WORKSHOP C-ROADS PORTUGAL João de Deus Miranda IP Telecom - Segurança, Cloud & Datacenter 28.11.2017 22.12.2017 www.c-roads.eu 1
Grupo Infraestruturas de Portugal 22.12.2017 www.c-roads.eu 2
IP Telecom Rede de Fibra Ótica Cobertura Nacional Domínio Público Ferroviário Canal Técnico Rodoviário Redes e Comunicações Dados Voz Video Consultoria Data Centers Housing/Colocation Hosting IT Services Cloud Services Segurança 22.12.2017 www.c-roads.eu 3
IP Telecom no C-ROADS Portugal Development and Implementation of an Integrated Security Framework Design and implementation of the necessary hardware, software, processes and services to deploy an integrated security system ensuring the compliance with current and future applicable C-ITS standards and guidelines regarding the covered subjects. This integrated security system will be tested in the framework of the pilots deployed. 22.12.2017 www.c-roads.eu 4
IP Telecom no C-ROADS Portugal Componentes Tecnológicos: Public Key Infrastructure (PKI) Identity Management (IDM) Proteção de Dados Cibersegurança Aplicações e Ferramentas: Secure Key Management Endpoint Provisioning Automation Interoperability Testing Entregáveis: Report on operational status of test and validation environment approved by the Technical Committee Report on operational status of security services and features approved by the Technical Committee Report on operational status of field deployment approved by the Technical Committee 22.12.2017 www.c-roads.eu 5
Implementação Infraestrutura Hardware Security Modules (HSM) Cloud Based (Pivate/Public/Hybrid) Secure Multi-tenancy Serviços de suporte (backup, disaster recovery, monitoring, logging and auditing) Ambientes de Testes / Qualidade / Piloto /... Sandboxing Automação Provisionamento Provisioning Portals/Tools Automação Testes e Ensaios Automated Test Tools 22.12.2017 www.c-roads.eu 6
Modelo PKI 1 ENROLLMENT AUTHORITY (EA) 2 ROOT CA (RA) Enrolment authorization / verification 3 AUTHORIZATION AUTHORITY (AA) 6 2 4 5 7 5 ITS-S 8 SUBORDINATE ENROLLMENT AUTHORITY (SUB-EA) 4 8 8 8 ITS-S ITS-S Application Device 22.12.2017 www.c-roads.eu 7
Normas Segurança ITS TR 102 893 Risk Analisys (TVRA) TS 102 731 Security Services TS 103 097 Security Headers & Certificates TS 102 940 ITS Security Architecture & Management TS 102 941 Trust & Privacy TS 102 942 Access Control TS 102 943 Confidentiality 22.12.2017 www.c-roads.eu 8
Normas Segurança ITS ETSI Standard Title Status TR 102 893 TS 102 731 TS 103 097 TS 102 940 TS 102 941 TS 102 942 TS 102 943 * Under Revision Threat, Vulnerability and Risk Analysis (Technical Report) Security Services and Architecture Security Header and Certificate Formats ITS Communications Security Architecture and Security Management Trust and Privacy Management Access Control Confidentiality Services v1.1.1 Published (2010-03) v1.1.1 Published (2010-09) v1.3.1 Published (2017-10) v1.2.1 Published * (2016-11) v1.2.1 Published * (2012-06) v1.1.1 Published (2012-06) v1.1.1 Published (2012-06) 22.12.2017 www.c-roads.eu 9
Working Groups Working Group Technical Aspects Task Force Security Aspects Security specifications need to be considered by deploying C-ITS services, ensuring secure data and service exchange between infrastructure and vehicles. Security solutions need to be in place because of a broad group of reasons, ranging from privacy issues to terror attacks. Task Force Infrastructure Communication Roadside infrastructure will share data and services with vehicles about the traffic status and events. Since the data to be communicated is of different nature, but needs to compliant to certain security specifications, different communication standards and technologies will have to be aligned in order to ensure proper data exchange across various kinds of borders. Hereby the C- Roads Platform is following the hybrid communication approach, starting with ETSI ITS-G5 and existing cellular networks. 22.12.2017 www.c-roads.eu 10
Desafios / Oportunidades Modelo de Confiança Arquitetura distribuída Roaming Deteção de anomalias e revogação Harmonização Normas (ETSI V2X / 3GPP D2D / IETF) Desempenho Performance sob stress/picos Serviços latency-critical Escalabilidade Multiplicidade de serviços Centenas de milhões de nós Resiliência Arquitetura distribuída Tolerância a falhas Sustentabilidade Crypto-agility 22.12.2017 www.c-roads.eu 11
OBRIGADO! João de Deus Miranda joao.smiranda@iptelecom.pt +351 211 069 181 22.12.2017 www.c-roads.eu 12