[go: up one dir, main page]

WO2023115348A1 - V2x security device, first vehicle, a v2x communication system and methods - Google Patents

V2x security device, first vehicle, a v2x communication system and methods Download PDF

Info

Publication number
WO2023115348A1
WO2023115348A1 PCT/CN2021/140155 CN2021140155W WO2023115348A1 WO 2023115348 A1 WO2023115348 A1 WO 2023115348A1 CN 2021140155 W CN2021140155 W CN 2021140155W WO 2023115348 A1 WO2023115348 A1 WO 2023115348A1
Authority
WO
WIPO (PCT)
Prior art keywords
vehicle
message
security device
untrusted
broadcast
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/CN2021/140155
Other languages
French (fr)
Inventor
Fengpei Zhang
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Telefonaktiebolaget LM Ericsson AB
Original Assignee
Telefonaktiebolaget LM Ericsson AB
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Telefonaktiebolaget LM Ericsson AB filed Critical Telefonaktiebolaget LM Ericsson AB
Priority to PCT/CN2021/140155 priority Critical patent/WO2023115348A1/en
Publication of WO2023115348A1 publication Critical patent/WO2023115348A1/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • H04W12/121Wireless intrusion detection systems [WIDS]; Wireless intrusion prevention systems [WIPS]
    • H04W12/122Counter-measures against attacks; Protection against rogue devices
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/67Risk-dependent, e.g. selecting a security level depending on risk profiles
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/30Services specially adapted for particular environments, situations or purposes
    • H04W4/40Services specially adapted for particular environments, situations or purposes for vehicles, e.g. vehicle-to-pedestrians [V2P]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/10Integrity
    • H04W12/108Source integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/63Location-dependent; Proximity-dependent

Definitions

  • the invention relates to a V2X security device, a first vehicle, a V2X communication system, corresponding methods and corresponding computer programs.
  • V2X is a technology that allows vehicles to communicate with any entity that may affect a vehicle, and vice versa.
  • V2X consists of types of communications, such as Vehicle-to-infrastructure, V2I, Vehicle-to-network, V2N, Vehicle-to-vehicle, V2V, Vehicle-to-pedestrian, V2P, and others.
  • the Uu interface refers to a logical interface between a User Equipment, UE, and a base station.
  • the Uu interface could be used as a V2N interface.
  • 3GPP introduces a PC5 interface (defined as ‘sidelink’ in Study on NR Vehicle-to-Everything (V2X) , 3GPP TR 38.885 V16.0.0; 2019-03-28) for direct communication between C-V2X devices.
  • PC5 interface defined as ‘sidelink’ in Study on NR Vehicle-to-Everything (V2X) , 3GPP TR 38.885 V16.0.0; 2019-03-28
  • V2X is also essential for safe and efficient autonomous driving.
  • V2X communication can alert an autonomous driving vehicle to objects out of the autonomous driving vehicle sight (non-line-of-sight) .
  • V2X infrastructure currently provides connectivity and device level authentication and authorization. However, one security aspect missing is message forgery detection.
  • vehicles In safety-critical scenarios, vehicles, especially autonomous driving vehicles, cannot trust a content of a received V2V message, as an untrusted vehicle may have forged a fake content of a message in order to cause a response from a vehicle receiving the fake content of the message, which response may cause unwanted behavior of the vehicle that received the fake content of the message, even dangerous behavior.
  • an untrusted vehicle can broadcast a fake emergency brake message to one or more passing vehicles, hence causing a traffic congestion and dangerous braking, which may even cause collisions.
  • an individual vehicle may detect a forged message sent from another vehicle to avoid a safety threat.
  • the in-vehicle approach may protect an individual vehicle in real-time, such as in disclosed in “LIM K, TULADHAR M K, KIM H. Detection location spoofing using ADAS sensors in VANETs, January 2019.
  • IEEE annual Consumer communications &Network Conference (CCNC) 16th Annual Conference. IEEE, 2019” .
  • a V2X security device configured to obtain, from a first vehicle, a message comprising a V2V message from a second vehicle.
  • the V2X security device is configured to verify a content of the message by checking whether the V2V message is sent by the second vehicle.
  • the V2X security device is configured to modify a value associated with the second vehicle, if the V2V message is suspected to be untrusted by the V2X security device, and determine, based on the modified value associated with the second vehicle, whether to: send a command to broadcast a notification alerting one or more vehicles that the second vehicle is untrusted; and/or send a command to revoke a certificate of V2V communication for the second vehicle to a Certificate Authority device.
  • a connected vehicle is informing a central entity, such as a V2X platform, of a suspected untrusted vehicle in the V2X system. The central entity notifies the knowledge of a suspected untrusted vehicle in the V2X system.
  • the V2X security device is configured to determine whether the V2V message is trusted; and ignore the message if the V2V message is determined to be trusted.
  • the V2X security device limits the use of resources to determined untrusted vehicle.
  • the V2X security device is configured to determine whether the first vehicle is an untrusted vehicle and discard the message from the first vehicle, if the first vehicle is determined to be an untrusted vehicle. This is advantageous as the V2X security should not trust implicitly the first vehicle. In case the first vehicle is an untrusted vehicle, use of resources is saved.
  • the command to broadcast the notification is sent if the value of the second vehicle is below a first threshold value.
  • the second vehicle will be known as a suspected untrusted vehicle in the V2X system.
  • the command to revoke the certificate is sent if the value is below a second threshold value.
  • the untrusted second vehicle will not be able to communication with a vehicle in the V2X system.
  • the message is sent if the first vehicle has determined that the V2V message is suspected to be untrusted.
  • the first vehicle shares its knowledge of an existence of an untrusted vehicle in the V2X system.
  • the message comprises a vehicle identifier, a timestamp for the V2V message and a message content of the V2V message with a digital signature of the second vehicle.
  • the message comprises a location for the second vehicle.
  • the verification of the content of the message is one or more of: validate that the digital signature is associated with the second vehicle and that the vehicle identifier is also associated with the second vehicle and/or verify the V2V message content with the timestamp by determining whether the timestamp corresponds to an event indicated in the V2V message.
  • the content of the V2V message send by the second vehicle is compared to information known and available to the V2X security device.
  • the verification of the content of the message is verifying, by a location device, whether the location for the second vehicle corresponds to a current location for the second vehicle.
  • the location of the second vehicle is verified with the location referred in the V2V message.
  • the broadcast command is sent to a Broadcast/multicast service system.
  • a vehicle connected to the V2X system is alerting of the existence of a suspected untrusted vehicle.
  • a first vehicle is provided.
  • the first vehicle is connected to a V2X security device.
  • the first vehicle is configured to receive a V2V message from a second vehicle.
  • the first vehicle is configured to determine whether the V2V message is untrusted.
  • the first vehicle is configured to send a message to a V2X security device, the message comprising the V2V message, if the V2V message is determined to be untrusted.
  • the first vehicle is configured to receive a notification alerting the first vehicle that the second vehicle is suspected to be an untrusted vehicle, wherein the notification is based on a determination in the V2X security device that the second vehicle is suspected to be an untrusted vehicle.
  • the first vehicle is alerted of the existence of a suspected untrusted vehicle.
  • the message comprises a vehicle identifier, a timestamp for the V2V message and a message content of the V2V message with a digital signature of the second vehicle.
  • the message comprises a location for the second vehicle.
  • the V2V message is received over a PC5 interface.
  • the V2V message is received over Dedicated Short-Range Communications, DSRC.
  • a V2X communication system is provided.
  • the V2X communication system is comprising a V2X security device according to any embodiments of the first aspect of the invention, a Certificate Authority device, and a Broadcast/multicast device.
  • the Certificate Authority device is configured to: receive a command from the V2X security device and revoke a certificate of V2V communication of the second vehicle.
  • the Broadcast/multicast device is configured to receive a command from the V2X security device and broadcast a notification to one or more vehicles.
  • the V2X communication system is comprised in a 3GPP core network.
  • a method performed by a V2X security device comprises obtaining, from a first vehicle, a message comprising a V2V message from a second vehicle.
  • the method comprises verifying a content of the message by checking whether the V2V message is sent by the second vehicle.
  • the method comprises modifying a value associated with the second vehicle, if the V2V message is suspected to be untrusted by the V2X security device, and determining, based on the modified value associated with the second vehicle, whether to send a command to broadcast a notification alerting one or more vehicles that the second vehicle is untrusted; and/or send a command to revoke a certificate of V2V communication for the second vehicle to a Certificate Authority device.
  • the method comprises determining whether the V2V message is untrusted, and ignoring the message if the V2V message is determined to be trusted.
  • the method comprises determining whether the first vehicle is an untrusted vehicle, and discarding the message from the first vehicle, if the first vehicle is determined to be an untrusted vehicle.
  • the command to broadcast the notification is sent if the value is below a first threshold value.
  • the command to revoke the certificate is sent if the value is below a second threshold value.
  • the message is sent if the first vehicle has determined that the V2V message is suspected to be untrusted.
  • the message comprises a vehicle identifier, a timestamp for the V2V message and a message content of the V2V message with a digital signature of the second vehicle.
  • the message comprises a location for the second vehicle.
  • the verifying of the content of the message is one or more of: validating that the digital signature is associated with the second vehicle and that the vehicle identifier is also associated with the second vehicle and/or verifying the V2V message content with the timestamp by determining whether the timestamp corresponds to an event indicated in the V2V message.
  • the verifying of the content of the message is verifying, by a location device, whether the location for the second vehicle corresponds to a current location for the second vehicle.
  • the broadcast command is sent to a Broadcast/multicast service system.
  • a method performed by a first vehicle is provided.
  • the first vehicle is connected to a V2X security device.
  • the method comprises receiving a V2V message from a second vehicle.
  • the method comprises determining whether the V2V message is untrusted.
  • the method comprises sending a message to the V2X security device, the message comprising the V2V message, if the V2V message is determined to be untrusted.
  • the method comprises receiving a notification alerting the first vehicle that the second vehicle is suspected to be an untrusted vehicle, wherein the notification is based on a determination in the V2X security device that the second vehicle is suspected to be an untrusted vehicle.
  • the message comprises a vehicle identifier, a timestamp for the V2V message and a message content of the V2V message with a digital signature of the second vehicle.
  • the message comprises a location for the second vehicle.
  • the V2V message is received over a PC5 interface.
  • the V2V message is received over Dedicated Short-Range Communications, DSRC.
  • a method performed by a V2X communication system comprises a V2X security device according to any embodiments of the fourth aspect, a Certificate Authority device and a Broadcast/multicast device.
  • the method comprises the Certificate Authority device receiving a command from the V2X security device and revoking a certificate of V2V communication of the second vehicle.
  • the method comprises the Broadcast/multicast device receiving a command from the V2X security device and broadcasting a notification to one or more vehicles.
  • the V2X communication system is comprised in a 3GPP core network.
  • a computer program comprises instructions, which when executed by a V2X security device, causes the V2X security device to obtain, from a first vehicle, a message comprising a V2V message from a second vehicle.
  • the instructions when executed, causes the V2X security device to verify a content of the message by checking whether the V2V message is sent by the second vehicle.
  • the instructions when executed, causes the V2X security device to modify a value associated with the second vehicle, if the V2V message is suspected to be untrusted by the V2X security device, and determine, based on the modified value associated with the second vehicle, whether to send a command to broadcast a notification alerting one or more vehicles that the second vehicle is untrusted; and/or send a command to revoke a certificate of V2V communication for the second vehicle to a Certificate Authority device.
  • the instructions when executed on the V2X security device, causes the V2X security device to determine whether the V2V message is untrusted, and to ignore the message if the message is determined to be trusted.
  • the instructions when executed on the V2X security device, causes the V2X security device to determine whether the first vehicle is an untrusted vehicle, and to discard the message from the first vehicle, if the first vehicle is determined to be an untrusted vehicle.
  • the command to broadcast the notification is sent if the value is below a first threshold value.
  • the command to revoke the certificate is sent if the value is below a second threshold value.
  • the message is sent if the first vehicle has determined that the V2V message is suspected to be untrusted.
  • the message comprises a vehicle identifier, a timestamp for the V2V message and a message content of the V2V message with a digital signature of the second vehicle.
  • the message comprises a location for the second vehicle.
  • the verification of the content of the message is one or more of: validate that the digital signature is associated with the second vehicle and that the vehicle identifier is also associated with the second vehicle and/or verify the V2V message content with the timestamp by determining whether the timestamp corresponds to an event indicated in the V2V message.
  • the verification of the content of the message is verifying, by a location device, whether the location for the second vehicle corresponds to a current location for the second vehicle.
  • the broadcast command is sent to a Broadcast/multicast service system.
  • a computer program comprises instructions, which when executed by a first vehicle, causes the first vehicle to receive a V2V message from a second vehicle.
  • the instructions when executed by the first vehicle, causes the first vehicle to determine whether the V2V message is untrusted.
  • the instructions, when executed by the first vehicle, causes the first vehicle to send a message to a V2X security device, the message comprising the V2V message, if the V2V message is determined to be untrusted.
  • the computer program comprises instructions, which when executed by the first vehicle, causes the first vehicle to receive a notification alerting the vehicle that the second vehicle is suspected to be an untrusted vehicle, wherein the notification is based on a determination in the V2X security device that the second vehicle is suspected to be an untrusted vehicle.
  • the message comprises a vehicle identifier, a timestamp for the V2V message and a message content of the V2V message with a digital signature of the second vehicle.
  • the message comprises a location for the second vehicle.
  • the V2V message is received over a PC5 interface.
  • the V2V message is received over Dedicated Short-Range Communications, DSRC.
  • a computer program comprises instructions.
  • the V2X communication system comprises a V2X security device, a Certificate Authority device and a Broadcast/multicast device.
  • the instructions when executed by the V2X communication system, causes the V2X security device to perform the instructions according to any embodiments of the seventh aspect.
  • the instructions when executed by the V2X communication system, causes the Certificate Authority device to receive a command from the V2X security device and revoke a certificate of V2V communication of the second vehicle.
  • the instructions when executed by the V2X communication system, causes the Broadcast/multicast device to receive a command from the V2X security device and broadcast a notification to one or more vehicles connected to the V2X security system.
  • the computer program is comprised in a 3GPP core network.
  • a computer readable storage medium comprises a computer program according to any embodiments of the seventh aspect.
  • the computer readable storage medium comprises a computer program according to any embodiments of the eighth aspect.
  • the computer readable storage medium comprises a computer program according to any embodiments of the ninth aspect.
  • FIG 1 shows an overview of the system architecture of the invention.
  • Figure 2 shows a signal diagram for a procedure to detect and notify the existence of an untrusted vehicle.
  • Figure 3 shows a method performed by a V2X security device.
  • Figure 4 shows a V2X platform.
  • Figure 5 shows a method performed by a first vehicle.
  • Figure 6 shows a method performed by a V2X communication system.
  • Figure 7 shows a block diagram of a V2X security device.
  • Figure 8 shows a block diagram of a first vehicle device.
  • Figure 9 shows a block diagram of a V2X communication system.
  • Figure 10 shows a block diagram of a V2X security device.
  • Figure 11 shows a block diagram of a first vehicle.
  • Figure 12 shows a block diagram of a V2X communication system.
  • a V2X communication system 100 may be a V2X platform.
  • the V2X platform is a communication platform comprising a group of technologies that are used as a base upon which other applications, processes or technologies are developed.
  • the V2X platform comprises at least one application, process or technology enabling V2X communication.
  • the V2X communication system 100 comprises a V2X security device 102.
  • the V2X communication system 100 may comprise a Certificate Authority device 104.
  • the V2X communication system 100 may comprise a broadcast/multicast device 106.
  • V2X communication system 100 comprises all three of the V2X security device 102, the Certificate Authority device 104 and the broadcast/multicast device 106, but may of course in other embodiments comprise only one of the Certificate Authority device 104 and the broadcast/multicast device 106 in addition to the V2X security device 102, such that the broadcast/multicast device 106 is external to the V2X communication system 100 in an embodiment.
  • One or more vehicles 111, 112 are connected to the V2X communication system 100.
  • the vehicles 111, 112 are vehicles with network connectivity and are able to communicate bidirectionally with one or more systems or entities outside of the individual vehicles 111, 112, such as the V2X communication system 100, and/or the broadcast/multicast device 106.
  • a connected vehicle such as vehicle 111, or 112, here sends location data, telemetry data or events, and is able to receive commands or notifications.
  • the connected vehicle communicates with other vehicles 111, 112 using direct communication technology 114.
  • the direct communication technology 114 is over a PC5 interface in one embodiment. In another embodiment, the direct communication technology 114 is over Dedicated Short-Range Communications, DSRC.
  • the V2X communication system 100 may be a server-side system providing a set of services, such as services provided by the V2X security device 102, the Certificate Authority device 104, the broadcast/multicast device 106, etc.
  • the connected vehicles 111, 112 communicate with the V2X communication system 100 through network connectivity 107 in order to access the service 102, 104, 106.
  • the network connectivity 107 is through a core network for a 3GPP wireless network, e.g. an Evolved Packet Core (EPC) , a 5G Core (5GC) or any core network in any future core network of e.g. a 3GPP network, such as a 6G network.
  • EPC Evolved Packet Core
  • 5GC 5G Core
  • the V2X security device 102 manages the “reputation” of a vehicle in a V2X system.
  • the “reputation” of a connected vehicle gives information on the trustworthiness of the connected vehicle.
  • a second vehicle 112 sends a malicious message to a first vehicle 111 in sending proximity of second vehicle 112, wherein the message sent may contain misinformation concerning an event, such as the existence of a road accident/disaster, that could cause the vehicles receiving the message to use, as an example, an emergency brake function.
  • a vehicle 111, 112 may have the “reputation” of being trusted, untrusted, or suspected to be untrusted. As explained further down, this reputation may be implemented as a value which is compared with a value range or a stored, fixed table.
  • the V2X security device 102 analyzes the message received from the first vehicle 111 and which message at least partly contains data from the second vehicle 112.
  • the second vehicle 112 may be suspected to be untrusted by the first vehicle 111 or may be identified, by the first vehicle 111, to be untrusted.
  • the V2X security device 102 communicates 108, 109, with the Certificate Authority device 104 and/or the broadcast/multicast device 106 to take action.
  • the Certificate Authority device 104 is a server that manages digital certificates for V2X communication, such as V2V communication.
  • the management of the digital certificates comprises issuing of a digital certificate, renewing of the digital certificate and/or revoking the digital certificate.
  • the broadcast/multicast device 106 delivers a content to one or more vehicles in a C-V2X system using a mechanism in a cellular network such as Multimedia Broadcast Multicast Service, MBMS or evolved Multimedia Broadcast Multicast Service, eMBMS.
  • a mechanism in a cellular network such as Multimedia Broadcast Multicast Service, MBMS or evolved Multimedia Broadcast Multicast Service, eMBMS.
  • FIG. 2 a signal diagram for a procedure to detect an untrusted vehicle and notify the existence of the untrusted vehicle to a vehicle is disclosed.
  • the first vehicle 111, the second vehicle 112, the third vehicle 113, the V2X security device 102, the Certificate Authority device104 and the broadcast/multicast device 106 are illustrated.
  • the second vehicle 112 sends a V2V message 250 to the first vehicle 111.
  • the V2V message 250 is sent through direct communication technology 114.
  • the V2V message 250 may be sent over the PC5 interface or the DSRC.
  • the message may be an Internet Protocol (IP) based or a non-IP based message, and in the case of an IP-based message, it is in one embodiment an IPv6 message.
  • IP Internet Protocol
  • IP Internet Protocol
  • IP Internet Protocol
  • IP Internet Protocol
  • IP Internet Protocol
  • IP Internet Protocol
  • IP Internet Protocol
  • IP IPv6 message
  • the message is in one embodiment a message according to one-to-many Proximity-based services (ProSe) Direct Communication, but may alternatively be a one-to-one ProSe Direct Communication message.
  • ProSe Proximity-based services
  • the V2V message 250 may be an Intelligent Transport Systems –Cooperative Awareness Message (ITS-CAM) transmitted periodically.
  • the first vehicle 111 and the second vehicle 112 are vehicle ITS-Stations, ITS-Ss, participating in the V2X communication system 100.
  • the V2V message 250 may comprise a location data, a telemetry, an event, etc.
  • the first vehicle 111 performs a message forgery detection 252 on the received V2V message 250.
  • the message forgery detection 252 may be a message forgery detection, such as in “LIM K, TULADHAR M K, KIM H. Detection location spoofing using ADAS sensors in VANETs, January, 2019. In: IEEE annual Consumer communications &Network Conference (CCNC) , 16th Annual Conference. IEEE, 2019” .
  • CCNC Consumer communications &Network Conference
  • a forged V2V message 250 may comprise information about a non-existing event, such as a road accident or road disaster, that could lead to actions, such as use of emergency brake systems.
  • the first vehicle 111 suspects that the second vehicle 112 sent a forged V2V message 250
  • the first vehicle 111 reports, to the V2X security device 102, the forged V2V message 252 through a message report 254.
  • the message report 254 is a message sent by the first vehicle 111 to the V2X security device 220 to notify the V2X security device 102 of the existence of a suspected and/or detected untrusted vehicle, the second vehicle 112 here.
  • the message report 254 comprises: an identity of the vehicle that sent the forged V2V message 250 (in this example, the second vehicle 112) ; a timestamp representative of if the forged V2V message 250 was sent by the second vehicle 112 or received by the first vehicle 111; and a message content of the forged V2V message 250 with a digital signature of the sending vehicle (here the second vehicle 112) .
  • the V2X security device 102 performs a message report handling procedure 256.
  • the message handling procedure 256 determines whether the V2X security device 102 can trust the first vehicle 111 as a non-untrusted first vehicle and determines whether the content of the V2V message 250 is a message comprising a forged content sent by an untrusted vehicle and whether the V2V message 250 is sent by a suspected and/detected untrusted vehicle.
  • the V2X security device 102 updates a reputation value for the second vehicle 211 during the Malicious Vehicle Identification procedure 258.
  • the reputation value is a numeric value reflecting the trust or untrust given/categorized/classified by the V2X security device 102.
  • the reputation may be initiated as a default value (such as 100) and may be modified (such as decreased or increased) into a modified reputation value whenever a malicious behavior is detected by the V2X security device 102.
  • a malicious behavior by a vehicle is to send a forged V2V message to another vehicle, such as the V2V message 250.
  • a first threshold value, t1, and a second threshold value, t2 may be used to differentiate a suspected untrusted vehicle from an untrusted vehicle.
  • t1 when the t1 is reached by increasing the value associated with a vehicle, then the vehicle is considered as suspected untrusted.
  • t2 which has a higher value than the t1
  • the vehicle is considered as untrusted, i.e. not only suspected to be untrusted.
  • the t1 is reached by decreasing the value associated with a vehicle, then the vehicle is considered as suspected untrusted.
  • the two above examples have in common that there is a first value range of the reputation value for which the vehicle is considered as trusted by the V2X security device 102, a second value range for which the vehicle is determined to be suspected to be untrusted by the V2X security device 102, and a third value range for which the vehicle is determined to be (completely) untrusted by the V2X security device 102.
  • the two examples have in common that there are three levels/types of trustworthiness for the second vehicle is determined by the V2X security device 102.
  • the V2X security device 102 determines whether the second vehicle 112 is a normal/trusted vehicle, a suspected untrusted vehicle or an untrusted vehicle. Once the status of the second vehicle 112 is determined through the malicious vehicle identification procedure 258, then a mitigation action may be taken.
  • the mitigation action is an action taken to reduce or eliminate the risk of an untrusted vehicle communicating with other connected vehicles.
  • Examples of mitigation actions are notifying the presence of an untrusted vehicle and/or revoking a certificate for V2V communication.
  • the V2X security device 102 sends a command (illustrated by 109 in Figure 1) to broadcast a notification 260 alerting one or more vehicles that the second vehicle 112 is untrusted.
  • the broadcast/multicast device 106 sends the notification 260 alerting the one or more vehicles surrounding (such as third vehicle 113) to notify of the existence of a suspected untrusted second vehicle 112.
  • the one or more notified, by 260, vehicles are connected to the broadcast/multimedia device 240.
  • the one or more notified, by 260, vehicles are not connected to the broadcast/multicast device 240.
  • the third vehicle 113 receives the notification 260 alerting of the existence of a suspected untrusted second vehicle 112. In one example, if the third vehicle 113 receives a V2V message from the second vehicle 112, it will not trust the message received by the second vehicle 112. In another example, if the third vehicle 113 receives a message from the second vehicle 112 and messages from other vehicles (such as the first vehicle 111) reporting the same content (such as an event) , then the third vehicle 113 will trust the message received from the second vehicle 112.
  • the V2X security device 102 sends a command, such as 108 in Figure 1, to revoke a certificate of V2V communication for the second vehicle 112 to the Certificate Authority device 104.
  • the Certificate Authority device 104 revokes the second vehicle 112’s certificate of V2V communication. In other words, the second vehicle 112 will not be able to communication with neither the first vehicle 111 nor the third vehicle 113.
  • the V2X security device 102 sends a command 108 to the Certificate Authority device 104 and sends a command 109 to the broadcast/multicast device 240.
  • FIG. 3 a flowchart illustrating a method 300 performed by the V2X security device 102 for enabling notification to another vehicle about an untrusted vehicle or a suspected untrusted vehicle, is shown.
  • the method 300 comprises obtaining 310, from the first vehicle 111, a message comprising a V2V message from the second vehicle 112, such as the step 254 in Figure 2.
  • the message is obtained through network connectivity 107.
  • the message is sent if the first vehicle 111 has determined that the V2V message is suspected or confirmed by the first vehicle 111 to be untrusted, such as in the step 252 of Figure 2.
  • the message comprises a content of the V2V message received by the first vehicle 111; a vehicle identifier, such as an identity for the second vehicle 112, such as a vehicle ID; a timestamp for the V2V message; and/or a message content of the V2V message with a digital signature of the second vehicle 112.
  • the message comprises a location for the second vehicle 112.
  • the first vehicle 111 is a “malicious” vehicle that is determined as suspicious, and/or determined as untrusted. In a case where the first vehicle is “malicious” , the message should not be trusted.
  • the method 300 comprises determining 320 whether the first vehicle 111 is an untrusted vehicle, and discarding 324 the message from the first vehicle 111, if the first vehicle 111 is determined to be an untrusted vehicle.
  • the method 300 comprises determining 314 whether the V2V message sent by the second vehicle 112 is untrusted.
  • V2X security device 102 ignores 318 the message.
  • the method 300 comprises verifying 328 a content of the V2V message by checking whether the V2V message is sent by the second vehicle 112.
  • the verification of the content of the message is validating that the digital signature is associated with the second vehicle 112 and that the vehicle identifier is also associated with the second vehicle 112; and/or verifying the V2V message content with the timestamp by determining whether the timestamp corresponds to an event indicated in the V2V message.
  • the verification of the content of the message is performed by verifying, by a location device 420, whether the location for the second vehicle 112 corresponds to a current location for the second vehicle 112.
  • the reputation value of the second vehicle 112 is deducted (or added, depending on the implementation of the above-described reputation value) .
  • the method 300 comprises modifying 332 a value associated with the second vehicle, if the V2V message is suspected to be untrusted by the V2X security device 102, and determining 334, based on the modified value associated with the second vehicle 112, actions.
  • the actions are whether to send 336 a command to broadcast a notification alerting one or more vehicles that the second vehicle is untrusted; and/or to send 340 a command to revoke a certificate of V2V communication for the second vehicle 112 to a Certificate Authority device 104.
  • the value corresponds to the reputation value described above.
  • the command sent in the step 336 is sent if the value is below the t1. In an embodiment, the command send in the step 340 is sent if the value is below the t2. The command sent in 336 may be sent to the broadcast/multicast device 106.
  • the V2X communication system 400 comprises the V2X security device 102 and a location device 420.
  • the location device 420 is not comprised in the V2X communication system 100.
  • the location device 420 collects a “current” geographical position of a connected vehicle (such as the first vehicle 111 and the second vehicle 112) , to create a database storing trusted location information/geographical position of the vehicle. The collection is done at a predetermined interval, which intervals may be dynamic in the sense that the interval may be adjusted in dependence of the speed of the vehicle such that the collection is made more often than if the speed of the vehicle is slow or even zero.
  • the V2X security device 102 verifies the location of the second vehicle 112 from the location device 420 by using the identity of the second vehicle 112 and the timestamp for the V2V message.
  • the V2X security device 102 validates the location of the second vehicle 112 by considering time difference and speed.
  • the V2X security device 410 validates the location of the second vehicle by using a technique presented in WO 2019052645 A1 to validate Global Positioning System, GPS, location reported by drones. Even though use of GPS or assisted GPS would be typically used, the skilled person understand that alternative embodiments could alternatively or in addition utilize the satellite-based positioning systems Galileo, Glonass, or Beidou.
  • FIG. 5 a flowchart illustrating a method 500 performed by the first vehicle 111, for enabling notification to another vehicle about an untrusted vehicle or a suspected untrusted vehicle, is shown.
  • the method 500 comprises receiving 510 a V2V message from the second vehicle 112.
  • the V2V message corresponds to V2V message of the step 250.
  • the method 500 comprises determining 520 whether the V2V message is untrusted, such as in the step 252 of Figure 2.
  • the method 500 comprises sending 530 a message, such as in the step 254 in Figure 2, to the V2X security device 102.
  • the message comprises the V2V message, if the V2V message is determined to be untrusted in the step 520.
  • the message sent in the step 530 is or corresponds to the message obtained by the V2X security device in the step 310.
  • the method 500 comprises receiving 540 a notification alerting the first vehicle 111 that the second vehicle 112 is suspected to be an untrusted vehicle, wherein the notification is initiated by the sent command in the step 336, in the V2X security device 102 that the second vehicle 112 is suspected to be an untrusted vehicle.
  • FIG. 6 a flowchart illustrating a method 600 performed by the V2X communication system 100 is shown.
  • the V2X communication system 100 comprises the V2X security device 102 performing 610 the steps of the method 300 described above.
  • the V2X communication system 100 comprises the Certificate Authority device 104 and the broadcast/multicast device 106.
  • the method 600 comprises receiving 620 a command, such as the command sent in step 340 of the method 300, from the V2X security device 102.
  • the step 620 is performed by the Certificate Authority device 104.
  • the method 600 comprises revoking 630 a certificate for V2V communication for the second vehicle 112.
  • Step 630 is performed by the Certificate Authority device 104.
  • the method 600 comprises receiving 640 a command, such as the command sent in step 336 of the method 300, from the V2X security device 102.
  • the step 640 is performed by the broadcast/multicast device 106.
  • the method 600 comprises broadcasting 650 a notification alerting and broadcasting a notification to one or more vehicles.
  • the step 650 is performed by the broadcast/multicast device 106.
  • the V2X communication system 100 is comprised in a 3GPP core network.
  • step 620 and step 630 are illustrated as being performed before step 640 and step 650. However, step 640 and step 650 could be performed before or simultaneously to step 620 and step 630.
  • FIG. 7 is a block diagram of the V2X security device 102.
  • the V2X security device 102 comprises a receiving unit 710, a verifying unit 720, a modifying unit 730, a determining unit 740 and a sending unit 750.
  • the receiving unit 710 is configured to perform the step 310 of the method 300 as described above.
  • the verifying unit 720 is configured to perform the step 328 of the method 300 as described above.
  • the modifying unit 730 is configured to perform the step 332 of the method 300 as described above.
  • the determining unit 740 is configured to perform the step 334 of the method 300 as described above. In an embodiment, the determining unit 740 is configured to perform the function of the step 314 and the step 320 of the method 300.
  • the sending unit 750 is configured to perform the steps 336 and 340 of the method 300 as described above.
  • the modifying unit 730 and the determining unit 740 are the same unit.
  • the receiving unit 710 and the sending unit 750 are the same unit, such as a transceiver unit.
  • the receiving unit 710, the verifying unit 720, the modifying unit 730, the determining unit 740 and the sending unit 750 may be implemented as a hardware solution or as a combination of software and hardware, e.g., by one or more of: a processor or a micro-processor and adequate software and memory for storing of the software, a Programmable Logic Device (PLD) or other electronic component (s) or processing circuitry configured to perform the actions described above with regards to the method 300.
  • PLD Programmable Logic Device
  • FIG. 8 is a block diagram of the first vehicle 111.
  • the first vehicle 111 comprises a receiving unit 810, a determining unit 820 and a sending unit 830.
  • the receiving unit 810 is configured to perform the step 510 of the method 500. In an embodiment, the receiving unit 810 is configured to perform the step 540 of the method 500.
  • the determining unit 820 is configured to perform the step 520 of the method 500.
  • the sending unit 830 is configured to perform the step 530 of the method 500.
  • the receiving unit 810 and the sending unit 830 are the same unit, such as a transceiver unit.
  • the receiving unit 810, the determining unit 820 and the sending unit 830 may be implemented as a hardware solution or as a combination of software and hardware, e.g., by one or more of: a processor or a micro-processor and adequate software and memory for storing of the software, a Programmable Logic Device (PLD) or other electronic component (s) or processing circuitry configured to perform the actions described above with regards to the method 500.
  • the receiving unit 810, the determining unit 820 and the sending unit 830 may be parts of a telematics unit embedded in the vehicle 111 and wherein the telematics unit is in communication with a vehicle-internal communication network comprised of buses (e.g. Controller Area Network and Electronic Control Units (ECUs) ) .
  • buses e.g. Controller Area Network and Electronic Control Units (ECUs)
  • FIG. 9 is a block diagram of the V2X communication system 100.
  • the V2X communication system 100 comprises the V2X security device 102, the Certificate Authority device 104, and the broadcast/multicast device 106.
  • the Certificate Authority device 104 comprises a receiving unit 922 and a revoking unit 924.
  • the receiving unit 922 is configured to perform the step 620 of the method 600.
  • the revoking unit 924 is configured to perform the step 630 of the method 600.
  • the broadcast/multicast device 106 comprises a receiving unit 932 and a broadcasting unit 934.
  • the receiving unit 932 is configured to perform the step 640 of the method 600.
  • the broadcast/multicast device 930 is configured to perform the step 650 of the method 600.
  • the receiving unit 922, the revoking unit 924, the receiving unit 932 and the broadcasting unit 934 may be implemented as a hardware solution or as a combination of software and hardware, e.g., by one or more of: a processor or a micro-processor and adequate software and memory for storing of the software, a Programmable Logic Device (PLD) or other electronic component (s) or processing circuitry configured to perform the actions described above with regards to the method 600.
  • PLD Programmable Logic Device
  • the V2X security device 102 comprises a processor 1010, and a computer readable storage medium 1020 in the form of a memory 1025.
  • the memory 1025 contains a computer program 1030 comprising instructions executable by the processor 1010 whereby the V2X security device 102 is operative to perform the steps of the method 300.
  • the first vehicle 111 comprises a processor 1110, and a computer readable storage medium 1120 in the form of a memory 1125.
  • the memory 1125 contains a computer program 1130 comprising instructions executable by the processor 1110 whereby the first vehicle 111 is operative to perform the steps of the method 500.
  • the V2X communication system 100 comprises an embodiment of the V2X security device 102, an embodiment of the Certificate Authority device 104, and an embodiment of the broadcast/multicast device 106.
  • the Certificate Authority device 104 comprises a processor 1222, and a computer readable storage medium 1224 in the form of a memory 1225.
  • the memory 1225 contains a computer program 1226 comprising instructions executable by the processor 1222 whereby Certificate Authority device 104 is operative to perform the steps of the method 600.
  • the broadcast/multicast device 106 comprises a processor 1232, and a computer readable storage medium 1234 in the form of a memory 1235.
  • the memory 1235 contains a computer program 1236 comprising instructions executable by the processor 1232 whereby the broadcast/multicast device 106 is operative to perform the steps of the method 600.
  • the computer programs 1226 and 1236 may be comprised in a 3GPP core network.
  • the (non-transitory) computer readable storage media mentioned above may be an Electrically Erasable Programmable Read-Only Memory (EEPROM) , a flash memory, Field Programmable Gate Array, and a hard drive.
  • EEPROM Electrically Erasable Programmable Read-Only Memory
  • the processors 1010 of Figure 10, 1110 of Figure 11, and 1222, 1232 of Figure 12, may be a single CPU (Central processing unit) , but could also comprise two or more processing units.
  • the processors 1010 of Figure 10, 1110 of Figure 11, and 1222, 1232 of Figure 12 may include general purpose microprocessors; instruction set processors and /or related chips sets and/or special purpose microprocessors such as Application Specific Integrated Circuit (ASICs) .
  • ASICs Application Specific Integrated Circuit
  • the processors 1010 of Figure 10, 1110 of Figure 11, and 1222, 1232 of Figure 12 may also comprise board memory for caching purposes.
  • the computer programs 1030 of Figure 10, 1130 of Figure 11, and 1226, 1236 of Figure 12 may be carried by a computer program product connected to the processors 1010 of Figure 10, 1110 of Figure 11, and 1222, 1232 of Figure 12.
  • the computer program product may be or comprise a non-transitory computer readable storage medium on which the computer programs 1030 of Figure 10, 1130 of Figure 11, and 1226, 1236 of Figure 12 are stored.
  • the computer program product may be a flash memory, a Random-access memory (RAM) , a Read-Only Memory (ROM) , or an EEPROM, and the computer programs described above could in alternative embodiments be distributed on different computer program products in the form of memories.
  • first and second etc. may be used herein to describe various elements, these elements should not be limited by these terms. These terms are only used to distinguish one element from another.
  • first vehicle could be termed the second vehicle, and similarly, the second vehicle could be termed the first vehicle.
  • the term “and/or” includes any and all combinations of one or more of the associated listed terms.
  • the terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of example embodiments.
  • the singular forms “a” , “an” , and “the” are intended to include the plural forms as well, unless the context clearly indicated otherwise.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Small-Scale Networks (AREA)

Abstract

A V2X security device (102), a first vehicle (111), a V2X communication system (100), methods, and computer programs are provided. The V2X security device (100) is configured to:obtain (310), from a first vehicle (111), a message comprising a V2V message from a second vehicle (112); verify (328) a content of the message by checking whether the V2V message is sent by the second vehicle (112); modify (332) a value associated with the second vehicle (112), if the V2V message is suspected to be untrusted by the V2X security device (102), and determine (334), based on the modified value associated with the second vehicle (112), whether to send (336) a command to broadcast a notification alerting one or more vehicles that the second vehicle (112) is untrusted and/or send (340) a command to revoke a certificate of V2V communication for the second vehicle (112) to a Certificate Authority device (104).

Description

V2X SECURITY DEVICE, FIRST VEHICLE, A V2X COMMUNICATION SYSTEM AND METHODS TECHNICAL FIELD
The invention relates to a V2X security device, a first vehicle, a V2X communication system, corresponding methods and corresponding computer programs.
BACKGROUND
V2X is a technology that allows vehicles to communicate with any entity that may affect a vehicle, and vice versa. V2X consists of types of communications, such as Vehicle-to-infrastructure, V2I, Vehicle-to-network, V2N, Vehicle-to-vehicle, V2V, Vehicle-to-pedestrian, V2P, and others.
Cellular-V2X, C-V2X, allows a C-V2X device to use a cellular network connection over a Uu interface. The Uu interface refers to a logical interface between a User Equipment, UE, and a base station. The Uu interface could be used as a V2N interface.
However, due to the amount of messages exchanged during V2V communication, 3GPP introduces a PC5 interface (defined as ‘sidelink’ in Study on NR Vehicle-to-Everything (V2X) , 3GPP TR 38.885 V16.0.0; 2019-03-28) for direct communication between C-V2X devices.
V2X is also essential for safe and efficient autonomous driving. As an example, V2X communication can alert an autonomous driving vehicle to objects out of the autonomous driving vehicle sight (non-line-of-sight) .
V2X infrastructure currently provides connectivity and device level authentication and authorization. However, one security aspect missing is message forgery detection.
In safety-critical scenarios, vehicles, especially autonomous driving vehicles, cannot trust a content of a received V2V message, as an untrusted vehicle may have forged a fake content of a message in order to cause a response from a vehicle receiving the fake content of the message, which response may cause unwanted behavior of the vehicle that received the fake content of the message, even dangerous behavior. As an example, an untrusted vehicle can broadcast a fake emergency brake message to one or more passing vehicles, hence causing a traffic congestion and dangerous braking, which may even cause collisions.
Two approaches to detect an untrusted vehicle exist: in-vehicle detection and message interception.
In the case of in-vehicle detection, an individual vehicle may detect a forged message sent from another vehicle to avoid a safety threat. The in-vehicle approach may protect an individual vehicle in real-time, such as in disclosed in “LIM K, TULADHAR M K, KIM H. Detection location spoofing using ADAS sensors in VANETs, January 2019. In: IEEE annual Consumer communications &Network Conference (CCNC) , 16th Annual Conference. IEEE, 2019” .
In the case of message interception, a mechanism to intercept V2X messages as well as sensor data for server-side message forgery detection is introduced in US 10757114 B2. The message  interception approach is costly for V2V communication due to the number of messages intercepted.
SUMMARY
It is the object of the invention to enable improved security related to V2V communication.
According to a first aspect of the invention, a V2X security device is provided. The V2X security device is configured to obtain, from a first vehicle, a message comprising a V2V message from a second vehicle. The V2X security device is configured to verify a content of the message by checking whether the V2V message is sent by the second vehicle. The V2X security device is configured to modify a value associated with the second vehicle, if the V2V message is suspected to be untrusted by the V2X security device, and determine, based on the modified value associated with the second vehicle, whether to: send a command to broadcast a notification alerting one or more vehicles that the second vehicle is untrusted; and/or send a command to revoke a certificate of V2V communication for the second vehicle to a Certificate Authority device. Hereby is achieved that a solution for detecting an untrusted vehicle and taking actions accordingly to ensure the security of one or more vehicles connected to a V2X system. In particular, a connected vehicle is informing a central entity, such as a V2X platform, of a suspected untrusted vehicle in the V2X system. The central entity notifies the knowledge of a suspected untrusted vehicle in the V2X system.
According to an embodiment of the first aspect, the V2X security device is configured to determine whether the V2V message is trusted; and ignore the message if the V2V message is determined to be trusted. Advantageously, the V2X security device limits the use of resources to determined untrusted vehicle.
According to an embodiment of the first aspect, the V2X security device is configured to determine whether the first vehicle is an untrusted vehicle and discard the message from the first vehicle, if the first vehicle is determined to be an untrusted vehicle. This is advantageous as the V2X security should not trust implicitly the first vehicle. In case the first vehicle is an untrusted vehicle, use of resources is saved.
According to an embodiment of the first aspect, the command to broadcast the notification is sent if the value of the second vehicle is below a first threshold value. Advantageously, the second vehicle will be known as a suspected untrusted vehicle in the V2X system.
According to an embodiment of the first aspect, the command to revoke the certificate is sent if the value is below a second threshold value. Advantageously, the untrusted second vehicle will not be able to communication with a vehicle in the V2X system.
According to an embodiment of the first aspect, the message is sent if the first vehicle has determined that the V2V message is suspected to be untrusted. Advantageously, the first vehicle shares its knowledge of an existence of an untrusted vehicle in the V2X system.
According to an embodiment of the first aspect, the message comprises a vehicle identifier, a timestamp for the V2V message and a message content of the V2V message with a digital signature of the second vehicle.
According to an embodiment of the first aspect, the message comprises a location for the second vehicle.
According to an embodiment of the first aspect, the verification of the content of the message is one or more of: validate that the digital signature is associated with the second vehicle and that the vehicle identifier is also associated with the second vehicle and/or verify the V2V message content with the timestamp by determining whether the timestamp corresponds to an event indicated in the V2V message. Advantageously, the content of the V2V message send by the second vehicle is compared to information known and available to the V2X security device.
According to an embodiment of the first aspect, the verification of the content of the message is verifying, by a location device, whether the location for the second vehicle corresponds to a current location for the second vehicle. Advantageously, the location of the second vehicle is verified with the location referred in the V2V message.
According to an embodiment of the first aspect, the broadcast command is sent to a Broadcast/multicast service system. Advantageously, a vehicle connected to the V2X system is alerting of the existence of a suspected untrusted vehicle.
According to a second aspect of the invention, a first vehicle is provided. The first vehicle is connected to a V2X security device. The first vehicle is configured to receive a V2V message from a second vehicle. The first vehicle is configured to determine whether the V2V message is untrusted. The first vehicle is configured to send a message to a V2X security device, the message comprising the V2V message, if the V2V message is determined to be untrusted.
According to an embodiment of the second aspect, the first vehicle is configured to receive a notification alerting the first vehicle that the second vehicle is suspected to be an untrusted vehicle, wherein the notification is based on a determination in the V2X security device that the second vehicle is suspected to be an untrusted vehicle. Advantageously, the first vehicle is alerted of the existence of a suspected untrusted vehicle.
According to an embodiment of the second aspect, the message comprises a vehicle identifier, a timestamp for the V2V message and a message content of the V2V message with a digital signature of the second vehicle.
According to an embodiment of the second aspect, the message comprises a location for the second vehicle.
According to an embodiment of the second aspect, the V2V message is received over a PC5 interface.
According to an embodiment of the second aspect, the V2V message is received over Dedicated Short-Range Communications, DSRC.
According to a third aspect of the invention, a V2X communication system is provided. The V2X communication system is comprising a V2X security device according to any embodiments of the first aspect of the invention, a Certificate Authority device, and a Broadcast/multicast device. The Certificate Authority device is configured to: receive a command from the V2X security device and revoke a certificate of V2V communication of the  second vehicle. The Broadcast/multicast device is configured to receive a command from the V2X security device and broadcast a notification to one or more vehicles.
According to an embodiment of the third aspect, the V2X communication system is comprised in a 3GPP core network.
According to a fourth aspect of the invention, a method performed by a V2X security device is provided. The method comprises obtaining, from a first vehicle, a message comprising a V2V message from a second vehicle. The method comprises verifying a content of the message by checking whether the V2V message is sent by the second vehicle. The method comprises modifying a value associated with the second vehicle, if the V2V message is suspected to be untrusted by the V2X security device, and determining, based on the modified value associated with the second vehicle, whether to send a command to broadcast a notification alerting one or more vehicles that the second vehicle is untrusted; and/or send a command to revoke a certificate of V2V communication for the second vehicle to a Certificate Authority device.
According to an embodiment of the fourth aspect, the method comprises determining whether the V2V message is untrusted, and ignoring the message if the V2V message is determined to be trusted.
According to an embodiment of the fourth aspect, the method comprises determining whether the first vehicle is an untrusted vehicle, and discarding the message from the first vehicle, if the first vehicle is determined to be an untrusted vehicle.
According to an embodiment of the fourth aspect, the command to broadcast the notification is sent if the value is below a first threshold value.
According to an embodiment of the fourth aspect, the command to revoke the certificate is sent if the value is below a second threshold value.
According to an embodiment of the fourth aspect, the message is sent if the first vehicle has determined that the V2V message is suspected to be untrusted.
According to an embodiment of the fourth aspect, the message comprises a vehicle identifier, a timestamp for the V2V message and a message content of the V2V message with a digital signature of the second vehicle.
According to an embodiment of the fourth aspect of the invention, the message comprises a location for the second vehicle.
According to an embodiment of the fourth aspect, the verifying of the content of the message is one or more of: validating that the digital signature is associated with the second vehicle and that the vehicle identifier is also associated with the second vehicle and/or verifying the V2V message content with the timestamp by determining whether the timestamp corresponds to an event indicated in the V2V message.
According to an embodiment of the fourth aspect, the verifying of the content of the message is verifying, by a location device, whether the location for the second vehicle corresponds to a current location for the second vehicle.
According to an embodiment of the fourth aspect, the broadcast command is sent to a Broadcast/multicast service system.
According to a fifth aspect of the invention, a method performed by a first vehicle is provided. The first vehicle is connected to a V2X security device. The method comprises receiving a V2V message from a second vehicle. The method comprises determining whether the V2V message is untrusted. The method comprises sending a message to the V2X security device, the message comprising the V2V message, if the V2V message is determined to be untrusted.
According to an embodiment of the fifth aspect, the method comprises receiving a notification alerting the first vehicle that the second vehicle is suspected to be an untrusted vehicle, wherein the notification is based on a determination in the V2X security device that the second vehicle is suspected to be an untrusted vehicle.
According to an embodiment of the fifth aspect, the message comprises a vehicle identifier, a timestamp for the V2V message and a message content of the V2V message with a digital signature of the second vehicle.
According to an embodiment of the fifth aspect, the message comprises a location for the second vehicle.
According to an embodiment of the fifth aspect, the V2V message is received over a PC5 interface.
According to an embodiment of the fifth aspect, the V2V message is received over Dedicated Short-Range Communications, DSRC.
According to a sixth aspect of the invention, a method performed by a V2X communication system is provided. The V2X communication system comprises a V2X security device according to any embodiments of the fourth aspect, a Certificate Authority device and a Broadcast/multicast device. The method comprises the Certificate Authority device receiving a command from the V2X security device and revoking a certificate of V2V communication of the second vehicle. The method comprises the Broadcast/multicast device receiving a command from the V2X security device and broadcasting a notification to one or more vehicles.
According to an embodiment of the sixth aspect, the V2X communication system is comprised in a 3GPP core network.
According to a seventh aspect of the invention, a computer program is provided. The computer program comprises instructions, which when executed by a V2X security device, causes the V2X security device to obtain, from a first vehicle, a message comprising a V2V message from a second vehicle. The instructions, when executed, causes the V2X security device to verify a content of the message by checking whether the V2V message is sent by the second vehicle. The instructions, when executed, causes the V2X security device to modify a value associated with the second vehicle, if the V2V message is suspected to be untrusted by the V2X security device, and determine, based on the modified value associated with the second vehicle, whether to send a command to broadcast a notification alerting one or more vehicles that the second vehicle is untrusted; and/or send a command to revoke a certificate of V2V communication for the second vehicle to a Certificate Authority device.
According to an embodiment of the seventh aspect, the instructions, when executed on the V2X security device, causes the V2X security device to determine whether the V2V message is untrusted, and to ignore the message if the message is determined to be trusted.
According to an embodiment of the seventh aspect, the instructions, when executed on the V2X security device, causes the V2X security device to determine whether the first vehicle is an untrusted vehicle, and to discard the message from the first vehicle, if the first vehicle is determined to be an untrusted vehicle.
According to an embodiment of the seventh aspect, the command to broadcast the notification is sent if the value is below a first threshold value.
According to an embodiment of the seventh aspect, the command to revoke the certificate is sent if the value is below a second threshold value.
According to an embodiment of the seventh aspect, the message is sent if the first vehicle has determined that the V2V message is suspected to be untrusted.
According to an embodiment of the seventh aspect, the message comprises a vehicle identifier, a timestamp for the V2V message and a message content of the V2V message with a digital signature of the second vehicle.
According to an embodiment of the seventh aspect, the message comprises a location for the second vehicle.
According to an embodiment of the seventh aspect, the verification of the content of the message is one or more of: validate that the digital signature is associated with the second vehicle and that the vehicle identifier is also associated with the second vehicle and/or verify the V2V message content with the timestamp by determining whether the timestamp corresponds to an event indicated in the V2V message.
According to an embodiment of the seventh aspect, the verification of the content of the message is verifying, by a location device, whether the location for the second vehicle corresponds to a current location for the second vehicle.
According to an embodiment of the seventh aspect, the broadcast command is sent to a Broadcast/multicast service system.
According to an eighth aspect of the invention, a computer program is provided. The computer program comprises instructions, which when executed by a first vehicle, causes the first vehicle to receive a V2V message from a second vehicle. The instructions, when executed by the first vehicle, causes the first vehicle to determine whether the V2V message is untrusted. The instructions, when executed by the first vehicle, causes the first vehicle to send a message to a V2X security device, the message comprising the V2V message, if the V2V message is determined to be untrusted.
According to an embodiment of the eighth aspect, the computer program comprises instructions, which when executed by the first vehicle, causes the first vehicle to receive a notification alerting the vehicle that the second vehicle is suspected to be an untrusted vehicle, wherein the  notification is based on a determination in the V2X security device that the second vehicle is suspected to be an untrusted vehicle.
According to an embodiment of the eighth aspect, the message comprises a vehicle identifier, a timestamp for the V2V message and a message content of the V2V message with a digital signature of the second vehicle.
According to an embodiment of the eighth aspect, the message comprises a location for the second vehicle.
According to an embodiment of the eighth aspect, the V2V message is received over a PC5 interface.
According to an embodiment of the eighth aspect, the V2V message is received over Dedicated Short-Range Communications, DSRC.
According to a ninth aspect of the invention, a computer program is provided. The computer program comprises instructions. The V2X communication system comprises a V2X security device, a Certificate Authority device and a Broadcast/multicast device. The instructions, when executed by the V2X communication system, causes the V2X security device to perform the instructions according to any embodiments of the seventh aspect. The instructions, when executed by the V2X communication system, causes the Certificate Authority device to receive a command from the V2X security device and revoke a certificate of V2V communication of the second vehicle. The instructions, when executed by the V2X communication system, causes the Broadcast/multicast device to receive a command from the V2X security device and broadcast a notification to one or more vehicles connected to the V2X security system.
According to an embodiment of the ninth aspect, the computer program is comprised in a 3GPP core network.
According to a tenth aspect of the invention, a computer readable storage medium is provided. The computer readable storage medium comprises a computer program according to any embodiments of the seventh aspect. The computer readable storage medium comprises a computer program according to any embodiments of the eighth aspect. The computer readable storage medium comprises a computer program according to any embodiments of the ninth aspect.
Even though advantages of the invention have in some cases been described with reference to embodiments of the first aspect, and the second aspect, corresponding reasoning applies to embodiments of other aspects of the invention.
Further objectives of, features of, and advantages with, the invention will become apparent when studying the following detailed disclosure, the drawings, and the appended claims. Those skilled in the art realize that different features of the invention can be combined to create embodiments other than those described in the following.
BRIEF DESCRIPTION OF THE DRAWINGS
The above, as well as additional objects, features and advantages of the invention, will be better understood through the following illustrative and non-limiting detailed description of embodiments of the invention, with reference to the appended drawings, in which:
Figure 1 shows an overview of the system architecture of the invention.
Figure 2 shows a signal diagram for a procedure to detect and notify the existence of an untrusted vehicle.
Figure 3 shows a method performed by a V2X security device.
Figure 4 shows a V2X platform.
Figure 5 shows a method performed by a first vehicle.
Figure 6 shows a method performed by a V2X communication system.
Figure 7 shows a block diagram of a V2X security device.
Figure 8 shows a block diagram of a first vehicle device.
Figure 9 shows a block diagram of a V2X communication system.
Figure 10 shows a block diagram of a V2X security device.
Figure 11 shows a block diagram of a first vehicle.
Figure 12 shows a block diagram of a V2X communication system.
All the figures are schematic, and generally only show parts which are necessary in order to elucidate the invention, wherein other parts may be omitted or merely suggested.
DETAILED DESCRIPTION
The invention will now be described more fully herein with reference to the accompanying drawings, in which certain embodiments are shown. This invention may, however, be embodied in many different forms and should not be construed as limited to the embodiments set forth herein. Rather, these embodiments are provided by way of example so that this disclosure will be thorough and complete, and will fully convey the scope of the invention to those skilled in the art.
V2X communication system 100 may be a V2X platform. The V2X platform is a communication platform comprising a group of technologies that are used as a base upon which other applications, processes or technologies are developed. The V2X platform comprises at least one application, process or technology enabling V2X communication. The V2X communication system 100 comprises a V2X security device 102. The V2X communication system 100 may comprise a Certificate Authority device 104. The V2X communication system 100 may comprise a broadcast/multicast device 106. The V2X communication system 100 illustrated in Fig. 1 comprises all three of the V2X security device 102, the Certificate Authority device 104 and the broadcast/multicast device 106, but may of course in other embodiments  comprise only one of the Certificate Authority device 104 and the broadcast/multicast device 106 in addition to the V2X security device 102, such that the broadcast/multicast device 106 is external to the V2X communication system 100 in an embodiment.
One or  more vehicles  111, 112 are connected to the V2X communication system 100. The  vehicles  111, 112 are vehicles with network connectivity and are able to communicate bidirectionally with one or more systems or entities outside of the  individual vehicles  111, 112, such as the V2X communication system 100, and/or the broadcast/multicast device 106.
A connected vehicle, such as  vehicle  111, or 112, here sends location data, telemetry data or events, and is able to receive commands or notifications. The connected vehicle communicates with  other vehicles  111, 112 using direct communication technology 114. The direct communication technology 114 is over a PC5 interface in one embodiment. In another embodiment, the direct communication technology 114 is over Dedicated Short-Range Communications, DSRC.
The V2X communication system 100 may be a server-side system providing a set of services, such as services provided by the V2X security device 102, the Certificate Authority device 104, the broadcast/multicast device 106, etc.
The  connected vehicles  111, 112 communicate with the V2X communication system 100 through network connectivity 107 in order to access the  service  102, 104, 106. The network connectivity 107 is through a core network for a 3GPP wireless network, e.g. an Evolved Packet Core (EPC) , a 5G Core (5GC) or any core network in any future core network of e.g. a 3GPP network, such as a 6G network. The V2X security device 102 manages the “reputation” of a vehicle in a V2X system. The “reputation” of a connected vehicle gives information on the trustworthiness of the connected vehicle. As an example, a second vehicle 112 sends a malicious message to a first vehicle 111 in sending proximity of second vehicle 112, wherein the message sent may contain misinformation concerning an event, such as the existence of a road accident/disaster, that could cause the vehicles receiving the message to use, as an example, an emergency brake function. A  vehicle  111, 112 may have the “reputation” of being trusted, untrusted, or suspected to be untrusted. As explained further down, this reputation may be implemented as a value which is compared with a value range or a stored, fixed table.
The V2X security device 102 analyzes the message received from the first vehicle 111 and which message at least partly contains data from the second vehicle 112. The second vehicle 112 may be suspected to be untrusted by the first vehicle 111 or may be identified, by the first vehicle 111, to be untrusted. In the case where the second vehicle is suspected to be untrusted and/or identified to be untrusted, the V2X security device 102 communicates 108, 109, with the Certificate Authority device 104 and/or the broadcast/multicast device 106 to take action. The Certificate Authority device 104 is a server that manages digital certificates for V2X communication, such as V2V communication. The management of the digital certificates comprises issuing of a digital certificate, renewing of the digital certificate and/or revoking the digital certificate. The broadcast/multicast device 106 delivers a content to one or more vehicles in a C-V2X system using a mechanism in a cellular network such as Multimedia Broadcast Multicast Service, MBMS or evolved Multimedia Broadcast Multicast Service, eMBMS.
In Figure 2, a signal diagram for a procedure to detect an untrusted vehicle and notify the existence of the untrusted vehicle to a vehicle is disclosed. The first vehicle 111, the second  vehicle 112, the third vehicle 113, the V2X security device 102, the Certificate Authority device104 and the broadcast/multicast device 106 are illustrated.
The second vehicle 112 sends a V2V message 250 to the first vehicle 111. The V2V message 250 is sent through direct communication technology 114. The V2V message 250 may be sent over the PC5 interface or the DSRC. In case of a message over the PC5 interface, the message may be an Internet Protocol (IP) based or a non-IP based message, and in the case of an IP-based message, it is in one embodiment an IPv6 message. The message is in one embodiment a message according to one-to-many Proximity-based services (ProSe) Direct Communication, but may alternatively be a one-to-one ProSe Direct Communication message. In another example, the V2V message 250 may be an Intelligent Transport Systems –Cooperative Awareness Message (ITS-CAM) transmitted periodically. In this example, the first vehicle 111 and the second vehicle 112 are vehicle ITS-Stations, ITS-Ss, participating in the V2X communication system 100. The V2V message 250 may comprise a location data, a telemetry, an event, etc.
The first vehicle 111 performs a message forgery detection 252 on the received V2V message 250. The message forgery detection 252 may be a message forgery detection, such as in “LIM K, TULADHAR M K, KIM H. Detection location spoofing using ADAS sensors in VANETs, January, 2019. In: IEEE annual Consumer communications &Network Conference (CCNC) , 16th Annual Conference. IEEE, 2019” .
A forged V2V message 250 may comprise information about a non-existing event, such as a road accident or road disaster, that could lead to actions, such as use of emergency brake systems. In the case where the first vehicle 111 suspects that the second vehicle 112 sent a forged V2V message 250, then the first vehicle 111 reports, to the V2X security device 102, the forged V2V message 252 through a message report 254. The message report 254 is a message sent by the first vehicle 111 to the V2X security device 220 to notify the V2X security device 102 of the existence of a suspected and/or detected untrusted vehicle, the second vehicle 112 here.
The message report 254 comprises: an identity of the vehicle that sent the forged V2V message 250 (in this example, the second vehicle 112) ; a timestamp representative of if the forged V2V message 250 was sent by the second vehicle 112 or received by the first vehicle 111; and a message content of the forged V2V message 250 with a digital signature of the sending vehicle (here the second vehicle 112) .
The V2X security device 102 performs a message report handling procedure 256. The message handling procedure 256 determines whether the V2X security device 102 can trust the first vehicle 111 as a non-untrusted first vehicle and determines whether the content of the V2V message 250 is a message comprising a forged content sent by an untrusted vehicle and whether the V2V message 250 is sent by a suspected and/detected untrusted vehicle.
The V2X security device 102 updates a reputation value for the second vehicle 211 during the Malicious Vehicle Identification procedure 258. The reputation value is a numeric value reflecting the trust or untrust given/categorized/classified by the V2X security device 102. The reputation may be initiated as a default value (such as 100) and may be modified (such as decreased or increased) into a modified reputation value whenever a malicious behavior is detected by the V2X security device 102. A malicious behavior by a vehicle is to send a forged V2V message to another vehicle, such as the V2V message 250.
A first threshold value, t1, and a second threshold value, t2, may be used to differentiate a suspected untrusted vehicle from an untrusted vehicle. In a first example, when the t1 is reached by increasing the value associated with a vehicle, then the vehicle is considered as suspected untrusted. In the same example, when the t2, which has a higher value than the t1, is reached by increasing the value associated with the vehicle, then the vehicle is considered as untrusted, i.e. not only suspected to be untrusted. In a second example, when the t1 is reached by decreasing the value associated with a vehicle, then the vehicle is considered as suspected untrusted. In the same example, when the t2, which has a lower value than the t1, is reached by decreasing the value associated with the vehicle, then the vehicle is considered untrusted. In other words, the two above examples have in common that there is a first value range of the reputation value for which the vehicle is considered as trusted by the V2X security device 102, a second value range for which the vehicle is determined to be suspected to be untrusted by the V2X security device 102, and a third value range for which the vehicle is determined to be (completely) untrusted by the V2X security device 102. Hence the two examples have in common that there are three levels/types of trustworthiness for the second vehicle is determined by the V2X security device 102.
Based on the modified reputation value of the second vehicle 112, the V2X security device 102 determines whether the second vehicle 112 is a normal/trusted vehicle, a suspected untrusted vehicle or an untrusted vehicle. Once the status of the second vehicle 112 is determined through the malicious vehicle identification procedure 258, then a mitigation action may be taken.
The mitigation action is an action taken to reduce or eliminate the risk of an untrusted vehicle communicating with other connected vehicles. Examples of mitigation actions are notifying the presence of an untrusted vehicle and/or revoking a certificate for V2V communication.
In the case where the second vehicle 112 is suspected to be an untrusted vehicle, the V2X security device 102 sends a command (illustrated by 109 in Figure 1) to broadcast a notification 260 alerting one or more vehicles that the second vehicle 112 is untrusted.
The broadcast/multicast device 106 sends the notification 260 alerting the one or more vehicles surrounding (such as third vehicle 113) to notify of the existence of a suspected untrusted second vehicle 112. In one example, the one or more notified, by 260, vehicles are connected to the broadcast/multimedia device 240. In another example, the one or more notified, by 260, vehicles are not connected to the broadcast/multicast device 240.
The third vehicle 113 receives the notification 260 alerting of the existence of a suspected untrusted second vehicle 112. In one example, if the third vehicle 113 receives a V2V message from the second vehicle 112, it will not trust the message received by the second vehicle 112. In another example, if the third vehicle 113 receives a message from the second vehicle 112 and messages from other vehicles (such as the first vehicle 111) reporting the same content (such as an event) , then the third vehicle 113 will trust the message received from the second vehicle 112.
In the case where the second vehicle 211 is detected to be an untrusted vehicle, the V2X security device 102 sends a command, such as 108 in Figure 1, to revoke a certificate of V2V communication for the second vehicle 112 to the Certificate Authority device 104.
The Certificate Authority device 104 revokes the second vehicle 112’s certificate of V2V communication. In other words, the second vehicle 112 will not be able to communication with neither the first vehicle 111 nor the third vehicle 113.
In another alternative, the V2X security device 102 sends a command 108 to the Certificate Authority device 104 and sends a command 109 to the broadcast/multicast device 240.
In Figure 3, a flowchart illustrating a method 300 performed by the V2X security device 102 for enabling notification to another vehicle about an untrusted vehicle or a suspected untrusted vehicle, is shown.
The method 300 comprises obtaining 310, from the first vehicle 111, a message comprising a V2V message from the second vehicle 112, such as the step 254 in Figure 2. The message is obtained through network connectivity 107.
In an embodiment, the message is sent if the first vehicle 111 has determined that the V2V message is suspected or confirmed by the first vehicle 111 to be untrusted, such as in the step 252 of Figure 2. The message comprises a content of the V2V message received by the first vehicle 111; a vehicle identifier, such as an identity for the second vehicle 112, such as a vehicle ID; a timestamp for the V2V message; and/or a message content of the V2V message with a digital signature of the second vehicle 112.
In an embodiment, the message comprises a location for the second vehicle 112.
In an embodiment, the first vehicle 111 is a “malicious” vehicle that is determined as suspicious, and/or determined as untrusted. In a case where the first vehicle is “malicious” , the message should not be trusted. Hence, the method 300 comprises determining 320 whether the first vehicle 111 is an untrusted vehicle, and discarding 324 the message from the first vehicle 111, if the first vehicle 111 is determined to be an untrusted vehicle.
In an embodiment, the method 300 comprises determining 314 whether the V2V message sent by the second vehicle 112 is untrusted. Optional embodiment, if the V2V message is trusted, then V2X security device 102 ignores 318 the message.
The method 300 comprises verifying 328 a content of the V2V message by checking whether the V2V message is sent by the second vehicle 112. In one embodiment, the verification of the content of the message is validating that the digital signature is associated with the second vehicle 112 and that the vehicle identifier is also associated with the second vehicle 112; and/or verifying the V2V message content with the timestamp by determining whether the timestamp corresponds to an event indicated in the V2V message. In an embodiment, the verification of the content of the message is performed by verifying, by a location device 420, whether the location for the second vehicle 112 corresponds to a current location for the second vehicle 112.
In the case where the V2X security device 102 cannot validate in the step 328, the message received, then the reputation value of the second vehicle 112 is deducted (or added, depending on the implementation of the above-described reputation value) .
In case the second vehicle 112 is suspected to be suspicious, the method 300 comprises modifying 332 a value associated with the second vehicle, if the V2V message is suspected to  be untrusted by the V2X security device 102, and determining 334, based on the modified value associated with the second vehicle 112, actions. The actions are whether to send 336 a command to broadcast a notification alerting one or more vehicles that the second vehicle is untrusted; and/or to send 340 a command to revoke a certificate of V2V communication for the second vehicle 112 to a Certificate Authority device 104. The value corresponds to the reputation value described above.
In one embodiment, the command sent in the step 336 is sent if the value is below the t1. In an embodiment, the command send in the step 340 is sent if the value is below the t2. The command sent in 336 may be sent to the broadcast/multicast device 106.
In Figure 4, an embodiment of the V2X communication system 100is illustrated. The V2X communication system 400 comprises the V2X security device 102 and a location device 420. In another embodiment, the location device 420 is not comprised in the V2X communication system 100. The location device 420 collects a “current” geographical position of a connected vehicle (such as the first vehicle 111 and the second vehicle 112) , to create a database storing trusted location information/geographical position of the vehicle. The collection is done at a predetermined interval, which intervals may be dynamic in the sense that the interval may be adjusted in dependence of the speed of the vehicle such that the collection is made more often than if the speed of the vehicle is slow or even zero. The V2X security device 102 verifies the location of the second vehicle 112 from the location device 420 by using the identity of the second vehicle 112 and the timestamp for the V2V message. The V2X security device 102 validates the location of the second vehicle 112 by considering time difference and speed. For example, the V2X security device 410 validates the location of the second vehicle by using a technique presented in WO 2019052645 A1 to validate Global Positioning System, GPS, location reported by drones. Even though use of GPS or assisted GPS would be typically used, the skilled person understand that alternative embodiments could alternatively or in addition utilize the satellite-based positioning systems Galileo, Glonass, or Beidou.
In Figure 5, a flowchart illustrating a method 500 performed by the first vehicle 111, for enabling notification to another vehicle about an untrusted vehicle or a suspected untrusted vehicle, is shown.
The method 500 comprises receiving 510 a V2V message from the second vehicle 112. The V2V message corresponds to V2V message of the step 250.
The method 500 comprises determining 520 whether the V2V message is untrusted, such as in the step 252 of Figure 2.
The method 500 comprises sending 530 a message, such as in the step 254 in Figure 2, to the V2X security device 102. The message comprises the V2V message, if the V2V message is determined to be untrusted in the step 520. The message sent in the step 530 is or corresponds to the message obtained by the V2X security device in the step 310.
Optionally the method 500 comprises receiving 540 a notification alerting the first vehicle 111 that the second vehicle 112 is suspected to be an untrusted vehicle, wherein the notification is initiated by the sent command in the step 336, in the V2X security device 102 that the second vehicle 112 is suspected to be an untrusted vehicle.
In Figure 6, a flowchart illustrating a method 600 performed by the V2X communication system 100 is shown. The V2X communication system 100 comprises the V2X security device 102 performing 610 the steps of the method 300 described above. The V2X communication system 100 comprises the Certificate Authority device 104 and the broadcast/multicast device 106.
The method 600 comprises receiving 620 a command, such as the command sent in step 340 of the method 300, from the V2X security device 102. The step 620 is performed by the Certificate Authority device 104.
The method 600 comprises revoking 630 a certificate for V2V communication for the second vehicle 112. Step 630 is performed by the Certificate Authority device 104.
The method 600 comprises receiving 640 a command, such as the command sent in step 336 of the method 300, from the V2X security device 102. The step 640 is performed by the broadcast/multicast device 106.
The method 600 comprises broadcasting 650 a notification alerting and broadcasting a notification to one or more vehicles. The step 650 is performed by the broadcast/multicast device 106.
In an embodiment, the V2X communication system 100 is comprised in a 3GPP core network. In Figure 6, step 620 and step 630 are illustrated as being performed before step 640 and step 650. However, step 640 and step 650 could be performed before or simultaneously to step 620 and step 630.
Figure 7 is a block diagram of the V2X security device 102. The V2X security device 102 comprises a receiving unit 710, a verifying unit 720, a modifying unit 730, a determining unit 740 and a sending unit 750.
The receiving unit 710 is configured to perform the step 310 of the method 300 as described above.
The verifying unit 720 is configured to perform the step 328 of the method 300 as described above.
The modifying unit 730 is configured to perform the step 332 of the method 300 as described above.
The determining unit 740 is configured to perform the step 334 of the method 300 as described above. In an embodiment, the determining unit 740 is configured to perform the function of the step 314 and the step 320 of the method 300.
The sending unit 750 is configured to perform the  steps  336 and 340 of the method 300 as described above.
In an embodiment, the modifying unit 730 and the determining unit 740 are the same unit. In an embodiment, the receiving unit 710 and the sending unit 750 are the same unit, such as a transceiver unit.
The receiving unit 710, the verifying unit 720, the modifying unit 730, the determining unit 740 and the sending unit 750 may be implemented as a hardware solution or as a combination of software and hardware, e.g., by one or more of: a processor or a micro-processor and adequate software and memory for storing of the software, a Programmable Logic Device (PLD) or other electronic component (s) or processing circuitry configured to perform the actions described above with regards to the method 300.
Figure 8 is a block diagram of the first vehicle 111. The first vehicle 111 comprises a receiving unit 810, a determining unit 820 and a sending unit 830.
The receiving unit 810 is configured to perform the step 510 of the method 500. In an embodiment, the receiving unit 810 is configured to perform the step 540 of the method 500.
The determining unit 820 is configured to perform the step 520 of the method 500.
The sending unit 830 is configured to perform the step 530 of the method 500.
In an embodiment, the receiving unit 810 and the sending unit 830 are the same unit, such as a transceiver unit.
The receiving unit 810, the determining unit 820 and the sending unit 830 may be implemented as a hardware solution or as a combination of software and hardware, e.g., by one or more of: a processor or a micro-processor and adequate software and memory for storing of the software, a Programmable Logic Device (PLD) or other electronic component (s) or processing circuitry configured to perform the actions described above with regards to the method 500. The receiving unit 810, the determining unit 820 and the sending unit 830 may be parts of a telematics unit embedded in the vehicle 111 and wherein the telematics unit is in communication with a vehicle-internal communication network comprised of buses (e.g. Controller Area Network and Electronic Control Units (ECUs) ) .
Figure 9 is a block diagram of the V2X communication system 100. The V2X communication system 100 comprises the V2X security device 102, the Certificate Authority device 104, and the broadcast/multicast device 106.
The Certificate Authority device 104 comprises a receiving unit 922 and a revoking unit 924. The receiving unit 922 is configured to perform the step 620 of the method 600. The revoking unit 924 is configured to perform the step 630 of the method 600.
The broadcast/multicast device 106 comprises a receiving unit 932 and a broadcasting unit 934. The receiving unit 932 is configured to perform the step 640 of the method 600. The broadcast/multicast device 930 is configured to perform the step 650 of the method 600.
The receiving unit 922, the revoking unit 924, the receiving unit 932 and the broadcasting unit 934 may be implemented as a hardware solution or as a combination of software and hardware, e.g., by one or more of: a processor or a micro-processor and adequate software and memory for storing of the software, a Programmable Logic Device (PLD) or other electronic component (s) or processing circuitry configured to perform the actions described above with regards to the method 600.
In Figure 10, an embodiment of the V2X security device 102 is provided. The V2X security device 102 comprises a processor 1010, and a computer readable storage medium 1020 in the form of a memory 1025. The memory 1025 contains a computer program 1030 comprising instructions executable by the processor 1010 whereby the V2X security device 102 is operative to perform the steps of the method 300.
In Figure 11, an embodiment the first vehicle 111 is provided. The first vehicle 111 comprises a processor 1110, and a computer readable storage medium 1120 in the form of a memory 1125. The memory 1125 contains a computer program 1130 comprising instructions executable by the processor 1110 whereby the first vehicle 111 is operative to perform the steps of the method 500.
In Figure 12, an embodiment of the V2X communication system 100 is provided. The V2X communication system 100 comprises an embodiment of the V2X security device 102, an embodiment of the Certificate Authority device 104, and an embodiment of the broadcast/multicast device 106.
The Certificate Authority device 104 comprises a processor 1222, and a computer readable storage medium 1224 in the form of a memory 1225. The memory 1225 contains a computer program 1226 comprising instructions executable by the processor 1222 whereby Certificate Authority device 104 is operative to perform the steps of the method 600.
The broadcast/multicast device 106 comprises a processor 1232, and a computer readable storage medium 1234 in the form of a memory 1235. The memory 1235 contains a computer program 1236 comprising instructions executable by the processor 1232 whereby the broadcast/multicast device 106 is operative to perform the steps of the method 600.
The  computer programs  1226 and 1236 may be comprised in a 3GPP core network.
The (non-transitory) computer readable storage media mentioned above may be an Electrically Erasable Programmable Read-Only Memory (EEPROM) , a flash memory, Field Programmable Gate Array, and a hard drive.
The processors 1010 of Figure 10, 1110 of Figure 11, and 1222, 1232 of Figure 12, may be a single CPU (Central processing unit) , but could also comprise two or more processing units. For example, the processors 1010 of Figure 10, 1110 of Figure 11, and 1222, 1232 of Figure 12, may include general purpose microprocessors; instruction set processors and /or related chips sets and/or special purpose microprocessors such as Application Specific Integrated Circuit (ASICs) . The processors 1010 of Figure 10, 1110 of Figure 11, and 1222, 1232 of Figure 12, may also comprise board memory for caching purposes. The computer programs 1030 of Figure 10, 1130 of Figure 11, and 1226, 1236 of Figure 12 may be carried by a computer program product connected to the processors 1010 of Figure 10, 1110 of Figure 11, and 1222, 1232 of Figure 12. The computer program product may be or comprise a non-transitory computer readable storage medium on which the computer programs 1030 of Figure 10, 1130 of Figure 11, and 1226, 1236 of Figure 12 are stored. For example, the computer program product may be a flash memory, a Random-access memory (RAM) , a Read-Only Memory (ROM) , or an EEPROM, and the computer programs described above could in alternative embodiments be distributed on different computer program products in the form of memories.
It shall be understood that although the terms “first” and “second” etc. may be used herein to describe various elements, these elements should not be limited by these terms. These terms are only used to distinguish one element from another. For example, the first vehicle could be termed the second vehicle, and similarly, the second vehicle could be termed the first vehicle. As used herein, the term “and/or” includes any and all combinations of one or more of the associated listed terms. The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of example embodiments. As used herein, the singular forms “a” , “an” , and “the” are intended to include the plural forms as well, unless the context clearly indicated otherwise. It will be further understood that the terms “comprises” , “comprising” , “has” , “having” , “includes” and/or “including” , when used herein, specify the presence of stated features, elements, and/or components etc. but do not preclude the presence or addition of one or more other features, elements, components and/or combinations thereof.
This disclosure has been described above with reference to embodiments thereof. It should be understood that various modifications, alternatives and additions can be made by those skilled in the art without departing from the scope of the disclosure. Therefore, the scope of the disclosure is not limited to the above particular embodiments but only defined by the claims as attached.

Claims (58)

  1. A Vehicle-to-everything, V2X security device (102) configured to:
    - obtain (310) , from a first vehicle (111) , a message comprising a V2V message from a second vehicle (112) ;
    - verify (328) a content of the message by checking whether the V2V message is sent by the second vehicle (112) ; and
    - modify (332) a value associated with the second vehicle (112) , if the V2V message is suspected to be untrusted by the V2X security device (102) , and determine (334) , based on the modified value associated with the second vehicle (112) , whether to:
    ο send (336) a command to broadcast a notification alerting one or more vehicles that the second vehicle (112) is untrusted; and/or
    ο send (340) a command to revoke a certificate of V2V communication for the second vehicle (112) to a Certificate Authority device (104) .
  2. The V2X security device (102) according to claim 1, configured to:
    - determine (314) whether the V2V message is trusted; and
    - ignore (318) the message if the V2V message is determined to be trusted.
  3. The V2X security device (102) according to claim 1 or 2, configured to:
    - determine (320) whether the first vehicle (111) is an untrusted vehicle; and
    - discard (324) the message from the first vehicle (111) , if the first vehicle (111) is determined to be an untrusted vehicle.
  4. The V2X security device (102) according to any one of claims 1-3, wherein the command to broadcast the notification is sent if the value of the second vehicle (112) is below a first threshold value.
  5. The V2X security device (102) according to any one of claims 1-4, wherein the command to revoke the certificate is sent if the value is below a second threshold value.
  6. The V2X security device (102) according to any one of claims 1-5, wherein the message is sent if the first vehicle (111) has determined that the V2V message is suspected to be untrusted.
  7. The V2X security device (102) according to any one of claims 1-6, wherein the message comprises a vehicle identifier, a timestamp for the V2V message and a message content of the V2V message with a digital signature of the second vehicle.
  8. The V2X security device (102) according to claim 7, wherein the message comprises a location for the second vehicle.
  9. The V2X security device (102) according to claim 7, wherein the verification of the content of the message is one or more of:
    - validate that the digital signature is associated with the second vehicle (112) and that the vehicle identifier is also associated with the second vehicle (112) ; and/or
    - verify the V2V message content with the timestamp by determining whether the timestamp corresponds to an event indicated in the V2V message.
  10. The V2X security device (102) according to any one of claims 7-8, wherein the verification of the content of the message is:
    - verify, by a location device (420) , whether the location for the second vehicle corresponds to a current location for the second vehicle.
  11. The V2X security device (102) according to any one of claims 1-10, wherein the broadcast command is sent to a Broadcast/multicast device (106) .
  12. A first vehicle (111) connected to a V2X security device (102) and configured to:
    - receive (510) a V2V message from a second vehicle (112) ;
    - determine (520) whether the V2V message is untrusted;
    - send (530) a message to a V2X security device (102) , the message comprising the V2V message, if the V2V message is determined to be untrusted.
  13. The first vehicle (111) according to claim 12, configured to:
    - receive (540) a notification alerting the first vehicle (111) that the second vehicle (112) is suspected to be an untrusted vehicle, wherein the notification is based on a determination in the V2X security device (102) that the second vehicle (111) is suspected to be an untrusted vehicle.
  14. The first vehicle (111) according to claim 12, wherein the message comprises a vehicle identifier, a timestamp for the V2V message and a message content of the V2V message with a digital signature of the second vehicle.
  15. The first vehicle (111) according to claim 12 or 14, wherein the message comprises a location for the second vehicle.
  16. The first vehicle (111) according to claim 12 or 14 or 15, wherein the V2V message is received over a PC5 interface.
  17. The first vehicle (111) according to any one of claims 12, 14, and 15, wherein the V2V message is received over Dedicated Short-Range Communications, DSRC.
  18. A V2X communication system (100) comprising a V2X security device (102) according to any one of claims 1-10, a Certificate Authority device (104) and a Broadcast/multicast device (106) , wherein:
    - the Certificate Authority device (104) is configured to:
    ο receive (620) a command from the V2X security device (102) and revoke (630) a certificate of V2V communication of the second vehicle;
    - the broadcast/multicast device (106) is configured to:
    ο receive (640) a command from the V2X security device (102) and broadcast (650) a notification to one or more vehicles.
  19. The V2X communication system (100) according to claim 18, being comprised in a 3GPP core network.
  20. A method (300) performed by a V2X security device (102) , and comprising:
    - obtaining (310) , from a first vehicle (111) , a message comprising a V2V message from a second vehicle (112) ;
    - verifying (328) a content of the message by checking whether the V2V message is sent by the second vehicle (122) ; and
    - modifying (332) a value associated with the second vehicle, if the V2V message is suspected to be untrusted by the V2X security device (102) , and determining (334) , based on the modified value associated with the second vehicle, whether to:
    ο send (336) a command to broadcast a notification alerting one or more vehicles that the second vehicle is untrusted; and/or
    ο send (340) a command to revoke a certificate of V2V communication for the second vehicle to a Certificate Authority device (104) .
  21. The method (300) according to claim 20, comprising:
    - determining (314) whether the V2V message is untrusted; and
    - ignoring (318) the message if the V2V message is determined to be trusted.
  22. The method (300) according to claim 20 or 21, comprising:
    - determining (320) whether the first vehicle (111) is an untrusted vehicle; and
    - discarding (324) the message from the first vehicle (111) , if the first vehicle (111) is determined to be an untrusted vehicle.
  23. The method (300) according to any one or claims 20-22, wherein the command to broadcast the notification is sent if the value is below a first threshold value.
  24. The method (300) according to any one of claims 20-23, wherein the command to revoke the certificate is sent if the value is below a second threshold value.
  25. The method (300) according to any one of claims 20-24, wherein the message is sent if the first vehicle (111) has determined that the V2V message is suspected to be untrusted.
  26. The method (300) according to any one of claims 20-25, wherein the message comprises a vehicle identifier, a timestamp for the V2V message and a message content of the V2V message with a digital signature of the second vehicle.
  27. The method (300) according to claim 20-26, wherein the message comprises a location for the second vehicle.
  28. The method (300) according to claim 26, wherein the verifying of the content of the message is one or more of:
    - validating that the digital signature is associated with the second vehicle (112) and that the vehicle identifier is also associated with the second vehicle (112) ; and/or
    - verifying the V2V message content with the timestamp by determining whether the timestamp corresponds to an event indicated in the V2V message.
  29. The method (300) according to any one of claim 27, wherein the verifying of the content of the message is:
    - verifying, by a location device (420) , whether the location for the second vehicle corresponds to a current location for the second vehicle.
  30. The method (300) according to any one of claims 20-29, wherein the broadcast command is sent to a Broadcast/multicast device (106) .
  31. A method (500) performed by a first vehicle (111) connected to a V2X security device (102) , and comprising:
    - receiving (510) a V2V message from a second vehicle (112) ;
    - determining (520) whether the V2V message is untrusted;
    - sending (530) a message to the V2X security device (102) , the message comprising the V2V message, if the V2V message is determined to be untrusted.
  32. The method (500) according to claim 31, comprising:
    - receiving (540) a notification alerting the first vehicle (111) that the second vehicle (112) is suspected to be an untrusted vehicle, wherein the notification is based on a determination in the V2X security device (102) that the second vehicle (112) is suspected to be an untrusted vehicle.
  33. The method (500) according to claim 31, wherein the message comprises a vehicle identifier, a timestamp for the V2V message and a message content of the V2V message with a digital signature of the second vehicle.
  34. The method (500) according to claim 31 or 33, wherein the message comprises a location for the second vehicle
  35. The method (500) according to claim 31 or 33 or 34, wherein the V2V message is received over a PC5 interface.
  36. The method (500) according to claim 31 or 33 or 34, wherein the V2V message is received over Dedicated Short-Range Communications, DSRC.
  37. A method (600) performed by a V2X communication system (100) comprising a V2X security device (102) according to any one of claims 20-30, a Certificate Authority device (104) and a Broadcast/multicast device (106) , and comprising:
    - the Certificate Authority device (104) receiving (620) a command from the V2X security device (102) and revoking (630) a certificate of V2V communication of the second vehicle (112) ; and
    - the broadcast/multicast device (106) receiving (640) a command from the V2X security device (102) and broadcasting (650) a notification to one or more vehicles.
  38. The method (600) according to claim 37, the V2X communication system (100) being comprised in a 3GPP core network.
  39. A computer program (1030) comprising instructions, which when executed by a V2X security device (102) , causes the V2X security device (102) to:
    - obtain, from a first vehicle (111) , a message comprising a V2V message from a second vehicle (112) ;
    - verify a content of the message by checking whether the V2V message is sent by the second vehicle (112) ; and
    - modify a value associated with the second vehicle (112) , if the V2V message is suspected to be untrusted by the V2X security device (102) , and determining, based on the modified value associated with the second vehicle (112) , whether to:
    ο send a command to broadcast a notification alerting one or more vehicles that the second vehicle is untrusted; and/or
    ο send a command to revoke a certificate of V2V communication for the second vehicle to a Certificate Authority device (104) .
  40. The computer program (1030) according to claim 39, which when executed on the V2X security device (102) , causes the V2X security device (102) to:
    - determine whether the V2V message is untrusted; and
    - ignore the message if the message is determined to be trusted.
  41. The computer program (1030) according to claim 39 or 40, which when executed on the V2X security device (102) , causes the V2X security device (102) to:
    - determine whether the first vehicle (111) is an untrusted vehicle; and
    - discard the message from the first vehicle (111) , if the first vehicle (111) is determined to be an untrusted vehicle.
  42. The computer program (1030) according to any one of claims 39-41, wherein the command to broadcast the notification is sent if the value is below a first threshold value.
  43. The computer program (1030) according to any one of claims 39-42, wherein the command to revoke the certificate is sent if the value is below a second threshold value.
  44. The computer program (1030) according to any one of claims 39-43, wherein the message is sent if the first vehicle (111) has determined that the V2V message is suspected to be untrusted.
  45. The computer program (1030) according to claim 39, wherein the message comprises a vehicle identifier, a timestamp for the V2V message and a message content of the V2V message with a digital signature of the second vehicle.
  46. The computer program (1030) according to claim 39 or 45, wherein the message comprises a location for the second vehicle.
  47. The computer program (1030) according to claim 45, wherein the verification of the content of the message is one or more of:
    - validate that the digital signature is associated with the second vehicle (112) and that the vehicle identifier is also associated with the second vehicle (112) ; and/or
    - verify the V2V message content with the timestamp by determining whether the timestamp corresponds to an event indicated in the V2V message.
  48. The computer program (1030) according to any one of claims 45-46, wherein the verification of the content of the message is:
    - verify, by a location device, whether the location for the second vehicle corresponds to a current location for the second vehicle.
  49. The computer program according to any one of claims 39-48, wherein the broadcast command is sent to a Broadcast/multicast device (106) .
  50. A computer program (1130) comprising instructions, which when executed by a first vehicle (111) , causes the first vehicle (111) to:
    - receive a V2V message from a second vehicle (112) ;
    - determine whether the V2V message is untrusted;
    - send a message to a V2X security device (102) , the message comprising the V2V message, if the V2V message is determined to be untrusted.
  51. The computer program (1130) comprising instructions, which when executed by the first vehicle (111) , causes the first vehicle (111) to:
    - receive a notification alerting the vehicle that the second vehicle (112) is suspected to be an untrusted vehicle, wherein the notification is based on a determination in the V2X security device (102) that the second vehicle (112) is suspected to be an untrusted vehicle.
  52. The computer program (1130) according to claim 50, wherein the message comprises a vehicle identifier, a timestamp for the V2V message and a message content of the V2V message with a digital signature of the second vehicle.
  53. The computer program (1130) according to claim 50 or 51, wherein the message comprises a location for the second vehicle.
  54. The computer program (1130) according to claim 50 or 51 or 52, wherein the V2V message is received over a PC5 interface.
  55. The computer program (1130) according to claim 50 or 51 or 52, wherein the V2V message is received over Dedicated Short-Range Communications, DSRC.
  56. A computer program (1030, 1226, 1236) comprising instructions, which when executed by a V2X communication system (100) , the V2X communication system (100) comprising a V2X security device (102) performing the instructions according to any  one of claims 39-49, a Certificate Authority device (104) and a broadcast/multicast device (106) , and the computer program (1030, 1226, 1236) causes:
    - the Certificate Authority device (104) to receive a command from the V2X security device (102) and revoke a certificate of V2V communication of the second vehicle (112) ; and
    - the broadcast/multicast device (106) to receive a command from the V2X security device (102) and broadcast a notification to one or more vehicles connected to the V2X security system (100) .
  57. The computer program (1030, 1226, 1236) according to claim 56, being comprised in a 3GPP core network.
  58. A computer readable storage medium (1020, 1224, 1234) comprising a computer program according to claim 39, 50 and/or 56.
PCT/CN2021/140155 2021-12-21 2021-12-21 V2x security device, first vehicle, a v2x communication system and methods Ceased WO2023115348A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/CN2021/140155 WO2023115348A1 (en) 2021-12-21 2021-12-21 V2x security device, first vehicle, a v2x communication system and methods

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2021/140155 WO2023115348A1 (en) 2021-12-21 2021-12-21 V2x security device, first vehicle, a v2x communication system and methods

Publications (1)

Publication Number Publication Date
WO2023115348A1 true WO2023115348A1 (en) 2023-06-29

Family

ID=79287922

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2021/140155 Ceased WO2023115348A1 (en) 2021-12-21 2021-12-21 V2x security device, first vehicle, a v2x communication system and methods

Country Status (1)

Country Link
WO (1) WO2023115348A1 (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2019052645A1 (en) 2017-09-14 2019-03-21 Telefonaktiebolaget Lm Ericsson (Publ) Technique for verifying a geographical position of a uav
WO2019112215A1 (en) * 2017-12-08 2019-06-13 한국정보인증주식회사 Misconduct determination system and misconduct determination method in v2x communication environment
US10757114B2 (en) 2015-09-17 2020-08-25 Harman International Industries, Incorporated Systems and methods for detection of malicious activity in vehicle data communication networks
US20200351616A1 (en) * 2019-05-03 2020-11-05 Blackberry Limited Method and system for vehicle location tracking using v2x communication

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10757114B2 (en) 2015-09-17 2020-08-25 Harman International Industries, Incorporated Systems and methods for detection of malicious activity in vehicle data communication networks
WO2019052645A1 (en) 2017-09-14 2019-03-21 Telefonaktiebolaget Lm Ericsson (Publ) Technique for verifying a geographical position of a uav
WO2019112215A1 (en) * 2017-12-08 2019-06-13 한국정보인증주식회사 Misconduct determination system and misconduct determination method in v2x communication environment
US20200351616A1 (en) * 2019-05-03 2020-11-05 Blackberry Limited Method and system for vehicle location tracking using v2x communication

Non-Patent Citations (5)

* Cited by examiner, † Cited by third party
Title
3GPP TR 38.885, 28 March 2019 (2019-03-28)
CARTER JASON M ET AL: "Analysis of Vehicle-Based Security Operations", June 2015 (2015-06-01), United States, XP055925570, Retrieved from the Internet <URL:https://www-esv.nhtsa.dot.gov/Proceedings/24/files/24ESV-000457.PDF> *
KAMEL JOSEPH ET AL: "Simulation Framework for Misbehavior Detection in Vehicular Networks", IEEE TRANSACTIONS ON VEHICULAR TECHNOLOGY, IEEE, USA, vol. 69, no. 6, 2 April 2020 (2020-04-02), pages 6631 - 6643, XP011794251, ISSN: 0018-9545, [retrieved on 20200617], DOI: 10.1109/TVT.2020.2984878 *
LIM KTULADHAR M KKIM H: "In: IEEE annual Consumer communications & Network Conference (CCNC), 16th Annual Conference", January 2019, IEEE, article "Detection location spoofing using ADAS sensors in VANETs"
SUO DAJIANG ET AL: "Real-time Trust-Building Schemes for Mitigating Malicious Behaviors in Connected and Automated Vehicles", 2019 IEEE INTELLIGENT TRANSPORTATION SYSTEMS CONFERENCE (ITSC), IEEE, 27 October 2019 (2019-10-27), pages 1142 - 1149, XP033668455, DOI: 10.1109/ITSC.2019.8917078 *

Similar Documents

Publication Publication Date Title
Hasan et al. Securing vehicle-to-everything (V2X) communication platforms
CN113785601B (en) Method and system for vehicle location tracking using V2X communication
Arshad et al. A survey of local/cooperative-based malicious information detection techniques in VANETs
Kargl et al. Secure vehicular communication systems: implementation, performance, and research challenges
KR20200141034A (en) Method and system for reducing V2X receiver processing load using network-based application layer message processing
Arshad et al. Beacon trust management system and fake data detection in vehicular ad‐hoc networks
CN110149611B (en) Identity verification method, equipment, system and computer readable medium
US12003966B2 (en) Local misbehavior prevention system for cooperative intelligent transportation systems
KR102217144B1 (en) Authorization of user equipment to mobile communication networks previously licensed by a reliable transportation authority
Joshi et al. A reliable and secure approach for efficient car-to-car communication in intelligent transportation systems
Bhargava et al. A Systematic Approach for Attack Analysis and Mitigation in V2V Networks.
US11613264B2 (en) Transmit-side misbehavior condition management
WO2023115348A1 (en) V2x security device, first vehicle, a v2x communication system and methods
US20220223033A1 (en) Method and System for Misbehavior Detection Report Management Routing
Kamel Misbehavior detection for cooperative intelligent transport systems (C-ITS)
WO2023232471A1 (en) Perception service test mode in intelligent transport systems
EP4301008A1 (en) Communications within an intelligent transport system to improve perception control
JP2024505423A (en) Local malfunction prevention system for cooperative intelligent transportation systems
EP4301009A1 (en) Improved communications within an intelligent transport system to detect misbehaving its stations
GB2614735A (en) Improved communication within an intelligent transport system
Haidar Validation platform for vehicle secure and highly trusted communications in the context of the cooperative ITS systems
WO2022154874A1 (en) Method and system for misbehavior detection report management routing
CN114025328A (en) Vehicle verification method, control functional entity and vehicle
Adams et al. Development of DSRC device and communication system performance measures recommendations for DSRC OBE performance and security requirements.
Kaiser White paper on misbehaviour detection and reporting to misbehaviour authority

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 21839815

Country of ref document: EP

Kind code of ref document: A1

DPE1 Request for preliminary examination filed after expiration of 19th month from priority date (pct application filed from 20040101)
NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 21839815

Country of ref document: EP

Kind code of ref document: A1