcement, the EOBR is superfluous. With digitally signed data, roadside enforcement can rely on: the integrity of the data the authenticity of the data non-repudiation not being feasible An analysis of HOS using signed data and all data could be compared to determine the effect of the annotations Solution – Roadside Enforcement 2011-10-24 12Charles Hardinge & Andreas Lindinger © Continental AG

13 Full Telematic solution Solution – Roadside Enforcement scenarios 2011-10-24 13Charles Hardinge & Andreas Lindinger © Continental AG EOBR Host System servers Enforcement servers Secure comms Enforcement Device Secure comms EOBR Host System servers Enforcement Device Secure P2P comms EOBR Enforcement Device Secure P2P communication P2P / Telematic mixed solution Full Peer to Peer solution

14 It is recommended that the enforcement community be equipped with standard, dedicated mobile enforcement devices Such a device could support: USB interface Short range wireless interface Long-range wireless interface (if needed) Secure record storage until return to back-office Software upgrade in back-office Accepted interface to enforcement system This would be a robust, standardized and long term cost effective solution. Solution – Roadside Enforcement Equipment 2011-10-24 14Charles Hardinge & Andreas Lindinger © Continental AG

15 Implementing the proposed PKI based security concept for data protection provides the following advantages: Deliberate or accidental modification of data is detectable Trustable data for enforcement – no more „comic books“ Simple, flexible, cost effective solution Reduced opportunities for driver harassment Supports following FMCSA requirements: Data at rest must be protected Data in Transit must be protected The EOBR shall protect EOBR data collected, stored, disseminated, or transmitted from inadvertent alteration, spoofing, tampering, and other deliberate corruption Summary 2011-10-24 15Charles Hardinge & Andreas Lindinger © Continental AG

16 Any questions ? Charles Hardinge +49 7721 67-2365 Charles.Hardinge@continental-corporation.com Andreas Lindinger +49 7721 67-2245 Andreas.Lindinger@continental-corporation.com Questions 2011-10-24 16Charles Hardinge & Andreas Lindinger © Continental AG

Download ppt "Proposal for an achievable, cost effective Security Concept for EOBRs C. Hardinge / A. Lindinger."

Similar presentations

1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.

1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.
Thomas S. Messerges, Ezzat A. Dabbish Motorola Labs Shin Seung Uk.

Thomas S. Messerges, Ezzat A. Dabbish Motorola Labs Shin Seung Uk.
Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
1 GP Confidential ©2013 1 GlobalPlatform’s Value Proposition for Mobile Point of Sale (mPOS)

1 GP Confidential © GlobalPlatform’s Value Proposition for Mobile Point of Sale (mPOS)
Digital Signatures and Hash Functions. Digital Signatures.

Digital Signatures and Hash Functions. Digital Signatures.
Information Security & Cryptographic Principles. Infosec and Cryptography Subjects / Topics : 1. Introduction to computer cryptography 1. Introduction.

Information Security & Cryptographic Principles. Infosec and Cryptography Subjects / Topics : 1. Introduction to computer cryptography 1. Introduction.
Information security An introduction to Technology and law with focus on e-signature, encryption and third party service Yue Liu Feb.2008.

Information security An introduction to Technology and law with focus on e-signature, encryption and third party service Yue Liu Feb.2008.
6/1/20151 Digital Signature and Public Key Infrastructure Course:COSC513-01 Instructor:Professor Anvari Student ID:106845 Name:Xin Wen Date:11/25/00.

6/1/20151 Digital Signature and Public Key Infrastructure Course:COSC Instructor:Professor Anvari Student ID: Name:Xin Wen Date:11/25/00.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.

Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.
WAP Public Key Infrastructure CSCI 5939.02 – Independent Study Fall 2002 Jaleel Syed Presentation No 5.

WAP Public Key Infrastructure CSCI – Independent Study Fall 2002 Jaleel Syed Presentation No 5.
16.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.

6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.
Using Cryptographic ICs For Security and Product Management Misconceptions about security Network and system security Key Management The Business of Security.

Using Cryptographic ICs For Security and Product Management Misconceptions about security Network and system security Key Management The Business of Security.
LAB#2 JAVA SECURITY OVERVIEW Prepared by: I.Raniah Alghamdi.

LAB#2 JAVA SECURITY OVERVIEW Prepared by: I.Raniah Alghamdi.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Similar presentations

Ads by Google