2CeVau: “Cybersecure Corridors for eVehicle Automation” is a CEF Telecommunication Sector funded project. 2CeVau will develop cybersecurity capabilities for connected vehicles in the context of a complete risk and hazard analysis (threats, vulnerabilities, attacks and countermeasures) focusing on use cases for the “Thessaloniki, Sofia, Belgrade (GR-BG-SRB)” 5G cross-border corridor. It will examine the corridor as a unified set of services, hardware and software components with possible multi-standard, multinational variations exposed to cyber threats. Following this analysis, it will develop a Security Assessment Tool that will increase preparedness for relevant software and hardware components and will facilitate CSIRTs to assess, audit and report security issues for the 5G corridor.
The connected vehicle constitutes a cyber-physical system comprised of heterogeneous hardware, software and network components intended to lead towards safer and more efficient transportation, lower environmental footprint and improved end-user experience. The connected vehicle complexity and diversity exposes a variety of services, links and interfaces resulting in a large attack surface. In addition to well-established vehicle-to-everything (V2X) communications and Intelligent Transportation System (ITS) services, the emerging transition to electric vehicles introduces additional vulnerabilities and threats. Electromobility increasingly relies on data exchanges with the infrastructure and most notably, the smart grids. The involved concepts e.g., energy-roaming raise a broad set of security and privacy issues; location-based services and personal data can have implications on personal privacy. Those concerns, if left unaddressed, could jeopardize the proliferation of ITS.
During Digital Day 2017, the 29 EU member states signed a Letter of Intent with the agreement to designate digital cross-border corridors, where vehicles can physically move across borders and where the cross-border road safety, data access, data quality and liability, connectivity and digital technologies can be tested and demonstrated. In this context, 2CeVau will focus on 5G-corridor crossing and invest effort to develop a complete (i.e., from modeling to implementation level) cybersecurity analysis.
2CeVau aspires to advance the state-of-the-art, since:
- it will investigate use cases from all levels of automation regarding autonomous driving, identifying new challenges and rigorous requirements towards self-driving vehicles.
- it will address privacy issues regarding connected and electric vehicles. For example: time of charging indicates location and duration of stay; location of charging stations identifies common roots; power consumption leads to info regarding financial statues, etc.
- it will include hazards and failures (non-malicious risks) as part of the assessment procedure, in order to increase the system capability to offer safe and reliable services.
2CeVau will provide the model for the development of resilient and secure data flows in the connected vehicle ecosystem under the 5G V2X framework. Moreover, it will provide basic guidelines for the cyber-physical shielding of the underlying assets during their lifecycle. Finally, in order to define a full risk management circle, penetration tests for validation and evaluation of security features and controls will be performed, as well as a reporting and auditing software tool for security assessment will be developed.
2CeVau will focus on the “Thessaloniki (Greece), Sofia (Bulgaria), Belgrade (Serbia)” 5G cross-border corridor. The project involvement in the corridor is twofold: a) Examine the corridor as a unified set of services, hardware and software components with possible multi-standard, multinational variations exposed to cyber threats, b) Propose a complete risk-analysis model to serve as a guideline for the coordination of the Greek task force mandated to handle issues related to the implementation of the experimental 5G corridor
2CeVau will be implemented by University of Piraeus Research Center (UPRC) and Institute of Communication and Computer Systems (ICCS) – two prestigious ICT research institutes – in cooperation with the Hellenic ministry of Digital Policy, Telecommunications and Media, that holds a leading role in the establishment of the above corridor. The expected achievements of 2CeVau will contribute towards awareness-raising regarding the threats and vulnerabilities appearing in the diverse setting of 5G cross-border ITS corridors under emerging transportation paradigms (i.e., electromobility). In line with the objectives of the Directive (EU) 2016/1148, our lessons-learned will be communicated to the National CSIRT to shape the National strategy on secure automotive communications as well as to the corresponding CSIRTs network that will further strengthen the coordination among Member states towards a common level of ITS security.
As a summary, 2CeVau proposes to develop new cybersecurity capabilities for connected vehicles in the context of a complete risk and hazard analysis (threats, vulnerabilities, attacks and countermeasures) focusing on use cases for the “Thessaloniki, Sofia, Belgrade” 5G cross-border corridor. In addition, 2CeVau proposes the development of a Security Assessment Tool that will increase preparedness for relevant software and hardware components and will facilitate CSIRTs to assess, audit and report security issues for the 5G corridor.