Search

CN-115486107-B - Method and system for establishing trust for network security posture of V2X entity

CN115486107BCN 115486107 BCN115486107 BCN 115486107BCN-115486107-B

Abstract

A method at an Intelligent Transportation System (ITS) transmitting entity includes generating an ITS message, augmenting the ITS message with an integrity report generated by an integrity detection function at the ITS transmitting entity to create an augmented ITS message, signing the augmented ITS message with an authorization certificate or ticket that includes a assurance indication from an audit certificate authority for the integrity detection function, and transmitting the signed augmented ITS message to an ITS receiving entity.

Inventors

  • S.J. Barrett
  • N.J. Russell
  • J. O. goyo

Assignees

  • 黑莓有限公司

Dates

Publication Date
20260508
Application Date
20210429
Priority Date
20200429

Claims (19)

  1. 1. A method at an intelligent transportation system, ITS, transmitting entity, the method comprising: generating an ITS message at the ITS transmitting entity; Augmenting the ITS message with an integrity report generated by an integrity detection function internal to the ITS transmitting entity to create an augmented ITS message, the integrity detection function checking a network security posture of a transmitter of the ITS transmitting entity, wherein the integrity report is generated by performing an integrity check of the ITS transmitting entity by the integrity detection function at the ITS transmitting entity, and the network security posture includes information for detecting a system lacking or having an outdated security protection mechanism; Signing the augmented ITS message with a private key associated with an authorization certificate or ticket, the authorization certificate or ticket including a assurance indication from an audit certificate authority indicating that the integrity check function is secure, and The signed augmented ITS message is sent to an ITS receiving entity.
  2. 2. The method of claim 1, wherein the generating the ITS message is performed in a rich operating environment of the ITS transmitting entity.
  3. 3. The method of claim 1, wherein the integrity detection function is within a secure element of the ITS transmitting entity.
  4. 4. The method of claim 1, wherein the executing is based on one or more of a device or operating system boot-up, whenever an application is launched or loaded, periodically, upon completion of a firmware or software update, upon detection of new hardware, upon detection of a new or updated application, and whenever a new ITS message is to be sent.
  5. 5. The method of claim 1, wherein the performing detects anomalies in the transmitter of the ITS transmitting entity, the detecting comprising one or more of detecting security policy violations, detecting memory violations, detecting networking anomalies, detecting process anomalies, task manager anomalies, collision detection, integrity checking of one or more of hardware, software, boot read-only memory ROM, operating system, and applications, and detecting hardware security module tampering.
  6. 6. The method of claim 1, further comprising the integrity report indicating an anomaly being detected by at least one of sending a message to an application, sending a message to an on-board unit (OBU) or an Electronic Control Unit (ECU), sending a message to a server external to the vehicle, causing a visual alert on a display unit, causing an audible alert.
  7. 7. The method of claim 1, wherein the integrity report is a boolean value indicating whether an anomaly was detected.
  8. 8. The method of claim 1, wherein the integrity report includes a level of detected anomalies.
  9. 9. The method of claim 1, wherein the assurance indication from the audit certificate authority is within a field of the authorization certificate or the authorization ticket.
  10. 10. An intelligent transportation system, ITS, transmitting entity, the ITS transmitting entity comprising: A processor; Memory, and The communication subsystem(s) may be configured to communicate, Wherein the memory stores instructions that, when executed by the processor, cause the ITS transmitting entity to: Generating, using the processor, an ITS message at the ITS transmitting entity; Augmenting, using the processor, the ITS message with an integrity report generated by an integrity detection function internal to the ITS transmitting entity to create an augmented ITS message, the integrity detection function checking a network security posture of a transmitter of the ITS transmitting entity, wherein the integrity report is generated by performing an integrity check of the ITS transmitting entity by the integrity detection function at the ITS transmitting entity, and the network security posture includes information for detecting a lack of or a system with an outdated security protection mechanism; Signing, using the processor, the augmented ITS message with a private key associated with an authorization certificate or ticket that includes a assurance indication from an audit certificate authority indicating that the integrity check function is secure, and The signed augmented ITS message is sent to an ITS receiving entity using the communication subsystem.
  11. 11. The ITS transmitting entity of claim 10 wherein said ITS transmitting entity is configured to generate said ITS message in a rich operating environment of said ITS transmitting entity.
  12. 12. The ITS transmitting entity of claim 10, wherein the integrity detection function is within a secure element of the ITS transmitting entity.
  13. 13. The ITS transmitting entity of claim 10, wherein the ITS transmitting entity is configured to execute based on a trigger condition that is one or more of a device or operating system boot-up, whenever an application is launched or loaded, periodically, upon completion of a firmware or software update, upon detection of new hardware, upon detection of a new or updated application, and whenever a new ITS message is to be sent.
  14. 14. The ITS transmitting entity of claim 10, wherein the ITS transmitting entity is configured to perform an integrity check of one or more of detecting anomalies in the transmitter of the ITS transmitting entity, the detecting comprising detecting security policy violations, detecting memory violations, detecting networking anomalies, detecting process anomalies, task manager anomalies, collision detection, integrity checking of one or more of hardware, software, boot read only memory ROM, operating system, and applications, and detecting hardware security module tampering.
  15. 15. The ITS transmitting entity of claim 10, wherein the integrity report indicating an anomaly is detected by at least one of sending a message to an application, sending a message to an on-board unit OBU or an electronic control unit ECU, sending a message to a server external to the vehicle, causing a visual alert on a display unit, causing an audible alert.
  16. 16. The ITS transmitting entity of claim 10, wherein the integrity report is a boolean value indicating whether an anomaly was detected.
  17. 17. The ITS transmitting entity of claim 10, wherein the integrity report includes a level of detected anomalies.
  18. 18. The ITS transmitting entity of claim 10, wherein the assurance indication from the audit certificate authority is within a field of the authorization certificate or the authorization ticket.
  19. 19. A computer readable medium for storing instruction code that, when executed by a processor of an intelligent transportation system, ITS, transmitting entity causes the ITS transmitting entity to: generating an ITS message at the ITS transmitting entity; Augmenting the ITS message with an integrity report generated by an integrity detection function internal to the ITS transmitting entity to create an augmented ITS message, the integrity detection function checking a network security posture of a transmitter of the ITS transmitting entity, wherein the integrity report is generated by performing an integrity check of the ITS transmitting entity by the integrity detection function at the ITS transmitting entity, and the network security posture includes information for detecting a system lacking or having an outdated security protection mechanism; Signing the augmented ITS message with a private key associated with an authorization certificate or ticket, the authorization certificate or ticket including a assurance indication from an audit certificate authority indicating that the integrity check function is secure, and The signed augmented ITS message is sent to an ITS receiving entity.

Description

Method and system for establishing trust for network security posture of V2X entity Technical Field The present disclosure relates to vehicle-to-everything (vehicle to everything, V2X) communications, and in particular to trust for V2X messages. Background In an intelligent transportation system (INTELLIGENT TRANSPORT SYSTEMS, ITS), multiple devices communicate so that the transportation system makes more intelligent decisions in terms of traffic and flow management, as well as safer, more coordinated decisions. ITS system components may be provided within a vehicle as part of a fixed infrastructure, such as on a bridge or at an intersection, as well as provided for other users of the traffic system, including pedestrians or cyclists. There is a great deal of interest in the deployment of ITS systems in many markets around the world, with radio bands being allocated for communication. In addition to vehicle-to-vehicle communications for safety critical and non-critical applications, further enhancements are being developed for vehicle-to-infrastructure and vehicle-to-portable scenarios to provide traffic safety and efficiency. However, when such devices communicate, the receiving device needs to be confident that the received message is authentic in order to take action on the information in such message. One aspect of the problem faced by the receiving device in determining trustworthiness is whether the sending entity is network-safe. In other words, the receiving entity needs to be sure that the sending entity is not compromised or hacked. A compromised sending entity may be forced to send a message or data that is securely signed but not compliant, which may be detrimental to the ITS system. Drawings The disclosure may be better understood with reference to the accompanying drawings in which: FIG. 1 is a block diagram illustrating an example public key infrastructure architecture of certificates in a V2X system; FIG. 2 is a data flow diagram illustrating a certificate retrieval process in a V2X architecture; FIG. 3 is a block diagram illustrating a conceptual on-board device (On Board Equipment, OBE) and Security Credential Management System (SCMS) improper behavior detection (MBD) architecture; FIG. 4 is a flow chart for creating a V2X message based on an integrity report; FIG. 5 is a block diagram of an example integrity detection function implemented in secure hardware at a V2X entity; FIG. 6 is a block diagram illustrating interactions between a V2X application implemented in a rich operating environment and an integrity check function implemented in secure hardware; FIG. 7 is a data flow diagram illustrating the addition of a V2X entity to a certificate revocation list; FIG. 8 is a flow chart illustrating a process at a receiving V2X entity for determining whether a mitigation action is required when taking action on a received V2X message; FIG. 9 is a data flow diagram illustrating a message sequence for requesting a network security posture, and FIG. 10 is a block diagram of an example computing device or server that can be used with embodiments of the present disclosure. Detailed Description The present disclosure provides a method at an Intelligent Transportation System (ITS) transmitting entity (TRANSMITTING ENTITY) that includes generating an ITS message, augmenting (augment) the ITS message with an integrity report generated by an integrity detection function at the ITS transmitting entity to create an augmented ITS message, signing the augmented ITS message with an authorization certificate or ticket that includes a assurance indication from an audit certificate authority (audit certificate authority) for the integrity detection function, and sending the signed augmented ITS message to an ITS receiving entity (RECEIVING ENTITY). The present disclosure also provides an Intelligent Transportation System (ITS) transmitting entity comprising a processor, and a communication subsystem, wherein the ITS transmitting entity is configured to generate an ITS message, augment the ITS message with an integrity report generated by an integrity detection function at the ITS transmitting entity to create an augmented ITS message, sign the augmented ITS message with an authorization certificate or ticket comprising a assurance indication from an audit certificate authority for the integrity detection function, and send the signed augmented ITS message to an ITS receiving entity. The present disclosure also provides a computer readable medium for storing instruction code that, when executed by a processor of an Intelligent Transportation System (ITS) transmitting entity, causes the ITS transmitting entity to generate an ITS message, augment the ITS message with an integrity report generated by an integrity detection function at the ITS transmitting entity to create an augmented ITS message, sign the augmented ITS message with an authorization certificate or authorization ticket that includes a guarantee ind