C-ITS Pilot Security Credential Management System

The Department of Transport and Main Roads is already conducting a 500-vehicle, on-road field operational test (FOT) of a number of Cooperative Intelligent Transport Systems (C-ITS) safety applications.

In order that this FOT be reflective of the ‘real world’ the Queensland pilot requires the use of a security system known as a C-ITS Security Credential Management System (SCMS). The use of this system, its readiness, safety role, governance, placement and its administrative overhead on government and private industry will be studied through this project.

This iMOVE project is being monitored and relied upon by Australian State and Federal Transport jurisdictions to give guidance and direction on C-ITS compliance, cybersecurity, and resource impact for State and Federal governments, and private industries.

Participants

• Queensland Dept of Transport and Main Roads
• Department of Infrastructure, Regional Development and Cities
• Integrity Security Services (ISS)

Project background

Fundamental to C-ITS is the delivery of reliable and accurate messages between vehicles themselves, and between vehicles and traffic management infrastructure – failure could result in a collision, and at worst, a fatality. Security controls for C-ITS, including those offered by a SCMS also ensure that the system produces reliable and accurate information on which safety decisions can be made.

In this instance, the system’s security controls directly support the system’s safety objectives. By extension, a failure, or lack of these controls, results in a failure, lack of, or reduced level of safety. Looking further forward, the information from a cooperative vehicle may even be used by automated vehicles to make road safety decisions and potentially make those decisions without the occupant’s input.

The Commonwealth Government has called for delivery of priority trials and research of transformative transport technologies including smart infrastructure, C-ITS, and the development of a nationally agreed deployment plan for the security management of connected and automated vehicles (National Policy Framework for Land Transport Technology, Action Plan: 2016-2019). Other relevant national activities include:

• NTC’s Cooperative Intelligent Transport Systems Final Policy Paper (NTC 2013) considers security and privacy issues within the Australian regulatory context.
• Harmonisation Task Group (HTG) 6 for C-ITS security was a cooperative effort between EU, Australian and US policy and technical experts to develop an end-to-end security policy framework (ITS Security Policy, 2014), and is co-chaired by Transport Certification Australia. HTG 7 builds on the work to develop SCMS standards.

The emerging ETSI TS standards require a C-ITS Security Credential Management System (SCMS) for vehicles and transport infrastructure – based on PKI (public key infrastructure) – that issues digital certificates to a variety of ITS stations and associated manufacturers. The primary function of the SCMS is to create a common point of trust for interconnected devices through the use of digital certificates in connected vehicles.

In plain English, the goals of a SCMS are to:

• enable vehicles and ITS infrastructure to communicate in a secure manner
• enable rogue (for example, compromised or “hacked”) vehicles and ITS infrastructure to be removed from the C-ITS ecosystem
• allow specialised vehicles (such as emergency or military vehicles) to conduct specialised operations (such as traffic signal pre-emption) on the traffic system

There are a number of existing international PKI-based SCMS’s that have been developed specifically for C-ITS. These SCMS are built on the basis of regional policy, regulatory and operational requirements and constraints that may not align with the Australian security environment. There is also little practical information available on the organisational changes that may impact transport authorities with the introduction of this system, or how the system can be best deployed or managed to meet the expected safety benefits, or the role government must, should or could play in this new C-ITS security environment.

Further, an SCMS includes functions for identifying and removing security threats (misbehaviour management), however, little research has been conducted on how to identify a security threat in a connected vehicle environment or how to counter the threat.

This iMOVE project will be delivered by TMR, the international SCMS provider and the national cooperation/government technical reference group for cyber security for C-ITS in Australia. At this time, other states (including NSW, Victoria and South Australia) are supporting Queensland in piloting an SCMS, rather than planning separate initiatives for their own C-ITS projects.

In the connected vehicle space, this iMOVE project is therefore intended to:

1. Analyse the impact that the introduction of an SCMS has to:

• Australian transport authorities (organisational, operational and governance implications)
• Vehicle safety and security
• Australian and state privacy legislation, and the implications and protections required thereof
• C-ITS system performance

2. Prepare a research platform in order to inform future standards development for connected vehicle security threat detection and prevention (being performed in a separate though related iMOVE project)