The Safety Impact of Security

Socio-technical systems such as "The Car that Cares" and
"Cooperative eNavigation" enable applications that will improve
the efficiency and safety of transportation systems: e.g. by
allowing cooperative collision avoidance. On the downside, the increased
networking of cars and vessels can make them vulnerable to
cyber attacks with a potential safety impact. For example,
if safety messages were sent unauthenticated an attacker could inject
forged collision warnings, and thereby induce braking manoeuvres
in an unsuitable situational context.

This and other security risks as well as privacy concerns
make it imperative that networked transportation systems
are protected by a sophisticated security architecture.
The current security architecture for Car2X communication
(i.e. communication between cars and between cars and
infrastructure nodes) provides an example: Car2X messages are
digitally signed, and the corresponding signature
keys and certificates are managed by a public key infrastructure.
Moreover, tamper-resistant hardware security modules are employed
as trust anchors, from which security properties such as
the integrity of the in-car platform and the secrecy of sensitive keys
can be bootstrapped.

The project "The Safety Impact of Security" puts forward an
integrated approach towards safety and security of networked
transportation systems. On the one hand, the project pursues a
rigorous analysis of their complex security architectures:
the project will provide foundations and methodology to specify
and verify the relevant security protocols and APIs as well as
their interaction. On the other hand, the project explores how
the risk of cyber attacks can be assessed, and how it can be
mitigated by an overall architecture that contains the impact
of attacks by design. Thereby the project hopes to contribute
to ensuring that networked transportation systems in the automotive
and maritime domain can be developed and operated in a verifiably,
and hence certifiably, secure manner.