IOV - HackMD

# IOV meeting minutes: ## TODO - [ ] Survey IoV Security paper - [ ] figure out the devices in car - [ ] 產論文 - Security Testing Requirement for XXX - [x] search what t-box is in IoV - [ ] 整理OBU、車載檢測標準之論文清單(下禮拜報告) ## Standard * 26262 - too complex * 21434, 303645, 103701=> Testing Guide * 62443-4-1 開發生命週期 --- project: ## Goal For The First Year * 建立一個存取控制機制。這個存取控制機制應該要能夠： * 區分本地 (同樣連接到控制區域網路的其他節點) 與遠端 (經過 OBU 連線傳送近來之要求) 的存取者。 * 可以依照存取者的角色進行存取控制。 * 可以設定存取控制權限。 * 可以按照風險去調整存取控制權限。 ## TO DO LIST - [ ] 收集與閱讀相關文獻：收集有關車聯網存取控制模型的研究，尤其針對車輛端進行深入探討。 - [ ] 收集與整理相關標準：收集有關控制區域網路和引擎控制單元的規格資料，以便設計存取控制模型。 - [ ] 設計存取控制模型：按照收集之資料，設計可依照風險進行調整的存取控制模型。 - [ ] 設計遠端存取服務：依照所設計之模型，設計遠端存取服務。 - [ ] 設計存取控制元件：依照所設計之模型，設計可在引擎控制單元內運作之元件。 - [ ] 在模擬環境中進行實作：在模擬環境中進行實作。 - [ ] 測試：透過測試確認模型的正確性。 - [ ] 與其他子計畫進行整合：與其他子計畫整合。 - [ ] 撰寫論文與期中報告：預計撰寫國際會議與期刊論文，並就年度之成果撰寫期中報告。 ## Papers that Have Been Read 2022/09/12~2022/09/18 ### 1. Security challenges in Internet of Vehicles (IoV) environment * Published in: 2018 First International Conference on Secure Cyber Computing and Communication (ICSCCC) notes: > Four important security fundamentals that should be adhered to in IoV: > 1. User authenticity > 2. User anonymity > 3. User integrity > 4. Low overhead > > Types of attacks: > 1. User Authenticity attacks >> * Sybil attack >> * Masquerading attack >> * Wormhole attack > 2. Data availability attacks >> * Denial of Service >> * Channel interference > 3. Data Authenticity attacks >> * Illusion attack >> * Camouflage attack >> * Replay attack >> * Message tampering > > 最後本篇作者提出三種認證方案: >> 1. RSU based authentication >> 2. Pseudonym based authentication >> 3. Group based authentication ### 2. Research on Cybersecurity Testing for In-vehicle Network * Published in: 2021 International Conference on Intelligent Technology and Embedded Systems notes: > 傳統的CAN 無法滿足高頻寬及速度，考慮到兼容性及成本，**CAN FD**因而誕生，較CAN 擁有以下兩特點。 > ![](https://i.imgur.com/KW4s2Ko.png) > > Security Vulnerabilities of CAN FD: >> 1. Confidentiality: CAN FD protocol does not have an inherent encryption mechanism to ensure confidentiality >> 2. Integrity: CAN FD has the characteristic of broadcasting >> 3. Availability: CAN FD provides a conflict arbitration mechanism based on identifier (ID) priority. Packets with a high-priority ID can access the bus first. >> 4. Authentication: The cyclic redundancy check (CRC) can check for transmission errors, it cannot verify the authenticity and the source of the packet. > >Automotive Cybersecurity Testing Methods: >> 1. Vulnerability scanning >> 2. Model-based security testing >> 3. Penetration testing >> 4. Fuzzing >> 5. Risk-based testing >> 6. Functional security testing > > ![](https://i.imgur.com/WHyxdIJ.png) > - > TESTBED ENV >> hardware: >> ![](https://i.imgur.com/OBXuxg7.png) >> software: >> ![](https://i.imgur.com/IlEZdjc.png) > > security testing technologies for application layer: >> 1. Sniffer >> 2. Transmitter >> 3. Function Reverse >> 4. Fuzzing >> 5. UDS Penetration >> 6. Logger ### 3. Security and Privacy in the Internet of Vehicles * Published in: 2015 International Conference on Identification, Information, and Knowledge in the Internet of Things notes: > Attacks on authentication: >> 1. Sybil attack >> 2. GPS deception >> 3. Masquerading attack >> 4. Wormhole attack > > Availability attacks: >> 1. DOS >> 2. channel interference > >Secrecy attacks: >> attackers compromise a normal entity like a vehicle or a RSU. > >Routing attacks: >> 1. Eavesdropping >> 2. DOS >> 3. Masquerading >> 4. Route modification > >Data authenticity attacks: >> 1. Replay attack >> 2. Camouflage attack >> 3. Fabricating and tampering with messages >> 4. Illusion attack >--- >Security Requirements: >> 1. Availability >> 2. High mobility of IoV entities >> 3. Key distribution management >> 4. Low errors tolerance >> 5. Paradox between requirements of privacy and security >> 6. Private information in routing >> 7. Ways of cooperation > >Countermeasures: >> 1. Threat model >> 2. Intrusion detection system (IDS) >> 3. Honeypot >> 4. Secure routing protocols >> 5. Routing privacy protection mechanism >> 6. Key management ### 4. A Comparative Review of Security Threats Datasets for Vehicular Networks * Published in: 2021 International Conference on Innovation and Intelligence for Informatics, Computing, and Technologies (3ICT) notes: > ![](https://i.imgur.com/vitKORb.png) --- 2022/09/19~2022/09/25 ### 5. A Blockchain-based Solution for Reputation Management in IOV * Published in: 2021 International Wireless Communications and Mobile Computing (IWCMC) notes: > paper contribution: >> 1. The authors designed a cloud-based security architecture for IOV system, enabling the authentication and authorization certification assignment based on vehicles reputation. >> 2. The authors exploited the blockchaintechnology to securely perform the computation, transfer and storage of routing-oriented metrics to detect routing attacks. >> 3. The authors deployed smart contract on the blockchain in order to automate the reputation computation and to perform analysis over encrypted metrics while preserving vehicle's anonymity and data privacy. > > 這篇偏向Trust evaluation的計算，之後有用到可以再看。 ### 6. An Intelligent Edge-Chain-Enabled Access Control Mechanism for IoV * Published in: IEEE INTERNET OF THINGS JOURNAL, VOL. 8, NO. 15, AUGUST 1, 2021 notes: > 傳統RBAC、ABAC通常是靜態的，使得他們難以適應車聯網設備的頻繁變化，也就是在遇到攻擊時很難即時做出回應。 > > The main contributions of this article: >> 1. The authors introduced an intelligent edge-chain system, to enable a flexible and secure access control framework for IoV devices. => 區塊鏈網路由車輛節點和RSU 組成。車輛節點充當輕量級節點，RSU 作為完整的節點，也作為邊緣節點，為車輛提供存取控制服務。 >> 2. RPBAC => (透過GANs 將風險預測問題轉換為序列生成問題，用來提高生成器的預測精度。) >> 3. 為了克服原始GANs中梯度消失和模式崩潰的問題，他們引入了WCGANs > > Overview of the Proposed Framework: > ![](https://i.imgur.com/hxjhwT5.png) > > 他們透過機器學習的方式來預測風險，並將結果存入區塊鏈內，存取控制政策則寫在智慧合約上。 ### 7. Research trends in Architecture, Security, Services and Applications of Internet of Vehicles (IOV) * Published in: 2018 International Conference on Computing, Power and Communication Technologies (GUCON) notes: > Basically IOV is nothing but internet connected VANET. > 該篇介紹了很多IOV與VANET之間的差別，如VANET只支援singleton network architecture 無法跟其他網路合作、VANET只支援V2V, V2R、有限的處理能力等。 > 未來應用: >> 1. 為緊急車輛提供自由通道(交通號誌方面)。 >> 2. 綠色通道(車輛通信為緊急車輛打造綠色通道)。 >> 3. 事先訊息(使得醫院能把大門開好，醫生及設備就位)。 >> 4. eCall >> 5. Road condition ### 8. Security of 5G-IOV Networks:DDOS Case Study * Published in: The International Telecommunications Conference, ITC-Egypt'2022 notes: > SDN is one of the enabling technologies for the transport layer in 5G networks, and it has a centralized nature so it is an easy target for DDOS attack. > > It is observed that the DDOS attack is more effective if the attacker uses large message size with high transmission rate. If the attacker uses large message size only or high transmission rate only, the DDOS attack will not have strong impact. > > A simple **countermeasure** proposed based on setting threshold for message length is evaluated. ### 9. Design of a Secure Blockchain-based Smart IoV Architecture * Published in: 2020 3rd International Conference on Signal Processing and Information Security(ICSPIS) notes: > contributions of this article: >> 1. The authors connected vehicle-related authorities together to fix a secure and transparent V2X communication through the P2P network connection. >> 2. The authors provided secure services to the ITS. >> 3. The authors provided a solution for the data security and safety of the connected vehicles in blockchain network. > > 這篇有太多角色定義，一時無法看懂，有空再回頭看。 ### 10. ARCHITECHTURE, APPLICATIONS AND SECURITY FOR IOV: A SURVEY * Published in: International Conference on Advances in Computing, Communication Control and Networking (ICACCCN2018) notes: > VANET introduction: the basic principle of vehicular adhoc network is that a vehicle is considered as a mobile node which act as a means to connect with other vehicles, thus creating a vehicular network. > > IOV ARCHITECTURE: >> 1. A three level architecture has been suggested by the researchers for IOV: >>> * first layer: Sensors embedded within the vehicles >>> * second layer: communication layer which supports various communication of wireless mode >>> * third layer: The third layer comprises tools in order to provide support for statistics, infrastructure processing and storage constituting the overall IOV intelligence. >> >> 2. A six layered architecture has been proposed by the authors: >>> * Presentation Layer: Direct interaction is facilitated to driver via the management interface. >>> * Assembly Layer: Gathering information from different sources for example sensors, navigation system etc which are located on roads. >>> * Data Filtering Layer: Analysing the gathered data so that the network traffic can be reduced and transmission of unnecessary data also gets avoided. >>> * Transmission Layer: Selecting the best network for sending the data. >>> * Organisation and Management layer: All the network service providers which lie within the environment of IOV are managed by this layer. A security function is also added in this layer which deals with integrity of data, data confidentiality, authentication, availability of data etc. >>> * Data Repository Layer: Various cloud computing infrastructure are used in this layer for storing large amount of data locally as well as remotely. > > IOV SECURITY: >> A. Authentication Attacks: >>> * Sybil Attacks: Single node exhibits several identities. Due to the dynamic nature of vehicles connected in IOV, the access is always temporary and unstable. >>> * Deception of GPS: False information regarding the vehicle‟s speed, current location, other GPS data is embedded in this attack. >>> * Attacks based on masquerading: Usually in the network environment a unique identity is owned by each entity. >>> * Attacks of Wormhole: This attack involves two or more than two malicious nodes and the data packet from one end of the malicious node is tunneled to the other spiteful/malicious node at the other point, and these data packets are broadcasted. >> >> B. Attacks on Availability: The main focus of this attack is to collapse the IOV system by limiting the transmission power and bandwidth, such as channel interference, denial of service. >> C. Attacks on the Secrecy: The secrecy attacks steals data by interception or eavesdropping. >> D. Attacks on routing: In the process of routing, four types of attacks exist which include denial of service, routing notification, masquerading and eavesdropping attacks. >> E. Attacks on data authenticity: These attacks can be divided in four types: camouflage, replay, illusion and tampering attacks. ### 11. A Survey on Privacy-security in Internet of Vehicles * Published in: 2021 IEEE Intl Conf on Dependable, Autonomic and Secure Computing, Intl Conf on Pervasive Intelligence and Computing, Intl Conf on Cloud and Big Data Computing, Intl Conf on Cyber Science and Technology Congress notes: > 該篇首先敘述IOV常見攻擊類型有哪些，並強調資料外洩會造成生命安全影響。 > 該篇著重於資料間傳輸時的保護，他們認為，資料加密是解決隱私安全最有效的一個方法，但對於server端的負載會相對大。 > 他們提倡，所有資料傳輸均需經過加密，但為了不要消耗太多運算資源，他們將資料依隱私性分等級，user privacy data 提供較強的加密方法，conventional data 則使用一般簡單的加密方法，如此做到 server負載能夠盡量平衡。 ## Reference * T-BOX => [TelematicsBOX](https://baike.baidu.hk/item/%E8%BB%8A%E8%BC%89T-BOX/17656790)