During the last few months, jtsec has been working in the elaboration of a response to the Call of Contribution of the ISO/IEC JTC 1/SC 27/WG 3 workgroup for studying the impact and possible formulas for applying the ISO/IEC 15408 evaluation methodology to security evaluations of connected vehicles.
This contribution aims to provide an insight on the current problematic related to the application of the information security evaluations, when applied to the complex and new technology of the connected vehicles. Currently, the ISO/IEC 15408 standard (also known as Common Criteria) has been successfully applied to a wide variety of ICT products that require to be evaluated under a standard and well-recognized evaluation criteria for providing a guarantee that a determined level of security is achieved by the product. However, the scenario of smart vehicles connected in an Intelligent Transport System (ITS) involves a complex problem for the application of ISO/IEC 15408 evaluation criteria.
The important degree of connectivity of smart vehicles is one of the key factors that contribute to the complexity of this problem. V2V (vehicle-to-vehicle), V2I (vehicle-to-infrastructure), V2N (vehicle-to-network) and V2D (vehicle to device) are new mechanisms incorporated in the new paradigm of connected vehicles. At the same time, different communication technologies, such as LTE, DSRC or 5G is used depending on the application requirements.
One of the main difficulties of applying this standard is that the balance between security functions and vehicle safety must be considered. On the other hand, new security functional components need to be elaborated for the particularities of this type of technology. This makes the study necessary for determining whether the methodology is applicable and effective for connected vehicles
In this contribution, out teammate José Pulido has performed an in-depth analysis of the vehicle-to-everything (V2X) technologies involved in the current state of the art. The in-vehicle technologies have also been analyzed from the point of view of security. Based on the threat modelling for those scenarios, an ISO/IEC 15408 based design of security functionality has been formulated, allowing to understand which security functional requirements of the Common Criteria standard can be used as part of the solution to this problem.
Besides, it has been carried out a study of different approaches to the elaboration of protection profiles for the evaluation of the technological components involved in V2X technologies. As a part of that work, it was analyzed the possible advantages and disadvantages of the proposed models. This includes a deep analysis of the different composition methodologies that could be applied to this type of scenarios.
Finally, the study recommends the continuation of the existing work and the creation of working groups intended to make a formal definition of the components to be certified, and of the protection profiles designed for evaluation and certification. Those protection profiles define in detail all the functional and security assurance requirements that must be considered in the security evaluation of each vehicle component. As a conclusion to the previous work, it has been recommended to have the support of relevant authorities that dictate that connected vehicles must be security certified if they are intended to be part of connected intelligent transport systems.
From jtsec we hope that this work will serve to advance in the standardization security evaluations of modern connected vehicles.
