Security of 5G-V2X: Technologies, Standardization and ... · [email protected]. N. Guizani is with the...

1

Security of 5G-V2X: Technologies, Standardizationand Research Directions

Vishal Sharma, Ilsun You, Nadra Guizani

Abstract—Cellular-Vehicle to Everything (C-V2X) aims at re-solving issues pertaining to the traditional usability of Vehicleto Infrastructure (V2I) and Vehicle to Vehicle (V2V) networking.Specifically, C-V2X lowers the number of entities involved invehicular communications and allows the inclusion of cellular-security solutions to be applied to V2X. For this, the evolvement ofLTE-V2X is revolutionary, but it fails to handle the demands of highthroughput, ultra-high reliability, and ultra-low latency alongsideits security mechanisms. To counter this, 5G-V2X is consideredas an integral solution, which not only resolves the issues relatedto LTE-V2X but also provides a function-based network setup.Several reports have been given for the security of 5G, but none ofthem primarily focuses on the security of 5G-V2X. This articleprovides a detailed overview of 5G-V2X with a security-basedcomparison to LTE-V2X. A novel Security Reflex Function (SRF)-based architecture is proposed and several research challenges arepresented related to the security of 5G-V2X. Furthermore, thearticle lays out requirements of Ultra-Dense and Ultra-Secure (UD-US) transmissions necessary for 5G-V2X.

Index Terms—5G, Security, V2X, Mobility, Threats.

I. C-V2X: OVERVIEW

The current era of vehicular travel is witnessing a dynamicshift from individually driven vehicles to network controlledvehicles. This new infrastructure is studied under the name ofVehicle-to-Everything (V2X), which aims at controlling vehicu-lar communications for specific operations where a vehicle isable to communicate with any of the other entities availableon the network. Growing from Vehicle-to-Infrastructure (V2I)and Vehicle-to-Vehicle (V2V), V2X broadens the domain of itsapplicability while leveraging on a different range of technolo-gies, such as Dedicated Short-Range Communications (DSRC),Wireless Access in Vehicular Environment (WAVE), Cellular-V2X (C-V2X) that includes Long-Term Evolution V2X (LTE-V2X), 5G Infrastructure Public-Private Partnership (5GPPP-V2X), automated-Ethernet (onboard communications), and Wire-less Local Area Network V2X (WLAN-V2X) [1] [2] [3]. C-V2X is also seen as a base for implementing technologies likeLow Power Wide Area Network (LPWAN), IPv6-Low-PowerWireless Personal Area Network (6LoWPAN) and Long RangeWide Area Network (LoRaWAN) where conservation of energyis the primary motive of the deployed technology.

It has been predominantly established by earlier studies thatC-V2X is a better alternative to any of the existing technologiesbased on the performance and deployment strategies. However,factors like coverage, mobility management, Total Cost of Own-ership (TCO), reliability, latency, security, and scalability are

V. Sharma and I. You (Corresponding Author) are with the De-partment of Information Security Engineering, Soonchunhyang Univer-sity, The Republic of Korea, Email: vishal [email protected], [email protected]. N. Guizani is with the Washington State University, USA,Email: [email protected]. This work is supported by the Soonchun-hyang University Research Fund.

yet to be evaluated based on the existing infrastructure [4] [5].There has been a huge rush towards the establishment of LTE-V2X models while studying the capability of LTE in termsof performance and security. The primary motive for utilizingexisting strategies is for their communication range. To providesecurity for these models, additional functional layers are added.This not only increases the cost of ownership but also decreasesthe compliance of autonomous vehicles [6] [7].

In short, C-V2X aims at bridging the gap between the vehicu-lar and cellular communication industry by supporting a largerange of Information and Communications Technology (ICT)applications. All the major technologies targeting C-V2X canbe observed for the following categories:

A. Multi-Vendor Services Support (MVSS)

V2X depends on the convergence of a large number ofcellular-applications, which are being provided by multiplevendors. In general, C-V2X is considered to be an opera-tional property of a single organization (Original EquipmentManufacturer (OEM)), which uses cellular facilities to controlthe transmissions in the network. However, with a variety ofcellular-applications, it is liable that a single vehicle will besupported by multiple vendors. Thus, Multi-Vendor ServicesSupport (MVSS) becomes one of the crucial principles to befollowed in C-V2X. Layouts through slices, edge-formations,fog-infrastructure, Software Defined Networking (SDN), andNetwork Function Virtualization (NFV) can be the principaltechnologies for MVSS [8].

B. Autonomous Algorithm Safety (AAS)

Algorithms are the key behind the successful operations ofautonomous vehicles in C-V2X. Majority of these algorithmsrely on the formation of a secure channel between the vehicles(V) and all other applications in the network (X). Vulnerabilityin the algorithms can lead to several types of cyber attacks on C-V2X. The threat level increases as vehicles in the network oper-ate from full-assistance to no-assistance (fully-autonomous). Asdiscussed in [1] by the Society of Automotive Engineers (SAE),the AAS depends on the mode of operations and deploymentscenarios of vehicles. Specifically, in C-V2X, channel security,session management, security-patches, key management, accesscontrol, and camouflage-detection are the key perspectives tolook forward to for AAS. Policing, resource management, andrisk mitigation are other issues to be tackled for AAS in C-V2X.

C. Network Control and Safety (NCS)

From the C-V2X point of view, it is required to study networkcontrol and safety as a single component, as their tradeoff

arX

iv:1

905.

0955

5v3

[cs

.NI]

18

Dec

201

9

2

shows a considerable impact on the implementation as well asthe security of the network. Attaining MVSS and AAS helpsto efficiently control the operations in C-V2X. The detectionof anomalies, attack-mitigation, and prevention against zero-day vulnerabilities are other metrics that need to be efficientlyhandled. NCS also accounts for the management of vulnerableactivities, misbehavior detection and session security in C-V2X.

II. USE-CASES FOR SECURE C-V2X

C-V2X aims at facilitating on-the-go network, which primarilymatches similar capabilities of a stand-alone cellular network.Several studies are available that highlight the practical aspectsand application-based use-cases of C-V2X, however, in order tocomplement the existing findings and studies, some use-casesfrom the C-V2X security perspective are listed below:

• Autonomous Car Security: Autonomous cars use real-timedata and instructions from different sensors connected tothe cellular network. The guidance maps for real-timecoordination can be accessed through the C-V2X communi-cations. The security features of C-V2X help to prevent anyimpersonation and replay attack which may misguide thevehicle and lead to interruptions and accidents. The securityconsiderations and applying several key-based mechanismscan help to provide strong encryption for transmissionsinvolving guidance data to autonomous cars.

• Driver Authentications: In assisted cars, secure operationsof C-V2X can help verify the drivers through third-partyauthentications. The medical conditions of the driver canalso be verified through attached sensors and several light-weight authentications can help to quantify access controlto the legitimate driver.

• Vehicle-Health Monitoring: The vehicle’s health can bemonitored through C-V2X, which sends instructions in real-time to car software maintainers for every machine issue.During wrong- configurations, there are high possibilitiesfor an intruder to gain access to the components of a vehiclewhich may be further exploited to gain access to the entirenetwork. Such situations can be encountered through theformation of a secure communication channel in C-V2X.

• Secure Public Safety Communications (PSCs): C-V2X isexpected to play a pivotal role in PSCs by allowing vehiclesto communicate the shortest path to other devices in casessuch as: real-time delivering of food, medicine, and anotherkind of services that are time-sensitive. Moreover, thesecurity features of C-V2X can help extend its applicationsto military and civilians expeditions. The systematic andsecure coordination can help to attain high reliability andlow latency for the devices involved in C-V2X setup.

• Inter and Intra Vehicular Security: Trust and privacy aremajor concerns in the case of inter- and intra-vehicularcommunication [9]. Inter-vehicular communications referto the C-V2X setup that is comprised of vehicles fromdifferent vendors. In such a scenario, security becomes adominant factor, and it is expected to use pseudonyms orproxies for preventing inter-network eavesdropping. Intra-vehicular communication refers to the onboard operationsof a vehicle involved in C-V2X. In this mode, securitytechnologies are required to protect the customer’s private

information and vehicle systems from hackers. The attacksin any of these modes pose a considerable effect on thetrustworthiness of the network as well as creates a hugeimpact on ownership and quality of experience.

• Secure Mobility management and Service Layoffs: Mobilityand service layoffs are the crucial aspects of C-V2X.There are several solutions available that focus on both fastand secure service layoffs and handover management [10].However, with proprietary network formations, the securityfactors become dominant and should be resolved throughmechanisms applicable to C-V2X, especially leveraging onLTE and 5G technologies.

• S-B2MP (Secure Base to Multi-Peer Networks): One ofthe interactively keen examples of C-V2X is B2MP, inwhich a vehicle serves as the Base Station to multiple peers.However, the presence of an attacker on-board may exposethe key metrics of the network, which can be used to launchseveral exploitations leading to a huge impact on the overallformation of C-V2X. Thus, S-B2MP is another security-oriented use case of these networks.

• Secured Named Data Networking (NDN): NDN is a basicnetwork communication mode that supports secure datadirectly at the network layer by making every data packetverifiable. NDN uses ad hoc and broadcast-style communi-cations and is independent of communication technologies.Therefore, it can be used with C-V2X to enhance its featurebased on secure media-independent formations.

• Traffic Management and Anomaly Detections: The traf-fic management includes issues related to speed manage-ment, traffic information, routing information, cooperativenavigation, etc [11]. Moreover, driver-behavior, vehicular-anomalies, and network intruders are other factors affectingthe core functionalities of the vehicular system. Sufficientlysecure mechanisms can help to resolve these issues andidentify potential anomalies prior to their attack.

III. C-V2X SECURITY ARCHITECTURE AND TRENDS

The traditional technologies for V2X, evolving V2I, and V2V,like DSRC and 802.11p, require a large number of entitiesfor connecting vehicles and supporting their transmissions toOEMs. However, with the evolution of C-V2X under 3GPP,the existing cellular infrastructure can be used for supportingvehicular communications. With the advent of LTE technology,the V2X is highlighted for its vast range of applications, and witha shift of LTE towards 5G, the upcoming trends are focusingon utilizing both these architectures to provide security servicesto the involved entities [12] [6] [7]. This section discusses basearchitectures defined for LTE-V2X and 5G-V2X along with theirsecurity concerns and applicability.

A. LTE-V2X

LTE-V2X leverages services from eNB, and Mobility Man-agement Entity (MME), which accounts for providing variouscontrol functions for V2X, as shown in Fig. 1. The standard LTEarchitecture is comprised of Packet Data Network Gateway (P-GW), User Equipment (UE), Serving Gateway (S-GW), HomeSubscriber Server (HSS), and Broadcasting Server (BS). Allof which operate as components of the Evolved Universal

3

Application Server

HSS

MME S-GW BS

P-GW Data NetworkV2X Control

Function

User EquipmentMME Mobile Management EntityBS Broadcasting ServerHSS Home Subscriber ServerE-UTRAN Evolved Universal Terrestrial Radio Access NetworkP-GW Packet Data Network GatewayS-GW Serving GatewayeNB Evolved Node B

E-U

TR

AN

eNB

Identity TheftUser PrivacyAnonymity

ConfidentialityIntegrity

AvailabilityPhishingSniffing

Broadcast StormingAccessibility

AccountabilityAuthentication

Situational AwarenessLocalization

Backward BroadcastingMessage Protection

Channel Secrecy

Requirements

Fig. 1: An illustration of LTE-V2X architecture and securityrequirements [6].

Terrestrial Radio Access Network (E-UTRAN) [13]. The trafficto the Data Network (DN) is facilitated through P-GW andmeasurement report based transmissions are used for supportingvehicular communications. Although efficient, there are a seriesof issues with this architecture as it is unable to provide strongmechanisms for vehicle authentication, credential management,privacy and anonymity of involved entities [14] [9]. Moreover,LTE-V2X does not comply with the upcoming requirements ofultra-low latency and ultra-high reliability [6]. In addition, thereis limited support for positioning and trajectory-based solutionsfor V2X. As depicted in Fig. 1, the security requirements aretedious to resolve based on the component architecture of LTE.Thus, a paradigm shift is required from LTE to 5G for supportingedge computing, which is an integral aspect of V2X services.

B. 5G-V2X

In contrast to LTE, 5G-V2X is a function based architecturewhich primarily focuses on providing service-based accessi-bility to the involved entities. The key advantages of 5G-V2X are service-based policing for applications, low-latency,high-reliability and functional support for V2X, which can beoperated in Non-Standalone 5G (NS-5G) or Standalone-5G (S-5G) mode depending on the deployment changes to the initialarchitecture [7] [15]. NS-5G-V2X is dependent on the underlyingLTE-deployment to facilitate the requirements laid by 5G com-munications. The scope of enhancement to security is limited asthis requires the exact identification of the 5G functions, whichwill match the components defined in LTE [6]. However, with S-5G, the scope widens, but it also requires work from the groundlevel while managing communication back to the core.

The core functions of 5G-V2X setup include; Policy ControlFunction (PCF), Access and Mobility Function (AMF), Authen-tication Server Function (AUSF), Session Management Function(SMF), Application Function (AF), Unified Data Management(UDM), and User Plane Function (UPF), as shown in Fig. 2.

The security features are provided through specified securityfunctions, namely, Authentication Credential Repository andProcessing Function (ARPF), and Security Anchor Function(SEAF) both of which are collocated with the AUSF [15]. Thedetails on each of them can be followed from the technicalspecification by 3GPP on the security of 5G networks [7].However, there are no concurrent studies which discuss thesecurity from V2X perspectives. This article provides an initialscreening of such requirements as discussed in the next section.

Network Core

AUSF UDM

SMF

AMF

UE

UE

SECURITY FUNCTIONS

��

��

��

��

��

��

��

��

��

��

��

��

��

�

��

��

�

��

��

�

UPF

DATA NETWORK

(R)AN

PCF

USER PLANEFUNCTION

PCF: Policy Control Function SMF: Session Management FunctionAMF: Access and Mobility Function UDM: Unified Data ManagementAUSF: Authentication Server Function AF: Application Function(R)AN: (Radio) Access Network UPF: User Plane Function

AF

Computationally expensive security for supporting V2XNo-standard procedures for intra- as well as inter-handovers of vehicles

Dependence on the primary authenticationLacks end to end protection

Rigid and non-reflex access management for handling rapid changesNon-confirmation of the requesting entities

Non-supporting procedures for on-demand gNBs

Fig. 2: An illustration of exemplary scenario for 5G-V2X archi-tecture based on 3GPP TS 23.501.

IV. 5G-V2X: SECURITY ATTACKS, THREATS, ANDREQUIREMENTS

The majority of the shortcomings of DSRC, 802.11p, andLTE-V2X are meant to be handled through the efficient functionhandlers in 5G-V2X. The search for security solutions and possi-ble remedies against known and unknown threats depend on thedeployment strategies of 5G-V2X. If V2X is enabled with NS-5G, the attacks possible on LTE-V2X holds true and can exploitthe services in 5G-V2X. However, with S-5G, the attack windowdecreases and the protection against threats can be increasedwhile maintaining ultra-low latency and ultra-high reliabilityamongst the entities. Network planning and deployment play akey role in deciding the security of 5G-V2X. The placementof functions and control, and decisions on policing implicatepossible exploitation of vulnerabilities. In addition, the exposureof keys and the use of an insecure channel of communicationare other points of attack in 5G-V2X. Moreover, V2X forms the

4

edge component of 5G, which may or may not have a securechannel. Thus, the possibilities of attacks increase when thedevices undergo major mobility transitions. The cell coverageis another issue that can be evaluated by the eavesdropper tolaunch any potential attacks on the vehicles.

A. General Issues

This section provides detail for several key attacks and threatswhen deploying services through 5G-V2X.

• The main reason for a possible attack in 5G-V2X is theirregular placement of gNB, which is the counterpart ofeNB and MME of LTE-V2X. The primary impact can becaused by the authentication and authorization of vehicles.In the semi-autonomous mode, a certificate-based secu-rity, provided through email or semi-autonomous mode, isused assuming the network operates on a secure-line upbetween RSU and OEM. However, with major autonomy,the certificate-based solution may hinder the smooth transitbetween gNBs.

• The presence of a malicious node may exploit the vul-nerability in OBU and gain access to the network (zero-day attacks). Thus, it becomes the responsibility of thenetwork entity to prevent such attacks. Static informationand weak hash functions may lead to certificate forgery.Which prevents the capture of secure elements of a vehicleis an ultimate requirement.

• For cellular-assisted autonomous driving, it is desirableto prevent any known and chosen plain/ciphertext attacks.Such attacks are possible as major sensor informationis shared without encryption. Backward broadcasting andsignal storming are the other issues related to the securityaspect of 5G-V2X.

• Message security is another factor for securing transmis-sions in 5G-V2X. The content in these networks shouldbe secured through secret keys. With the existing securitymodules, the keys are generated by following a hierarchicalpattern. Fresh keys need to be maintained, and synchronizedpatterns must be used to prevent any replay attack or De-synchronous attacks.

• Irrespective of the network planning and layouts, side-channel attacks are tedious to detect and can exploit theentire network by merely affecting the vehicle or gNB inthe 5G setup. In addition to these, service-based attacks areexpected to prevail in 5G-V2X unlike DSRC or LTE-V2Xas all the content in the 5G is expected to be classified intoseveral services. Thus, service-based attack prevention andthreat detection are key issues to focus on while securingthe functionalities in 5G-V2X.

It is worth noting that the security in 5G-V2X not only dependson the security functions but also on the location of certainregular entities/functions, which involve gNB, SMF, AMF, andUPF. Control over any of these exploits the entire network. Thus,it becomes inevitably important to secure the passes betweenthese entities while leveraging the services of security functions.However, the positioning of servers providing security functionsmust be carefully selected. A security anchor function near toa user may lead to several client-side attacks while placing at

the core increases the latency and weakens the links between theAMF, SMF, and UPF.

B. 5G-V2X Specific Security Issues

There is a scarcity of studies and no-concurrent solutionsavailable which predominantly depicts the security aspects of5G-V2X. The ones for NS-5G-V2X only focus on the existingissues limited to the infrastructure support of LTE. In the recentreleases of TS series by 3GPPP [7]1, security is defined for5G-V2X in the Access Stratum and Non-Access Stratum mode.The primary security is defined using 5G-AKA or EAP-AKA’through a hierarchical key distribution. The security is gov-erned through secure key exchanges and by assuming differentstrategies for each of the involved entities. Although this reportprovides a detailed possible layout of security for 5G, it is yet tobe considered for V2X because of differences in the dynamicsand mode of operations of a vehicle from a regular UE.

V to X authentication and securing the credentials are thekey issues to be considered for 5G-V2X [6]. Moreover, networklayout, planning, and handover are yet to have proper solutionsfor both intra- and inter-modes. The deployment of 5G-functionsnear to edge or core also needs further research from a 5G’sperspective. Although, C-V2X (LTE and 5G) decreases thenumber of RSU required in the existing technology focused byvendors (from OEM to Vehicle connectivity), yet there are stillissues pertaining to universal availability, interim-managementof slices, and access management. The requirement of dynamicRSUs, as stated in [6], can be attained through stationedvehicles, but there is no architecture to grasp this facility.

In addition to the above discussions, the 5G security reportsdepend on the expensive backward operations which becomecomplex when applied to V2X solutions. Moreover, the use of aCertificate Revocation List (CRL) for initial authentication canonly be accounted for a dense RSU network, and it involves ahigh dependency on a centralized authority, which is a problemwhen looking at a global deployment of unified V2X technology.The available information in TS reports [7] resolves the perfectforward security for 5G UEs, but there is a gap in the use of thistechnology for V2X. Although, 5G architecture aims to protectkeys used in the next phase, capturing of the vehicle or signaturereplication can lead to the violation of forwarding secrecy. Thus,attaining perfect forward secrecy is a crucial aspect for V2Xbecause of the physical threats to the credentials of vehicles.

Another issue to be taken care of is the extensive depen-dence on the primary authentication and assumption of securityassurance schemes. With the involvement of long-term secretkeys, it is yet to be decided whether these will be generatedthrough the 5G-core or the 5G functional units deployed in theperiphery of OEMs. The protection of long-term keys depends onthe deployment range and positioning of 5G-security functionsfor V2X. SEAF must be placed in the deep network leadingto nearly impossible physical attacks, but this also raises theconcerns as SMF and AMF, in this case, have to be placednear gNB or vehicle for facilitated transitions [7]. The currentversions do not provide any discussion on home network securityof V2X and there are limited discussions on using public-keyoperations when the vehicle is operating in its home network.

13GPP TS 33.501 V0.7.1 (2018-01)

5

��

��

��

��

��

�� !"#!�� $�� %��!#�

"#!�� & � �� '(��

�� !%��)�#��*!%�� %��

��

�+$!�� !"#!�� $��

"#!�� & � �� '(��

� �� ,��,��

��

��

�+$!�� !"#!�� $�� %��!#�

"#!�� & � �� '(��

�� -�..��&��&��.��&��

��

��

�+$!�� !"#!�� $��

"#!�� & � �� '(��

�� !��

/��0��

��

�+$!�� !"#!�� $�� %��!#�

"#!�� & � �� '(��

"��" � ��#��"��"��#��"��

��"��$��

��,��,��

��

�+$!�� !"#!�� $�� %��!#�

"#!�� & � �� '(��

" %&��

+�(��!�*��1�� ,��&(��2��(��

��

�+$!�� !"#!�� $

"#!�� & � ��

"�&�� ""�&�� '�(��3 ��(��&��

��

�+$!�� !"#!�� $��

"#!�� & � ��

�� $��,,��&��2.,��

��!��!��!��4��

��

�+$!�� !"#!�� $

"#!�� & � ��

��$��2��.��2�5��&��,��

��

�+$!�� !"#!��

"#!�� & � ��

'!&��!�� !

�� 6

�+$!�� !"#!�� 6

"#!�� & �6

�(�� %��+��.��$7,��+��.��

��

�+$!�� !"#!��

"#!�� & � ��

) �� !

��

�+$!�� !"#!�� $�� %��!#�

"#!�� & � '(��

� �� (� ��

��%��8��2�5��

�9��

��

�+$!�� !"#!�� $

"#!�� & � '(��

� ��&��! � ��

��&��,��& �,�..��&

��

�+$!�� !"#!�� $

"#!�� '(� & � ��

* ��((��&�� 9��

��!��,��&

��

�+$!�� !"#!��

"#!�� & � ��

* �� " ��

!

��

�+$!�� !"#!�� $��

"#!�� & �

*��+�,��&*!9��!9��

+��!9��

��

�+$!�� !"#!�� $��

"#!�� '(� & � ��

& �� $�� !� � ��& ��

+�,��!

�� !

�+$!�� !"#!��

"#!�� '(�� & � ��

&� �� +�.��&�� (�0��!.��&��

$��.�&��

��

�+$!�� !"#!��

"#!�� & �

- ��%�� $7��2��

��

�+$!�� !"#!�� $�� %��!#�

"#!�� '(� & � ��

&�$�� !

��

�+$!�� !"#!��

"#!��

�(��&��!��9��

��&�!9��,��*��

��

�+$!�� !"#!�� $

"#!�� & � ��

�� 2��(�� (��%++(

! !

�+$!�� !"#!�� $�� %��!#�

"#!�� '(� & � ��

. �� + ��"��&��,��&��.0��0��

��+��5��*��

��

�+$!�� !"#!��

"#!��

Fig. 3: A detailed list of attacks and threats with a focus on the involved and affected entities/functions of C-V2X. (Entity List: -V: Vehicles (on-board units (OBUs))/ User Equipment, R: Road Side Units, AS: Application Server, SF: Security Functions)

Also, attaining end to end protection by preventing Sybil attacksleading to effects on confidentiality and integrity is a mustwhile deploying 5G-V2X solutions. Finally, the confirmationsof requesting entities and identification of vehicles need to bedecided on measuring both performance and security. For aclearer understanding, the impact of several attacks and threatswith a difference in the use of technology is presented in Fig. 3.

V. 5G-V2X: CONCEPTUALIZED ARCHITECTURE

The technology solutions for C-V2X at the moment supportmore of V2V and V2I than V2X. The existing conceptualizedviews leverage 5G security modules for securing V2X communi-cations. However, as discussed in the earlier section, the security

for the majority of the components is done through computa-tionally expensive operations and any sort of attack can causesevere damage. To resolve such issues and to further enhancethe performance, a conceptualized architecture is proposed onthe backbone of the architecture given by 3GPP [7].

A. Architectural Enhancements

The proposed architecture discusses the security inclusionsthrough edge computing where users, vehicles and several sen-sors/devices are treated as a part of everything and strategies areprovided for both intra- as well as inter-handover of vehicles.The proposed conceptualized architecture uses a new function

6

Network Core

AUSF UDM

SMF

AMF SECURITY FUNCTIONS

UPF

DN (R)AN

PCF

AF

gNB

��

��

��

��

��

��

��

��

��

��

��

��

�

�

�

�

�

�

�

�

�

�

�

�

�

SETUP-1 SETUP-2SRF

SRF

SRFgNB

OEM

UPF

DN (R)AN

AFSW

SV SV

UE

SENSOR

KAMF

KSRF-SW

KgNB

KV

ED

GE

NE

TW

OR

K

KgNB

KV

ED

GE

NE

TW

OR

K

INTRA-MODE

KSRF-SW-P

KgNB-P

KV-P

ED

GE

NE

TW

OR

K

KgNB-P

KV-P

ED

GE

NE

TW

OR

K

INTRA-MODE

LOCATION AND TRAJECTORYBASED KEY GENERATION

NO-ADDITIONAL OVERHEADS ADDITIONAL OVERHEADS

KSRF-SW-P(gNB)

KSRF-SW-P(SV)

KSRF-SW-P(V)

KSRF-SW-P

Static Vehicle (SV)as a gNB

(Partial Control)

PARTIAL KEYS (-P)

KSEAF

EDGE-INITIATEDDEVICE/VEHICLE

AUTHENTICATION

EDGE-INITIATEDDEVICE/VEHICLE MOBILITY

MANAGEMENT

The entire process involves one time overhead of obtaining partial keys.

Updates in KSRF-SW-P are required only when user/vehicle side changes are made to the applications. No changes are required in theKSRF-SW as mobility management is kept independent of authentication.

The mobility management can be carried out without re-authentication, based on the decisions passed by SRFs.

Fig. 4: An illustration of the conceptualized 5G-V2X security architecture for intra- and inter-mode of operations for vehicles usingSecurity Reflex Function (SRF).

“Security Reflex Function (SRF)”, as shown in Fig. 4, to supportrapid changes in the network as well as to define policiesfor access management. Moreover, SRF accounts for attainingthe feature of Ultra-Dense and Ultra-Secure (UD-US) mobilitymanagement, which is needed as it is expected that a hugenumber of cellular-supported vehicles will be roaming on roadsdemanding all time connectivity. It is desired to understand thefeatures and operational strategy of SRF before following its rolein 5G-V2X. The details are:

• Edge-based authenticator: SRF provides edge-initiated au-thentication for the entities involved in 5G-V2X. It reducesthe burden of the core by covering user-side roles of SMFand AMF.

• Partial-key allocations: SRF uses partial key allocations byderiving several keys from the keys obtained from AMFand SEAF. It uses device-based specific keys for managingV2X connectivity. It sits on top of gNB and can operate ina dual-mode with the specified gNB.

• Supports on-demand gNB: SRF allows strategic controlover the network by including static vehicles as user-sidegNBs, termed as gNB’. This also helps to support parking-based networks as well as Emergency CommunicationVehicles (ECV).

• Allows splitting and slice management: SRF supports thecore principle of slice management and helps to maintainthe vehicle as well as slice anonymity by deriving severalshort-term keys depending on the mode of operations (intraor inter).

• User-side secondary authentication: SRF allows user-sideauthentication when the static vehicles are used as accesspoints. Moreover, it allows secondary authentication forspecifying route optimization by reducing the number ofintermediate hops while maintaining the end to end security.

• Multi-radio facilities: With vehicles in proximity to ev-erything, it is desired that multiple radio facilities mustbe supported by the 5G security functions. However, it

7

is an expensive operation to include such facilities on alldevices. Thus, SRF act as a common function, which allowsradio-translations to support the security of vehicles havingcommunication in different modes.

B. Workflow and Key Generations

The workflow and key generations in the conceptualizedarchitecture can be orchestrated through specific frameworksor by simply dividing the existing keys. In the derived setup,partial keys are used, which can be treated similarly to thesecondary authentication where SEAF is used to derive severalSEAF’. However, SEAF’ does not account for rapid changes,nor does it provides any support for edge-based V2X security.Additional overheads are also accounted for because of re-verification between the SEAF and SEAF’. In the proposedarchitecture, two different setups can be used to deploy SRFs.

In the first setup, the SRF can be fixed using switch (SW)-hub (gNB) architecture. The SRF then becomes the interfacebetween the gNB and the core security functions and KAMF orKSEAF is used to derive several KSRF−SW and KSRF−SW−P

keys, which further generate the KgNB and KV for the terminalsand vehicles in its periphery. The derived keys are particularlyapplicable either for mobility management or authentication, asshown in Fig. 4. This is the simplest form and it allows easierintra-handovers without additional overheads on gNB. However,it involves additional switches to be placed as a control centerfor several hubs or gNBs.

In the second setup, SRF and gNB are collocated, which addsto the overheads of operations on a single terminal. However,several security-passes and inclusion of additional switches aswell as modifications to the core architecture can be avoided inthis case. As an abstracted view, SRF may look like a derivativeof existing architecture, but it provides a specialized location andtrajectory-based key generations, which adds up to the efficiencyand service-based security requirements of 5G-V2X. Based onthe location as well as the availability of Static Vehicles (SV),SRF keys are used to derive additional keys, KSRF−SW (SV )

and KSRF−SW (V )(Fig. 4), which enable 5G-V2X architectureto use SV as one of the gNBs. This widens the coverage andcan be considered as one of the core solutions for PSCs through5G-V2X2.

C. 5G-V2X Authentication

This conceptualized architecture can be used to support thehost as well as network-initiated authentications. For V2X se-curity, the proposed architecture uses KX and KV for edge-initiated authentication. Both these keys are derived at the edgeand it prevents any long-distance transmissions, which also helpsto attain optimized routes for the derivation of keys as well asV2X authentication. The location and trajectory initiated keygeneration also reduces the signaling overheads as KSRF alonecan be used to generate the edge-side keys.

SRF-based architecture is secure for most of the issues thatare presented in Fig. 3. For the authentication and authorization,SRF derives its keys from AMF, which follows session-wise

2The proposed scheme divides the mobility and authentication proceduresallowing the network to respond quickly to the rapid changes.

key generation, thus, maintaining the freshness throughout theconnectivity. Even if the network synchronization is disturbedfor the vehicles, the SRF maintains an independent connectionto the core security functions, allowing zero-drop during re-verification. Most dominantly, SRF helps to overcome issuesrelated to certificate forgery and also allows expensive public-key operations to be used by providing a short-pass between thevehicles and everything. The vehicles can use dual authenticationthrough SRF, which allows partial authentication with the gNB ornearby sensor and partial authentication with the core functions,once the vehicle-services are initialized.

In the intra-mode, when the vehicles operate in the peripheryof gNB, SV, or a sensor, no additional mechanisms or keyexchanges are required for re-authentication as KV is securelyderived from KSRF . The rapid changes to the network arealso handled by the re-authentication with the SRF, which alsoprevents issues related to access management. For the inter-modeoperations (handover), AMF accounts for the security of SRFsand prevents re-authentication by relying on SRF to check thevalidity of the vehicle under movement.

All these operations help to decrease the total cost of oper-ations, which is measured on the basis of the number of hopsto be traversed for generating keys, especially during the re-authentication. Moreover, the end to end security as well asthe backward security can easily be observed by including theSRF in the existing architecture. SRF also exhibits the controlproperties which can be extended through a different frameworkfor attaining UD-US mobility management. Furthermore, SRF,through the disintegration of authentication and mobility man-agement, allows extensive privacy and anonymous operationsalong with highly secure network management. The disintegratedoperations also reduce the network stress in terms of overheadsby dividing the user-side management functionaries.

To present this, standard EAP-AKA’ is used for authentica-tion when a vehicle moves across the terminals in the tradi-tional [7] and the proposed setup. The proposed architecturebrings authentication near to the vehicle at the edge leading toconservation of 2.5% to 11.3% signaling overheads, as shown inFig. 5, by utilizing the computational model given in [10]. Thesignaling overheads are reduced based on the intermediate hops

128 256 512 1024 128 256 512 1024 128 256 512 10240

500

1000

1500

2000

2500

3000

3500

Message Size (bytes)

Sig

nal

ing

Ove

rhea

ds

(byt

es*h

op

s/se

c)

EAP−AKA’ − SRF involvement with changes to signaling

messages (initial Auth−Req fromSRF instead of AUSF)

EAP−AKA’ EAP−AKA’ − SRF involvement with no changes to signaling

messages

Hops:5~20

Traditional Setup Proposed Architecture

Fig. 5: A graphical comparison for signaling overheads ofvehicle’s mobility through EAP-AKA’ in the traditional and theproposed SRF-based 5G-V2X.

8

EN (12253:2004, 12795:2002,12834:2002, 13372:2004,

14906:2004)SAE, ETSI-ITS, ARIB

DSRC/802.11p

ETSI, 3GPP,5GAA, SAE,

IETF

LTE-V2X

3GPP TS(Leading),

NGMN,5GPPP-WG,ETSI, IETF

LTE-V2X, V2V - DSRC, 802.11p-Reserved : 5.855-5.905 GHz

(US, Europe, Korea)V2X (5G): sub-6GHz

Operational Bands

Existing Standards, Key ReportingOrganizations, Technologies and

Challenges

SC-FDM (C-V2X), Network Slicing, SDN~NFV-:Security:-

Public Key Infrastructure, GroupAuthentication, Slice Authentication,

Edge-Fog Authentication, HybridAuthentication, EPS-AKA, EAP-AKA',

5G-AKA

Technology Enablers

5G-V2X

Research Directions andSecurity Issues of 5G-V2X

Excessive Service Initiations

SRF Positioning

Credential Theft Policing

Zero-Day Vulnerabilities

Signal Storming

Service-Attributed Attacks

Resource Depletion Attack

SRF - Side Channel Attack

Session Hijacking

Configuration Attacks (Key Injections)

Flooding Attacks

Fig. 6: An illustration of existing standards, key reporting organizations, technologies and research challenges particularlyemphasizing the proposed SRF-based 5G-V2X.

involved in authentication. The output for EAP-AKA’ showslesser improvement as the protocol is driven by core securityfunctions. However, to fully utilize the proposed architecture, itis recommended to consider developing novel protocols that canenhance the performance to a large extent at a similar strengthof security.

VI. DISCUSSIONS AND RESEARCH CHALLENGES

Security concerns of C-V2X are dominated by the type ofarchitecture used for deploying devices and entities up to thecore. Especially for 5G-V2X, there are some additional securityconcerns, such as service-based accessibility, signal storming,and edge-based authentications. These issues did not prevailmuch in LTE-V2X; however, for NS-5G-V2X, these becomedominant performance affecting concerns for LTE equipment.Further details can be seen in Fig. 6.

Some of the key research challenges and open issues, whichcan be targeted as a part of future work, while using theconceptualized architecture, are presented below:

• Prevention of excessive service initiations: When an attackeris able to violate the SRF, it may initiate multiple servicesto interrupt the V2X operations.

• SRF positioning: The positioning of the SRF function is anoptimization issue and it may vary from one scenario to thenext. In some cases, where OEM wants direct control of thevehicles, SRF functions need to be placed near the OEM,which will violate the principles of edge-computing. Thus,its positioning and selection of key-relaying solutions aremajor concerns to be resolved.

• Accurate sensor relaying: The location and trajectory-basedkey generations are based on accurate sensor readings.Thus, it is desired that vehicles’ data is accurately retrievedunder all circumstances.

• Credential theft: In case of false requests from the vehicles,the exposure of KV may pose threats to KX , which isthe key of the devices with which the vehicles communi-cate directly. Thus, this will involve re-authentication, butidentification of an instance of re-authentication is tedious,

and it is desired to develop strategies for credential theft.Solutions like self-evaluations and introduction of self-checking logic can help to facilitate these requirementswhenever the vehicles are initiated in the network.

• Configuration attacks: These attacks are most dominant forNS-5G-V2X, as V2V/P broadcasts can be used to misleadthe receiving entity to make wrong decisions. These attacksalso pave a way for routing attacks as well as sessionhijacking.

• Perfect forward secrecy: This issue is applicable to themajority of the networks as no concurrent approach canprovide perfect forward secrecy at an efficient rate. How-ever, with the use of certain technologies and protocols,it can be achieved on the backbone of the conceptualizedarchitecture by utilizing several instances of SRF.

• Insider threats and zero-day attacks: Privacy and anonymityare affected most by insider threats and potential zero-day vulnerabilities. Both these tend to expose the entirenetwork and share the key-exchange phenomenon to outerentities, which can launch attacks to misled the vehicles [9].Thus, managing insider threats and developing strategies toprevent zero-day attacks, by understanding the window ofvulnerability especially for V2X, are major challenges toresolve in 5G-V2X.

VII. CONCLUSION

This article presents an overview of C-V2X technologies andstandards while focusing on the current situations of LTE-V2Xand 5G-V2X. Several use-cases, service supports, and securityrequirements are discussed in detail. Issues related to existing5G-V2X based on standalone as well as non-standalone are pre-sented through comparisons. A conceptualized Security ReflexFunction (SRF)-based architecture is also presented, which aimsto reduce the burden of secure mobility management of vehi-cles in 5G-V2X. In addition, various open issues and researchdirections are discussed which help to understand the currentaspects of 5G-V2X and its security alongside the usability ofthe conceptualized architecture.

9

REFERENCES

[1] Z. MacHardy, A. Khan, K. Obana, and S. Iwashina, “V2X access tech-nologies: Regulation, research, and remaining challenges,” IEEE Commu-nications Surveys Tutorials, vol. 20, pp. 1858–1877, thirdquarter 2018.

[2] P. Wang, B. Di, H. Zhang, K. Bian, and L. Song, “Platoon cooperation incellular V2X networks for 5G and beyond,” IEEE Transactions on WirelessCommunications, vol. 18, no. 8, pp. 3919–3932, 2019.

[3] A. Earls, “WLAN, radar, IoT, V2X to complement 5G at IMS,” EE-Evaluation Engineering, vol. 56, no. 6, pp. 8–13, 2017.

[4] H. S. Ma, E. Zhang, S. Li, Z. Lv, and J. Hu, “A V2X design for 5G networkbased on requirements of autonomous driving,” tech. rep., SAE TechnicalPaper, https://doi.org/10.4271/2016-01-1887, 2016.

[5] Y. Yang, S. Dang, Y. He, and M. Guizani, “Markov decision-based pilotoptimization for 5G V2X vehicular communications,” IEEE Internet ofThings Journal, pp. 1–1, 2018.

[6] “Cellular V2X Communications Towards 5G.”https://www.5gamericas.org/cellular-v2x-communications-towards-5g/[Last Accessed - March 2019].

[7] “Technical specification -3GPP TS 33.501.”http://www.3gpp.org/ftp//Specs/archive/33 series/33.501/ [Last Accessed -March 2019].

[8] C. Campolo, A. Molinaro, A. Iera, and F. Menichella, “5g networkslicing for vehicle-to-everything services,” IEEE Wireless Communications,vol. 24, no. 6, pp. 38–45, 2017.

[9] A. Zhang and X. Lin, “Security-aware and privacy-preserving d2d com-munications in 5g,” IEEE Network, vol. 31, no. 4, pp. 70–77, 2017.

[10] V. Sharma, I. You, F. Palmieri, D. N. K. Jayakody, and J. Li, “Secure andenergy-efficient handover in fog networks using blockchain-based dmm,”IEEE Communications Magazine, vol. 56, no. 5, pp. 22–31, 2018.

[11] L. Hobert, A. Festag, I. Llatser, L. Altomare, F. Visintainer, and A. Ko-vacs, “Enhancements of V2X communication in support of cooperativeautonomous driving,” IEEE communications magazine, vol. 53, no. 12,pp. 64–70, 2015.

[12] R. Molina-Masegosa and J. Gozalvez, “LTE-V for sidelink 5G V2Xvehicular communications: a new 5G technology for short-range vehicle-to-everything communications,” IEEE Vehicular Technology Magazine,vol. 12, no. 4, pp. 30–39, 2017.

[13] K. Ahmed and M. J. Lee, “Secure resource allocation for LTE-basedV2X service,” IEEE Transactions on Vehicular Technology, pp. 1–1.10.1109/TVT.2018.2868609, 2018.

[14] K. Bian, G. Zhang, and L. Song, “Toward secure crowd sensing in vehicle-to-everything networks,” IEEE Network, vol. 32, no. 2, pp. 126–131, 2018.

[15] S. Chen, J. Hu, Y. Shi, Y. Peng, J. Fang, R. Zhao, and L. Zhao, “Vehicle-to-everything (V2X) services supported by LTE-based systems and 5G,” IEEECommunications Standards Magazine, vol. 1, no. 2, pp. 70–76, 2017.

Security of 5G-V2X: Technologies, Standardization and ... · [email protected]. N. Guizani is with the...

Documents

Transcript of Security of 5G-V2X: Technologies, Standardization and ... · [email protected]. N. Guizani is with the...