WO2023115348A1 - Dispositif de sécurité v2x, premier véhicule, système de communication v2x et procédés - Google Patents

Dispositif de sécurité v2x, premier véhicule, système de communication v2x et procédés Download PDF

Info

Publication number
WO2023115348A1
WO2023115348A1 PCT/CN2021/140155 CN2021140155W WO2023115348A1 WO 2023115348 A1 WO2023115348 A1 WO 2023115348A1 CN 2021140155 W CN2021140155 W CN 2021140155W WO 2023115348 A1 WO2023115348 A1 WO 2023115348A1
Authority
WO
WIPO (PCT)
Prior art keywords
vehicle
message
security device
untrusted
broadcast
Prior art date
Application number
PCT/CN2021/140155
Other languages
English (en)
Inventor
Fengpei Zhang
Original Assignee
Telefonaktiebolaget Lm Ericsson (Publ)
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Telefonaktiebolaget Lm Ericsson (Publ) filed Critical Telefonaktiebolaget Lm Ericsson (Publ)
Priority to PCT/CN2021/140155 priority Critical patent/WO2023115348A1/fr
Publication of WO2023115348A1 publication Critical patent/WO2023115348A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • H04W12/121Wireless intrusion detection systems [WIDS]; Wireless intrusion prevention systems [WIPS]
    • H04W12/122Counter-measures against attacks; Protection against rogue devices
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/67Risk-dependent, e.g. selecting a security level depending on risk profiles
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/30Services specially adapted for particular environments, situations or purposes
    • H04W4/40Services specially adapted for particular environments, situations or purposes for vehicles, e.g. vehicle-to-pedestrians [V2P]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/10Integrity
    • H04W12/108Source integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/63Location-dependent; Proximity-dependent

Definitions

  • the invention relates to a V2X security device, a first vehicle, a V2X communication system, corresponding methods and corresponding computer programs.
  • V2X is a technology that allows vehicles to communicate with any entity that may affect a vehicle, and vice versa.
  • V2X consists of types of communications, such as Vehicle-to-infrastructure, V2I, Vehicle-to-network, V2N, Vehicle-to-vehicle, V2V, Vehicle-to-pedestrian, V2P, and others.
  • the Uu interface refers to a logical interface between a User Equipment, UE, and a base station.
  • the Uu interface could be used as a V2N interface.
  • 3GPP introduces a PC5 interface (defined as ‘sidelink’ in Study on NR Vehicle-to-Everything (V2X) , 3GPP TR 38.885 V16.0.0; 2019-03-28) for direct communication between C-V2X devices.
  • PC5 interface defined as ‘sidelink’ in Study on NR Vehicle-to-Everything (V2X) , 3GPP TR 38.885 V16.0.0; 2019-03-28
  • V2X is also essential for safe and efficient autonomous driving.
  • V2X communication can alert an autonomous driving vehicle to objects out of the autonomous driving vehicle sight (non-line-of-sight) .
  • V2X infrastructure currently provides connectivity and device level authentication and authorization. However, one security aspect missing is message forgery detection.
  • vehicles In safety-critical scenarios, vehicles, especially autonomous driving vehicles, cannot trust a content of a received V2V message, as an untrusted vehicle may have forged a fake content of a message in order to cause a response from a vehicle receiving the fake content of the message, which response may cause unwanted behavior of the vehicle that received the fake content of the message, even dangerous behavior.
  • an untrusted vehicle can broadcast a fake emergency brake message to one or more passing vehicles, hence causing a traffic congestion and dangerous braking, which may even cause collisions.
  • an individual vehicle may detect a forged message sent from another vehicle to avoid a safety threat.
  • the in-vehicle approach may protect an individual vehicle in real-time, such as in disclosed in “LIM K, TULADHAR M K, KIM H. Detection location spoofing using ADAS sensors in VANETs, January 2019.
  • IEEE annual Consumer communications &Network Conference (CCNC) 16th Annual Conference. IEEE, 2019” .
  • a V2X security device configured to obtain, from a first vehicle, a message comprising a V2V message from a second vehicle.
  • the V2X security device is configured to verify a content of the message by checking whether the V2V message is sent by the second vehicle.
  • the V2X security device is configured to modify a value associated with the second vehicle, if the V2V message is suspected to be untrusted by the V2X security device, and determine, based on the modified value associated with the second vehicle, whether to: send a command to broadcast a notification alerting one or more vehicles that the second vehicle is untrusted; and/or send a command to revoke a certificate of V2V communication for the second vehicle to a Certificate Authority device.
  • a connected vehicle is informing a central entity, such as a V2X platform, of a suspected untrusted vehicle in the V2X system. The central entity notifies the knowledge of a suspected untrusted vehicle in the V2X system.
  • the V2X security device is configured to determine whether the V2V message is trusted; and ignore the message if the V2V message is determined to be trusted.
  • the V2X security device limits the use of resources to determined untrusted vehicle.
  • the V2X security device is configured to determine whether the first vehicle is an untrusted vehicle and discard the message from the first vehicle, if the first vehicle is determined to be an untrusted vehicle. This is advantageous as the V2X security should not trust implicitly the first vehicle. In case the first vehicle is an untrusted vehicle, use of resources is saved.
  • the command to broadcast the notification is sent if the value of the second vehicle is below a first threshold value.
  • the second vehicle will be known as a suspected untrusted vehicle in the V2X system.
  • the command to revoke the certificate is sent if the value is below a second threshold value.
  • the untrusted second vehicle will not be able to communication with a vehicle in the V2X system.
  • the message is sent if the first vehicle has determined that the V2V message is suspected to be untrusted.
  • the first vehicle shares its knowledge of an existence of an untrusted vehicle in the V2X system.
  • the message comprises a vehicle identifier, a timestamp for the V2V message and a message content of the V2V message with a digital signature of the second vehicle.
  • the message comprises a location for the second vehicle.
  • the verification of the content of the message is one or more of: validate that the digital signature is associated with the second vehicle and that the vehicle identifier is also associated with the second vehicle and/or verify the V2V message content with the timestamp by determining whether the timestamp corresponds to an event indicated in the V2V message.
  • the content of the V2V message send by the second vehicle is compared to information known and available to the V2X security device.
  • the verification of the content of the message is verifying, by a location device, whether the location for the second vehicle corresponds to a current location for the second vehicle.
  • the location of the second vehicle is verified with the location referred in the V2V message.
  • the broadcast command is sent to a Broadcast/multicast service system.
  • a vehicle connected to the V2X system is alerting of the existence of a suspected untrusted vehicle.
  • a first vehicle is provided.
  • the first vehicle is connected to a V2X security device.
  • the first vehicle is configured to receive a V2V message from a second vehicle.
  • the first vehicle is configured to determine whether the V2V message is untrusted.
  • the first vehicle is configured to send a message to a V2X security device, the message comprising the V2V message, if the V2V message is determined to be untrusted.
  • the first vehicle is configured to receive a notification alerting the first vehicle that the second vehicle is suspected to be an untrusted vehicle, wherein the notification is based on a determination in the V2X security device that the second vehicle is suspected to be an untrusted vehicle.
  • the first vehicle is alerted of the existence of a suspected untrusted vehicle.
  • the message comprises a vehicle identifier, a timestamp for the V2V message and a message content of the V2V message with a digital signature of the second vehicle.
  • the message comprises a location for the second vehicle.
  • the V2V message is received over a PC5 interface.
  • the V2V message is received over Dedicated Short-Range Communications, DSRC.
  • a V2X communication system is provided.
  • the V2X communication system is comprising a V2X security device according to any embodiments of the first aspect of the invention, a Certificate Authority device, and a Broadcast/multicast device.
  • the Certificate Authority device is configured to: receive a command from the V2X security device and revoke a certificate of V2V communication of the second vehicle.
  • the Broadcast/multicast device is configured to receive a command from the V2X security device and broadcast a notification to one or more vehicles.
  • the V2X communication system is comprised in a 3GPP core network.
  • a method performed by a V2X security device comprises obtaining, from a first vehicle, a message comprising a V2V message from a second vehicle.
  • the method comprises verifying a content of the message by checking whether the V2V message is sent by the second vehicle.
  • the method comprises modifying a value associated with the second vehicle, if the V2V message is suspected to be untrusted by the V2X security device, and determining, based on the modified value associated with the second vehicle, whether to send a command to broadcast a notification alerting one or more vehicles that the second vehicle is untrusted; and/or send a command to revoke a certificate of V2V communication for the second vehicle to a Certificate Authority device.
  • the method comprises determining whether the V2V message is untrusted, and ignoring the message if the V2V message is determined to be trusted.
  • the method comprises determining whether the first vehicle is an untrusted vehicle, and discarding the message from the first vehicle, if the first vehicle is determined to be an untrusted vehicle.
  • the command to broadcast the notification is sent if the value is below a first threshold value.
  • the command to revoke the certificate is sent if the value is below a second threshold value.
  • the message is sent if the first vehicle has determined that the V2V message is suspected to be untrusted.
  • the message comprises a vehicle identifier, a timestamp for the V2V message and a message content of the V2V message with a digital signature of the second vehicle.
  • the message comprises a location for the second vehicle.
  • the verifying of the content of the message is one or more of: validating that the digital signature is associated with the second vehicle and that the vehicle identifier is also associated with the second vehicle and/or verifying the V2V message content with the timestamp by determining whether the timestamp corresponds to an event indicated in the V2V message.
  • the verifying of the content of the message is verifying, by a location device, whether the location for the second vehicle corresponds to a current location for the second vehicle.
  • the broadcast command is sent to a Broadcast/multicast service system.
  • a method performed by a first vehicle is provided.
  • the first vehicle is connected to a V2X security device.
  • the method comprises receiving a V2V message from a second vehicle.
  • the method comprises determining whether the V2V message is untrusted.
  • the method comprises sending a message to the V2X security device, the message comprising the V2V message, if the V2V message is determined to be untrusted.
  • the method comprises receiving a notification alerting the first vehicle that the second vehicle is suspected to be an untrusted vehicle, wherein the notification is based on a determination in the V2X security device that the second vehicle is suspected to be an untrusted vehicle.
  • the message comprises a vehicle identifier, a timestamp for the V2V message and a message content of the V2V message with a digital signature of the second vehicle.
  • the message comprises a location for the second vehicle.
  • the V2V message is received over a PC5 interface.
  • the V2V message is received over Dedicated Short-Range Communications, DSRC.
  • a method performed by a V2X communication system comprises a V2X security device according to any embodiments of the fourth aspect, a Certificate Authority device and a Broadcast/multicast device.
  • the method comprises the Certificate Authority device receiving a command from the V2X security device and revoking a certificate of V2V communication of the second vehicle.
  • the method comprises the Broadcast/multicast device receiving a command from the V2X security device and broadcasting a notification to one or more vehicles.
  • the V2X communication system is comprised in a 3GPP core network.
  • a computer program comprises instructions, which when executed by a V2X security device, causes the V2X security device to obtain, from a first vehicle, a message comprising a V2V message from a second vehicle.
  • the instructions when executed, causes the V2X security device to verify a content of the message by checking whether the V2V message is sent by the second vehicle.
  • the instructions when executed, causes the V2X security device to modify a value associated with the second vehicle, if the V2V message is suspected to be untrusted by the V2X security device, and determine, based on the modified value associated with the second vehicle, whether to send a command to broadcast a notification alerting one or more vehicles that the second vehicle is untrusted; and/or send a command to revoke a certificate of V2V communication for the second vehicle to a Certificate Authority device.
  • the instructions when executed on the V2X security device, causes the V2X security device to determine whether the V2V message is untrusted, and to ignore the message if the message is determined to be trusted.
  • the instructions when executed on the V2X security device, causes the V2X security device to determine whether the first vehicle is an untrusted vehicle, and to discard the message from the first vehicle, if the first vehicle is determined to be an untrusted vehicle.
  • the command to broadcast the notification is sent if the value is below a first threshold value.
  • the command to revoke the certificate is sent if the value is below a second threshold value.
  • the message is sent if the first vehicle has determined that the V2V message is suspected to be untrusted.
  • the message comprises a vehicle identifier, a timestamp for the V2V message and a message content of the V2V message with a digital signature of the second vehicle.
  • the message comprises a location for the second vehicle.
  • the verification of the content of the message is one or more of: validate that the digital signature is associated with the second vehicle and that the vehicle identifier is also associated with the second vehicle and/or verify the V2V message content with the timestamp by determining whether the timestamp corresponds to an event indicated in the V2V message.
  • the verification of the content of the message is verifying, by a location device, whether the location for the second vehicle corresponds to a current location for the second vehicle.
  • the broadcast command is sent to a Broadcast/multicast service system.
  • a computer program comprises instructions, which when executed by a first vehicle, causes the first vehicle to receive a V2V message from a second vehicle.
  • the instructions when executed by the first vehicle, causes the first vehicle to determine whether the V2V message is untrusted.
  • the instructions, when executed by the first vehicle, causes the first vehicle to send a message to a V2X security device, the message comprising the V2V message, if the V2V message is determined to be untrusted.
  • the computer program comprises instructions, which when executed by the first vehicle, causes the first vehicle to receive a notification alerting the vehicle that the second vehicle is suspected to be an untrusted vehicle, wherein the notification is based on a determination in the V2X security device that the second vehicle is suspected to be an untrusted vehicle.
  • the message comprises a vehicle identifier, a timestamp for the V2V message and a message content of the V2V message with a digital signature of the second vehicle.
  • the message comprises a location for the second vehicle.
  • the V2V message is received over a PC5 interface.
  • the V2V message is received over Dedicated Short-Range Communications, DSRC.
  • a computer program comprises instructions.
  • the V2X communication system comprises a V2X security device, a Certificate Authority device and a Broadcast/multicast device.
  • the instructions when executed by the V2X communication system, causes the V2X security device to perform the instructions according to any embodiments of the seventh aspect.
  • the instructions when executed by the V2X communication system, causes the Certificate Authority device to receive a command from the V2X security device and revoke a certificate of V2V communication of the second vehicle.
  • the instructions when executed by the V2X communication system, causes the Broadcast/multicast device to receive a command from the V2X security device and broadcast a notification to one or more vehicles connected to the V2X security system.
  • the computer program is comprised in a 3GPP core network.
  • a computer readable storage medium comprises a computer program according to any embodiments of the seventh aspect.
  • the computer readable storage medium comprises a computer program according to any embodiments of the eighth aspect.
  • the computer readable storage medium comprises a computer program according to any embodiments of the ninth aspect.
  • FIG 1 shows an overview of the system architecture of the invention.
  • Figure 2 shows a signal diagram for a procedure to detect and notify the existence of an untrusted vehicle.
  • Figure 3 shows a method performed by a V2X security device.
  • Figure 4 shows a V2X platform.
  • Figure 5 shows a method performed by a first vehicle.
  • Figure 6 shows a method performed by a V2X communication system.
  • Figure 7 shows a block diagram of a V2X security device.
  • Figure 8 shows a block diagram of a first vehicle device.
  • Figure 9 shows a block diagram of a V2X communication system.
  • Figure 10 shows a block diagram of a V2X security device.
  • Figure 11 shows a block diagram of a first vehicle.
  • Figure 12 shows a block diagram of a V2X communication system.
  • a V2X communication system 100 may be a V2X platform.
  • the V2X platform is a communication platform comprising a group of technologies that are used as a base upon which other applications, processes or technologies are developed.
  • the V2X platform comprises at least one application, process or technology enabling V2X communication.
  • the V2X communication system 100 comprises a V2X security device 102.
  • the V2X communication system 100 may comprise a Certificate Authority device 104.
  • the V2X communication system 100 may comprise a broadcast/multicast device 106.
  • V2X communication system 100 comprises all three of the V2X security device 102, the Certificate Authority device 104 and the broadcast/multicast device 106, but may of course in other embodiments comprise only one of the Certificate Authority device 104 and the broadcast/multicast device 106 in addition to the V2X security device 102, such that the broadcast/multicast device 106 is external to the V2X communication system 100 in an embodiment.
  • One or more vehicles 111, 112 are connected to the V2X communication system 100.
  • the vehicles 111, 112 are vehicles with network connectivity and are able to communicate bidirectionally with one or more systems or entities outside of the individual vehicles 111, 112, such as the V2X communication system 100, and/or the broadcast/multicast device 106.
  • a connected vehicle such as vehicle 111, or 112, here sends location data, telemetry data or events, and is able to receive commands or notifications.
  • the connected vehicle communicates with other vehicles 111, 112 using direct communication technology 114.
  • the direct communication technology 114 is over a PC5 interface in one embodiment. In another embodiment, the direct communication technology 114 is over Dedicated Short-Range Communications, DSRC.
  • the V2X communication system 100 may be a server-side system providing a set of services, such as services provided by the V2X security device 102, the Certificate Authority device 104, the broadcast/multicast device 106, etc.
  • the connected vehicles 111, 112 communicate with the V2X communication system 100 through network connectivity 107 in order to access the service 102, 104, 106.
  • the network connectivity 107 is through a core network for a 3GPP wireless network, e.g. an Evolved Packet Core (EPC) , a 5G Core (5GC) or any core network in any future core network of e.g. a 3GPP network, such as a 6G network.
  • EPC Evolved Packet Core
  • 5GC 5G Core
  • the V2X security device 102 manages the “reputation” of a vehicle in a V2X system.
  • the “reputation” of a connected vehicle gives information on the trustworthiness of the connected vehicle.
  • a second vehicle 112 sends a malicious message to a first vehicle 111 in sending proximity of second vehicle 112, wherein the message sent may contain misinformation concerning an event, such as the existence of a road accident/disaster, that could cause the vehicles receiving the message to use, as an example, an emergency brake function.
  • a vehicle 111, 112 may have the “reputation” of being trusted, untrusted, or suspected to be untrusted. As explained further down, this reputation may be implemented as a value which is compared with a value range or a stored, fixed table.
  • the V2X security device 102 analyzes the message received from the first vehicle 111 and which message at least partly contains data from the second vehicle 112.
  • the second vehicle 112 may be suspected to be untrusted by the first vehicle 111 or may be identified, by the first vehicle 111, to be untrusted.
  • the V2X security device 102 communicates 108, 109, with the Certificate Authority device 104 and/or the broadcast/multicast device 106 to take action.
  • the Certificate Authority device 104 is a server that manages digital certificates for V2X communication, such as V2V communication.
  • the management of the digital certificates comprises issuing of a digital certificate, renewing of the digital certificate and/or revoking the digital certificate.
  • the broadcast/multicast device 106 delivers a content to one or more vehicles in a C-V2X system using a mechanism in a cellular network such as Multimedia Broadcast Multicast Service, MBMS or evolved Multimedia Broadcast Multicast Service, eMBMS.
  • a mechanism in a cellular network such as Multimedia Broadcast Multicast Service, MBMS or evolved Multimedia Broadcast Multicast Service, eMBMS.
  • FIG. 2 a signal diagram for a procedure to detect an untrusted vehicle and notify the existence of the untrusted vehicle to a vehicle is disclosed.
  • the first vehicle 111, the second vehicle 112, the third vehicle 113, the V2X security device 102, the Certificate Authority device104 and the broadcast/multicast device 106 are illustrated.
  • the second vehicle 112 sends a V2V message 250 to the first vehicle 111.
  • the V2V message 250 is sent through direct communication technology 114.
  • the V2V message 250 may be sent over the PC5 interface or the DSRC.
  • the message may be an Internet Protocol (IP) based or a non-IP based message, and in the case of an IP-based message, it is in one embodiment an IPv6 message.
  • IP Internet Protocol
  • IP Internet Protocol
  • IP Internet Protocol
  • IP Internet Protocol
  • IP Internet Protocol
  • IP Internet Protocol
  • IP Internet Protocol
  • IP IPv6 message
  • the message is in one embodiment a message according to one-to-many Proximity-based services (ProSe) Direct Communication, but may alternatively be a one-to-one ProSe Direct Communication message.
  • ProSe Proximity-based services
  • the V2V message 250 may be an Intelligent Transport Systems –Cooperative Awareness Message (ITS-CAM) transmitted periodically.
  • the first vehicle 111 and the second vehicle 112 are vehicle ITS-Stations, ITS-Ss, participating in the V2X communication system 100.
  • the V2V message 250 may comprise a location data, a telemetry, an event, etc.
  • the first vehicle 111 performs a message forgery detection 252 on the received V2V message 250.
  • the message forgery detection 252 may be a message forgery detection, such as in “LIM K, TULADHAR M K, KIM H. Detection location spoofing using ADAS sensors in VANETs, January, 2019. In: IEEE annual Consumer communications &Network Conference (CCNC) , 16th Annual Conference. IEEE, 2019” .
  • CCNC Consumer communications &Network Conference
  • a forged V2V message 250 may comprise information about a non-existing event, such as a road accident or road disaster, that could lead to actions, such as use of emergency brake systems.
  • the first vehicle 111 suspects that the second vehicle 112 sent a forged V2V message 250
  • the first vehicle 111 reports, to the V2X security device 102, the forged V2V message 252 through a message report 254.
  • the message report 254 is a message sent by the first vehicle 111 to the V2X security device 220 to notify the V2X security device 102 of the existence of a suspected and/or detected untrusted vehicle, the second vehicle 112 here.
  • the message report 254 comprises: an identity of the vehicle that sent the forged V2V message 250 (in this example, the second vehicle 112) ; a timestamp representative of if the forged V2V message 250 was sent by the second vehicle 112 or received by the first vehicle 111; and a message content of the forged V2V message 250 with a digital signature of the sending vehicle (here the second vehicle 112) .
  • the V2X security device 102 performs a message report handling procedure 256.
  • the message handling procedure 256 determines whether the V2X security device 102 can trust the first vehicle 111 as a non-untrusted first vehicle and determines whether the content of the V2V message 250 is a message comprising a forged content sent by an untrusted vehicle and whether the V2V message 250 is sent by a suspected and/detected untrusted vehicle.
  • the V2X security device 102 updates a reputation value for the second vehicle 211 during the Malicious Vehicle Identification procedure 258.
  • the reputation value is a numeric value reflecting the trust or untrust given/categorized/classified by the V2X security device 102.
  • the reputation may be initiated as a default value (such as 100) and may be modified (such as decreased or increased) into a modified reputation value whenever a malicious behavior is detected by the V2X security device 102.
  • a malicious behavior by a vehicle is to send a forged V2V message to another vehicle, such as the V2V message 250.
  • a first threshold value, t1, and a second threshold value, t2 may be used to differentiate a suspected untrusted vehicle from an untrusted vehicle.
  • t1 when the t1 is reached by increasing the value associated with a vehicle, then the vehicle is considered as suspected untrusted.
  • t2 which has a higher value than the t1
  • the vehicle is considered as untrusted, i.e. not only suspected to be untrusted.
  • the t1 is reached by decreasing the value associated with a vehicle, then the vehicle is considered as suspected untrusted.
  • the two above examples have in common that there is a first value range of the reputation value for which the vehicle is considered as trusted by the V2X security device 102, a second value range for which the vehicle is determined to be suspected to be untrusted by the V2X security device 102, and a third value range for which the vehicle is determined to be (completely) untrusted by the V2X security device 102.
  • the two examples have in common that there are three levels/types of trustworthiness for the second vehicle is determined by the V2X security device 102.
  • the V2X security device 102 determines whether the second vehicle 112 is a normal/trusted vehicle, a suspected untrusted vehicle or an untrusted vehicle. Once the status of the second vehicle 112 is determined through the malicious vehicle identification procedure 258, then a mitigation action may be taken.
  • the mitigation action is an action taken to reduce or eliminate the risk of an untrusted vehicle communicating with other connected vehicles.
  • Examples of mitigation actions are notifying the presence of an untrusted vehicle and/or revoking a certificate for V2V communication.
  • the V2X security device 102 sends a command (illustrated by 109 in Figure 1) to broadcast a notification 260 alerting one or more vehicles that the second vehicle 112 is untrusted.
  • the broadcast/multicast device 106 sends the notification 260 alerting the one or more vehicles surrounding (such as third vehicle 113) to notify of the existence of a suspected untrusted second vehicle 112.
  • the one or more notified, by 260, vehicles are connected to the broadcast/multimedia device 240.
  • the one or more notified, by 260, vehicles are not connected to the broadcast/multicast device 240.
  • the third vehicle 113 receives the notification 260 alerting of the existence of a suspected untrusted second vehicle 112. In one example, if the third vehicle 113 receives a V2V message from the second vehicle 112, it will not trust the message received by the second vehicle 112. In another example, if the third vehicle 113 receives a message from the second vehicle 112 and messages from other vehicles (such as the first vehicle 111) reporting the same content (such as an event) , then the third vehicle 113 will trust the message received from the second vehicle 112.
  • the V2X security device 102 sends a command, such as 108 in Figure 1, to revoke a certificate of V2V communication for the second vehicle 112 to the Certificate Authority device 104.
  • the Certificate Authority device 104 revokes the second vehicle 112’s certificate of V2V communication. In other words, the second vehicle 112 will not be able to communication with neither the first vehicle 111 nor the third vehicle 113.
  • the V2X security device 102 sends a command 108 to the Certificate Authority device 104 and sends a command 109 to the broadcast/multicast device 240.
  • FIG. 3 a flowchart illustrating a method 300 performed by the V2X security device 102 for enabling notification to another vehicle about an untrusted vehicle or a suspected untrusted vehicle, is shown.
  • the method 300 comprises obtaining 310, from the first vehicle 111, a message comprising a V2V message from the second vehicle 112, such as the step 254 in Figure 2.
  • the message is obtained through network connectivity 107.
  • the message is sent if the first vehicle 111 has determined that the V2V message is suspected or confirmed by the first vehicle 111 to be untrusted, such as in the step 252 of Figure 2.
  • the message comprises a content of the V2V message received by the first vehicle 111; a vehicle identifier, such as an identity for the second vehicle 112, such as a vehicle ID; a timestamp for the V2V message; and/or a message content of the V2V message with a digital signature of the second vehicle 112.
  • the message comprises a location for the second vehicle 112.
  • the first vehicle 111 is a “malicious” vehicle that is determined as suspicious, and/or determined as untrusted. In a case where the first vehicle is “malicious” , the message should not be trusted.
  • the method 300 comprises determining 320 whether the first vehicle 111 is an untrusted vehicle, and discarding 324 the message from the first vehicle 111, if the first vehicle 111 is determined to be an untrusted vehicle.
  • the method 300 comprises determining 314 whether the V2V message sent by the second vehicle 112 is untrusted.
  • V2X security device 102 ignores 318 the message.
  • the method 300 comprises verifying 328 a content of the V2V message by checking whether the V2V message is sent by the second vehicle 112.
  • the verification of the content of the message is validating that the digital signature is associated with the second vehicle 112 and that the vehicle identifier is also associated with the second vehicle 112; and/or verifying the V2V message content with the timestamp by determining whether the timestamp corresponds to an event indicated in the V2V message.
  • the verification of the content of the message is performed by verifying, by a location device 420, whether the location for the second vehicle 112 corresponds to a current location for the second vehicle 112.
  • the reputation value of the second vehicle 112 is deducted (or added, depending on the implementation of the above-described reputation value) .
  • the method 300 comprises modifying 332 a value associated with the second vehicle, if the V2V message is suspected to be untrusted by the V2X security device 102, and determining 334, based on the modified value associated with the second vehicle 112, actions.
  • the actions are whether to send 336 a command to broadcast a notification alerting one or more vehicles that the second vehicle is untrusted; and/or to send 340 a command to revoke a certificate of V2V communication for the second vehicle 112 to a Certificate Authority device 104.
  • the value corresponds to the reputation value described above.
  • the command sent in the step 336 is sent if the value is below the t1. In an embodiment, the command send in the step 340 is sent if the value is below the t2. The command sent in 336 may be sent to the broadcast/multicast device 106.
  • the V2X communication system 400 comprises the V2X security device 102 and a location device 420.
  • the location device 420 is not comprised in the V2X communication system 100.
  • the location device 420 collects a “current” geographical position of a connected vehicle (such as the first vehicle 111 and the second vehicle 112) , to create a database storing trusted location information/geographical position of the vehicle. The collection is done at a predetermined interval, which intervals may be dynamic in the sense that the interval may be adjusted in dependence of the speed of the vehicle such that the collection is made more often than if the speed of the vehicle is slow or even zero.
  • the V2X security device 102 verifies the location of the second vehicle 112 from the location device 420 by using the identity of the second vehicle 112 and the timestamp for the V2V message.
  • the V2X security device 102 validates the location of the second vehicle 112 by considering time difference and speed.
  • the V2X security device 410 validates the location of the second vehicle by using a technique presented in WO 2019052645 A1 to validate Global Positioning System, GPS, location reported by drones. Even though use of GPS or assisted GPS would be typically used, the skilled person understand that alternative embodiments could alternatively or in addition utilize the satellite-based positioning systems Galileo, Glonass, or Beidou.
  • FIG. 5 a flowchart illustrating a method 500 performed by the first vehicle 111, for enabling notification to another vehicle about an untrusted vehicle or a suspected untrusted vehicle, is shown.
  • the method 500 comprises receiving 510 a V2V message from the second vehicle 112.
  • the V2V message corresponds to V2V message of the step 250.
  • the method 500 comprises determining 520 whether the V2V message is untrusted, such as in the step 252 of Figure 2.
  • the method 500 comprises sending 530 a message, such as in the step 254 in Figure 2, to the V2X security device 102.
  • the message comprises the V2V message, if the V2V message is determined to be untrusted in the step 520.
  • the message sent in the step 530 is or corresponds to the message obtained by the V2X security device in the step 310.
  • the method 500 comprises receiving 540 a notification alerting the first vehicle 111 that the second vehicle 112 is suspected to be an untrusted vehicle, wherein the notification is initiated by the sent command in the step 336, in the V2X security device 102 that the second vehicle 112 is suspected to be an untrusted vehicle.
  • FIG. 6 a flowchart illustrating a method 600 performed by the V2X communication system 100 is shown.
  • the V2X communication system 100 comprises the V2X security device 102 performing 610 the steps of the method 300 described above.
  • the V2X communication system 100 comprises the Certificate Authority device 104 and the broadcast/multicast device 106.
  • the method 600 comprises receiving 620 a command, such as the command sent in step 340 of the method 300, from the V2X security device 102.
  • the step 620 is performed by the Certificate Authority device 104.
  • the method 600 comprises revoking 630 a certificate for V2V communication for the second vehicle 112.
  • Step 630 is performed by the Certificate Authority device 104.
  • the method 600 comprises receiving 640 a command, such as the command sent in step 336 of the method 300, from the V2X security device 102.
  • the step 640 is performed by the broadcast/multicast device 106.
  • the method 600 comprises broadcasting 650 a notification alerting and broadcasting a notification to one or more vehicles.
  • the step 650 is performed by the broadcast/multicast device 106.
  • the V2X communication system 100 is comprised in a 3GPP core network.
  • step 620 and step 630 are illustrated as being performed before step 640 and step 650. However, step 640 and step 650 could be performed before or simultaneously to step 620 and step 630.
  • FIG. 7 is a block diagram of the V2X security device 102.
  • the V2X security device 102 comprises a receiving unit 710, a verifying unit 720, a modifying unit 730, a determining unit 740 and a sending unit 750.
  • the receiving unit 710 is configured to perform the step 310 of the method 300 as described above.
  • the verifying unit 720 is configured to perform the step 328 of the method 300 as described above.
  • the modifying unit 730 is configured to perform the step 332 of the method 300 as described above.
  • the determining unit 740 is configured to perform the step 334 of the method 300 as described above. In an embodiment, the determining unit 740 is configured to perform the function of the step 314 and the step 320 of the method 300.
  • the sending unit 750 is configured to perform the steps 336 and 340 of the method 300 as described above.
  • the modifying unit 730 and the determining unit 740 are the same unit.
  • the receiving unit 710 and the sending unit 750 are the same unit, such as a transceiver unit.
  • the receiving unit 710, the verifying unit 720, the modifying unit 730, the determining unit 740 and the sending unit 750 may be implemented as a hardware solution or as a combination of software and hardware, e.g., by one or more of: a processor or a micro-processor and adequate software and memory for storing of the software, a Programmable Logic Device (PLD) or other electronic component (s) or processing circuitry configured to perform the actions described above with regards to the method 300.
  • PLD Programmable Logic Device
  • FIG. 8 is a block diagram of the first vehicle 111.
  • the first vehicle 111 comprises a receiving unit 810, a determining unit 820 and a sending unit 830.
  • the receiving unit 810 is configured to perform the step 510 of the method 500. In an embodiment, the receiving unit 810 is configured to perform the step 540 of the method 500.
  • the determining unit 820 is configured to perform the step 520 of the method 500.
  • the sending unit 830 is configured to perform the step 530 of the method 500.
  • the receiving unit 810 and the sending unit 830 are the same unit, such as a transceiver unit.
  • the receiving unit 810, the determining unit 820 and the sending unit 830 may be implemented as a hardware solution or as a combination of software and hardware, e.g., by one or more of: a processor or a micro-processor and adequate software and memory for storing of the software, a Programmable Logic Device (PLD) or other electronic component (s) or processing circuitry configured to perform the actions described above with regards to the method 500.
  • the receiving unit 810, the determining unit 820 and the sending unit 830 may be parts of a telematics unit embedded in the vehicle 111 and wherein the telematics unit is in communication with a vehicle-internal communication network comprised of buses (e.g. Controller Area Network and Electronic Control Units (ECUs) ) .
  • buses e.g. Controller Area Network and Electronic Control Units (ECUs)
  • FIG. 9 is a block diagram of the V2X communication system 100.
  • the V2X communication system 100 comprises the V2X security device 102, the Certificate Authority device 104, and the broadcast/multicast device 106.
  • the Certificate Authority device 104 comprises a receiving unit 922 and a revoking unit 924.
  • the receiving unit 922 is configured to perform the step 620 of the method 600.
  • the revoking unit 924 is configured to perform the step 630 of the method 600.
  • the broadcast/multicast device 106 comprises a receiving unit 932 and a broadcasting unit 934.
  • the receiving unit 932 is configured to perform the step 640 of the method 600.
  • the broadcast/multicast device 930 is configured to perform the step 650 of the method 600.
  • the receiving unit 922, the revoking unit 924, the receiving unit 932 and the broadcasting unit 934 may be implemented as a hardware solution or as a combination of software and hardware, e.g., by one or more of: a processor or a micro-processor and adequate software and memory for storing of the software, a Programmable Logic Device (PLD) or other electronic component (s) or processing circuitry configured to perform the actions described above with regards to the method 600.
  • PLD Programmable Logic Device
  • the V2X security device 102 comprises a processor 1010, and a computer readable storage medium 1020 in the form of a memory 1025.
  • the memory 1025 contains a computer program 1030 comprising instructions executable by the processor 1010 whereby the V2X security device 102 is operative to perform the steps of the method 300.
  • the first vehicle 111 comprises a processor 1110, and a computer readable storage medium 1120 in the form of a memory 1125.
  • the memory 1125 contains a computer program 1130 comprising instructions executable by the processor 1110 whereby the first vehicle 111 is operative to perform the steps of the method 500.
  • the V2X communication system 100 comprises an embodiment of the V2X security device 102, an embodiment of the Certificate Authority device 104, and an embodiment of the broadcast/multicast device 106.
  • the Certificate Authority device 104 comprises a processor 1222, and a computer readable storage medium 1224 in the form of a memory 1225.
  • the memory 1225 contains a computer program 1226 comprising instructions executable by the processor 1222 whereby Certificate Authority device 104 is operative to perform the steps of the method 600.
  • the broadcast/multicast device 106 comprises a processor 1232, and a computer readable storage medium 1234 in the form of a memory 1235.
  • the memory 1235 contains a computer program 1236 comprising instructions executable by the processor 1232 whereby the broadcast/multicast device 106 is operative to perform the steps of the method 600.
  • the computer programs 1226 and 1236 may be comprised in a 3GPP core network.
  • the (non-transitory) computer readable storage media mentioned above may be an Electrically Erasable Programmable Read-Only Memory (EEPROM) , a flash memory, Field Programmable Gate Array, and a hard drive.
  • EEPROM Electrically Erasable Programmable Read-Only Memory
  • the processors 1010 of Figure 10, 1110 of Figure 11, and 1222, 1232 of Figure 12, may be a single CPU (Central processing unit) , but could also comprise two or more processing units.
  • the processors 1010 of Figure 10, 1110 of Figure 11, and 1222, 1232 of Figure 12 may include general purpose microprocessors; instruction set processors and /or related chips sets and/or special purpose microprocessors such as Application Specific Integrated Circuit (ASICs) .
  • ASICs Application Specific Integrated Circuit
  • the processors 1010 of Figure 10, 1110 of Figure 11, and 1222, 1232 of Figure 12 may also comprise board memory for caching purposes.
  • the computer programs 1030 of Figure 10, 1130 of Figure 11, and 1226, 1236 of Figure 12 may be carried by a computer program product connected to the processors 1010 of Figure 10, 1110 of Figure 11, and 1222, 1232 of Figure 12.
  • the computer program product may be or comprise a non-transitory computer readable storage medium on which the computer programs 1030 of Figure 10, 1130 of Figure 11, and 1226, 1236 of Figure 12 are stored.
  • the computer program product may be a flash memory, a Random-access memory (RAM) , a Read-Only Memory (ROM) , or an EEPROM, and the computer programs described above could in alternative embodiments be distributed on different computer program products in the form of memories.
  • first and second etc. may be used herein to describe various elements, these elements should not be limited by these terms. These terms are only used to distinguish one element from another.
  • first vehicle could be termed the second vehicle, and similarly, the second vehicle could be termed the first vehicle.
  • the term “and/or” includes any and all combinations of one or more of the associated listed terms.
  • the terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of example embodiments.
  • the singular forms “a” , “an” , and “the” are intended to include the plural forms as well, unless the context clearly indicated otherwise.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Small-Scale Networks (AREA)

Abstract

L'invention concerne un dispositif de sécurité V2X (102), un premier véhicule (111), un système de communication V2X (100), des procédés et des programmes informatiques. Le dispositif de sécurité V2X (100) est configuré pour : obtenir (310), auprès d'un premier véhicule (111), un message comprenant un message V2V provenant d'un second véhicule (112) ; vérifier (328) un contenu du message en contrôlant si le message V2V est envoyé par le second véhicule (112) ; modifier (332) une valeur associée au second véhicule (112) si le dispositif de sécurité V2X (102) suspecte que le message V2V n'est pas digne de confiance, et déterminer (334), sur la base de la valeur modifiée associée au second véhicule (112), s'il faut envoyer (336) une commande pour diffuser une notification alertant un ou plusieurs véhicules du fait que le second véhicule (112) n'est pas digne de confiance et/ou envoyer (340) une commande pour révoquer un certificat de communication V2V pour le second véhicule (112) à un dispositif d'autorité de certification (104).
PCT/CN2021/140155 2021-12-21 2021-12-21 Dispositif de sécurité v2x, premier véhicule, système de communication v2x et procédés WO2023115348A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/CN2021/140155 WO2023115348A1 (fr) 2021-12-21 2021-12-21 Dispositif de sécurité v2x, premier véhicule, système de communication v2x et procédés

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2021/140155 WO2023115348A1 (fr) 2021-12-21 2021-12-21 Dispositif de sécurité v2x, premier véhicule, système de communication v2x et procédés

Publications (1)

Publication Number Publication Date
WO2023115348A1 true WO2023115348A1 (fr) 2023-06-29

Family

ID=79287922

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2021/140155 WO2023115348A1 (fr) 2021-12-21 2021-12-21 Dispositif de sécurité v2x, premier véhicule, système de communication v2x et procédés

Country Status (1)

Country Link
WO (1) WO2023115348A1 (fr)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2019052645A1 (fr) 2017-09-14 2019-03-21 Telefonaktiebolaget Lm Ericsson (Publ) Technique de vérification d'une position géographique d'un uav
WO2019112215A1 (fr) * 2017-12-08 2019-06-13 한국정보인증주식회사 Système de détermination de mauvaise conduite et procédé de détermination de mauvaise conduite dans un environnement de communication v2x
US10757114B2 (en) 2015-09-17 2020-08-25 Harman International Industries, Incorporated Systems and methods for detection of malicious activity in vehicle data communication networks
US20200351616A1 (en) * 2019-05-03 2020-11-05 Blackberry Limited Method and system for vehicle location tracking using v2x communication

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10757114B2 (en) 2015-09-17 2020-08-25 Harman International Industries, Incorporated Systems and methods for detection of malicious activity in vehicle data communication networks
WO2019052645A1 (fr) 2017-09-14 2019-03-21 Telefonaktiebolaget Lm Ericsson (Publ) Technique de vérification d'une position géographique d'un uav
WO2019112215A1 (fr) * 2017-12-08 2019-06-13 한국정보인증주식회사 Système de détermination de mauvaise conduite et procédé de détermination de mauvaise conduite dans un environnement de communication v2x
US20200351616A1 (en) * 2019-05-03 2020-11-05 Blackberry Limited Method and system for vehicle location tracking using v2x communication

Non-Patent Citations (5)

* Cited by examiner, † Cited by third party
Title
3GPP TR 38.885, 28 March 2019 (2019-03-28)
CARTER JASON M ET AL: "Analysis of Vehicle-Based Security Operations", June 2015 (2015-06-01), United States, XP055925570, Retrieved from the Internet <URL:https://www-esv.nhtsa.dot.gov/Proceedings/24/files/24ESV-000457.PDF> *
KAMEL JOSEPH ET AL: "Simulation Framework for Misbehavior Detection in Vehicular Networks", IEEE TRANSACTIONS ON VEHICULAR TECHNOLOGY, IEEE, USA, vol. 69, no. 6, 2 April 2020 (2020-04-02), pages 6631 - 6643, XP011794251, ISSN: 0018-9545, [retrieved on 20200617], DOI: 10.1109/TVT.2020.2984878 *
LIM KTULADHAR M KKIM H: "In: IEEE annual Consumer communications & Network Conference (CCNC), 16th Annual Conference", January 2019, IEEE, article "Detection location spoofing using ADAS sensors in VANETs"
SUO DAJIANG ET AL: "Real-time Trust-Building Schemes for Mitigating Malicious Behaviors in Connected and Automated Vehicles", 2019 IEEE INTELLIGENT TRANSPORTATION SYSTEMS CONFERENCE (ITSC), IEEE, 27 October 2019 (2019-10-27), pages 1142 - 1149, XP033668455, DOI: 10.1109/ITSC.2019.8917078 *

Similar Documents

Publication Publication Date Title
Kamel et al. Simulation framework for misbehavior detection in vehicular networks
Hasan et al. Securing vehicle-to-everything (V2X) communication platforms
Arshad et al. A survey of local/cooperative-based malicious information detection techniques in VANETs
EP3744052B1 (fr) Procédé et système pour une charge de traitement de récepteur v2x réduite à l&#39;aide d&#39;un traitement de message de couche d&#39;application basé sur un réseau
US9866396B2 (en) Method for validating messages
Kargl et al. Secure vehicular communication systems: implementation, performance, and research challenges
Arshad et al. Beacon trust management system and fake data detection in vehicular ad‐hoc networks
CN110149611B (zh) 一种身份验证方法、设备、系统及计算机可读介质
Joshi et al. A reliable and secure approach for efficient car-to-car communication in intelligent transportation systems
CN115486107A (zh) 用于针对v2x实体的网络安全态势建立信任的方法和系统
Zhao et al. Security challenges for the intelligent transportation system
Bhargava et al. A Systematic Approach for Attack Analysis and Mitigation in V2V Networks.
WO2023115348A1 (fr) Dispositif de sécurité v2x, premier véhicule, système de communication v2x et procédés
Kamel Misbehavior detection for cooperative intelligent transport systems (C-ITS)
CN114333384B (zh) 通信方法、装置及系统
US11663908B2 (en) Method and system for misbehavior detection report management routing
Haidar Validation platform for vehicle secure and highly trusted communications in the context of the cooperative ITS systems
EP4301009A1 (fr) Communications améliorées dans un système de transport intelligent pour détecter un mauvais comportement de ses stations
Adams et al. Development of DSRC device and communication system performance measures recommendations for DSRC OBE performance and security requirements.
US12003966B2 (en) Local misbehavior prevention system for cooperative intelligent transportation systems
US11613264B2 (en) Transmit-side misbehavior condition management
WO2023232471A1 (fr) Mode de test de service de perception dans des systèmes de transport intelligents
US20240007832A1 (en) Communications within an intelligent transport system to improve perception control
JP2024505423A (ja) 協調型高度道路交通システムのためのローカル誤動作防止システム
CN113785601B (zh) 使用v2x通信进行车辆位置跟踪的方法和系统

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 21839815

Country of ref document: EP

Kind code of ref document: A1

DPE1 Request for preliminary examination filed after expiration of 19th month from priority date (pct application filed from 20040101)