Security of 5G-V2X: Technologies, Standardization and Research Directions

Cellular-Vehicle to Everything (C-V2X) aims at resolving issues pertaining to the traditional usability of Vehicle to Infrastructure (V2I) and Vehicle to Vehicle (V2V) networking. Specifically, C-V2X lowers the number of entities involved in vehicular communications and allows the inclusion of cellular-security solutions to be applied to V2X. For this, the evolvement of LTE-V2X is revolutionary, but it fails to handle the demands of high throughput, ultra-high reliability, and ultra-low latency alongside its security mechanisms. To counter this, 5G-V2X is considered as an integral solution, which not only resolves the issues related to LTE-V2X but also provides a function-based network setup. Several reports have been given for the security of 5G, but none of them primarily focuses on the security of 5G-V2X. This article provides a detailed overview of 5G-V2X with a security-based comparison to LTE-V2X. A novel Security Reflex Function (SRF)-based architecture is proposed and several research challenges are presented related to the security of 5G-V2X. Furthermore, the article lays out requirements of Ultra-Dense and Ultra-Secure (UD-US) transmissions necessary for 5G-V2X.Comment: 9 pages, 6 figures, Preprin

The Android Platform Security Model

Android is the most widely deployed end-user focused operating system. With its growing set of use cases encompassing communication, navigation, media consumption, entertainment, finance, health, and access to sensors, actuators, cameras, or microphones, its underlying security model needs to address a host of practical threats in a wide variety of scenarios while being useful to non-security experts. The model needs to strike a difficult balance between security, privacy, and usability for end users, assurances for app developers, and system performance under tight hardware constraints. While many of the underlying design principles have implicitly informed the overall system architecture, access control mechanisms, and mitigation techniques, the Android security model has previously not been formally published. This paper aims to both document the abstract model and discuss its implications. Based on a definition of the threat model and Android ecosystem context in which it operates, we analyze how the different security measures in past and current Android implementations work together to mitigate these threats. There are some special cases in applying the security model, and we discuss such deliberate deviations from the abstract model

Citizen Electronic Identities using TPM 2.0

Electronic Identification (eID) is becoming commonplace in several European countries. eID is typically used to authenticate to government e-services, but is also used for other services, such as public transit, e-banking, and physical security access control. Typical eID tokens take the form of physical smart cards, but successes in merging eID into phone operator SIM cards show that eID tokens integrated into a personal device can offer better usability compared to standalone tokens. At the same time, trusted hardware that enables secure storage and isolated processing of sensitive data have become commonplace both on PC platforms as well as mobile devices. Some time ago, the Trusted Computing Group (TCG) released the version 2.0 of the Trusted Platform Module (TPM) specification. We propose an eID architecture based on the new, rich authorization model introduced in the TCGs TPM 2.0. The goal of the design is to improve the overall security and usability compared to traditional smart card-based solutions. We also provide, to the best our knowledge, the first accessible description of the TPM 2.0 authorization model.Comment: This work is based on an earlier work: Citizen Electronic Identities using TPM 2.0, to appear in the Proceedings of the 4th international workshop on Trustworthy embedded devices, TrustED'14, November 3, 2014, Scottsdale, Arizona, USA, http://dx.doi.org/10.1145/2666141.266614

Security Monitoring in Production Areas

Teses de mestrado, Segurança Informática, 2022, Universidade de Lisboa, Faculdade de CiênciasSince the late 1960s, a different set of technologies has been designed and implemented in parallel to assist in automating industrial and manufacturing processes. These systems, created parallel to IT (Information Technologies), became known as OT (Operational Technologies). Unlike IT technologies, these were developed with a different set of requirements. With a focus on resilience to adverse environmental conditions – such as temperature, humidity, and electromagnetic interference – and a need for high availability and near-real-time performance, these technologies took a back seat to other requirements. Such as information integrity and confidentiality. However, the need to automate processes has developed. Today, it is not only industrial areas – such as heavy manufacturing, oil and gas industries, electrical networks, water distribution processes, or sewage treatment – that need to increase their efficiency. The production areas of a manufacturing company also benefit from these two types of technologies – IT and OT. Furthermore, it is on the shop floor – i.e., in a production area – that the two meet and merge and interconnect the two networks to become a blended system. Often the requirements for the operation of one technology are the weak point of the other. A good example is an increasing need for IT devices to connect to the Internet. On the other hand, OT devices that often have inherent difficulty with authentication and authorization processes are exposed to untrusted networks. In recent years, and aggravated by the socio-political changes in the world, incidents in industrial and production areas have become larger and more frequent. As the impact of incidents in these areas has the potential to be immense, companies and government organizations are increasingly willing to implement measures to defend them. For information security, this is fertile ground for developing new methodologies or experimenting and validating existing ones. This master’s work aims to apply a threat model in the context of a production area, thus obtaining a set of the most relevant threats. With the starting point of these threats, the applicability and value of two security monitoring solutions for production areas will be analyzed. In this dissertation’s first part, and after reviewing state-of-the-art with the result of identifying the most mentioned security measures for industrial and manufacturing areas, a contextualization of what a production area will be performed—followed by an example, based on what was observed in the course of this work. After giving this background, a threat model will be created using a STRIDE methodology for identifying and classifying potential threats and using the DREAD methodology for risk assessment. The presentation of an attack tree will show how the identified threats can be linked to achieving the goal of disrupting a production area. After this, a study will be made on which security measures mentioned initially best mitigate the threats identified. In the final part, the two solutions will be analyzed with the functionalities of detecting connected devices and their vulnerabilities and monitoring and identifying security events using network traffic observed in an actual production area. This observation aims to verify the practical value of these tools in mitigating the threats mentioned above. During this work, a set of lessons learned were identified, which are presented as recommendations in a separate chapter

Engineering design knowledge management in de-centralised virtual enterprises

The problems of collaborative engineering design and knowledge management at the conceptual stage in a network of dissimilar enterprises was investigated. This issue in engineering design is a result of the supply chain and virtual enterprise (VE) oriented industry that demands faster time to market and accurate cost/manufacturing analysis from conception. The solution consisted of a de-centralised super-peer net architecture to establish and maintain communications between enterprises in a VE. In the solution outlined below, the enterprises are able to share knowledge in a common format and nomenclature via the building-block shareable super-ontology that can be tailored on a project by project basis, whilst maintaining the common nomenclature of the ‘super-ontology’ eliminating knowledge interpretation issues. The two-tier architecture layout of the solution glues together the peer-peer and super-ontologies to form a coherent system for both internal and virtual enterprise knowledge management and product development

Upgrading and enhancing the LHC logging system

Estágio realizado no CERN, Suiça e orientado pelo Eng.º Ronny Billen e Chris RoderickTese de mestrado integrado. Engenharia Informátca e Computação. Faculdade de Engenharia. Universidade do Porto. 200