International test of interoperability in V2X communication

Last week, April 23. – 26., our company successfully participated in the event Intercor PKI Testfest (http://intercor-project.eu/second-testfest-european-project-intercor-proves-cross-border-interoperability/ ), which took place in the city of Reims, France. The goal of this event was to assess an international interoperability of communication and services provided via V2X (C2X), mainly in terms of security and PKI (public key infrastructure). We already have such services integrated into SW of  our communication units UCU 5.0. This Testfest was the first public evaluation in Europe of vehicle cooperation using security. Teams from eleven countries (in total 19 companies including Renalt, Peugeot, RWS/Swarco, Cohda, Siemens and more) participated in this event and they used 22 On-board units and 12 Road-side units.   The participants were mainly companies from the Intercor project, but other teams could join as well (e.g., our company).

What are the reasons to test secured communication? Some of the reasons are given in the article “Priority of emergency vehicles on intersection using V2X“. As is written in the article, the emergency vehicles are given an absolute priority on an intersection and the communication is based on V2X. What could happen, if the communication was not secured? A person or a company, which could send messages according to the international ETSI standards, could misuse his or hers abilities to gain the advantage of getting priority on the intersection. Our units deployed in this field test use security certificates, therefore such a misuse is not possible. So the goal of our participation in Testfest was to verify that the priciples used by our company are internationally interoperable.

The interoperability test during Testfest consisted of a ride on a defined, 23 kilometer long circuit around Reims, which lead on a highway and urban roads.  There were 4 RSU, operated by the french road operator SANEF. These units were periodically sending DENM messages, warning a driver about some events on the road (for instance, roadworks, slow vehicle or strong wind). Messages were also sent by SANEF vehicles (human on the road, stationary vehicle). In total, there were 9 events on the circuit.

The event was divided into 6 scenarios, which were tested one after another. The last scenario was released only the evening before the ride, so the participants had only a short time to get ready for it. Each scenario tested a certain aspect of certificate exchange and message verification.

A working security, that is, authorization and authentization, is an essential part of the V2X technology. Only a message, which is trusted, is relevant for a driver. Thus, every message send by a RSU or a vehicle, is digitally signed. The digital signature, except for the authenticity, guarantees that the message was not tampered wih (changed the content, resent etc.). Along with the message there is also sent a certificate, which specifies the rights the given station has (what the station can reliably and trustworthy send).

The certificate is signed by a trustworthy authority (typically state authority). In order for otehr stations to verify that the authority is trustworthy, a Certificate Trust List (CTL or TSL – Trusted-service status list) is issued by the root authority of the vehicle.  If the authority, which signed the certificate, is in the CTL, the sender is trusted.

However, using only TSL is not enough. During the operation of a station some authority or a particular station could have been considered untrusted. All stations have to be informed about this. That is why a Certificate Revocation List (CRL) is issued. This list is issued by a root authority of the unit and the unit keeps this list up-to-date. If a sender of the message or an authority which issued the certificate for the message is on this list, the is considered as not trused and therefore discarded.

It was the use of CTL and CRL which was the main objective of the second Testfest with the name Intercor PKI Testfest.  The goal was to verify that stations from different vendors and countries, using different authorization certificates, can exchange messages and verify that the messages are trusted. There were several authorities in the TSL, such as certificates of the French project Scoop, dutch authorities, belgian, as well as the authorites of the Car-to-Car consortium or C-ITS corridor.

Now we describe the tests, which were condicted:

1. A test of interoperability of the secured communication. The vehicle had a TSL which contained all used trusted authorities used by the participants. No certificate was considered revoked (CRL was empty). This test verified that the participants use the V2X standards correctly that they can verify that they are mutually trustworthy.
2. A test of revocation of the French authorization authority by putting its certificate to the CRL. In this scenario all messages, sent by French vehicles and RSUs were considered as not trusted and therefore discardid. Messages from other senders, on the other hand, were valid and successfully verified.
3. A test of CRL expiration - if the CRL expires, then all stations should be considered non-trusted, since it is not sure, is the sending station was not revoked. As a result, no message passed the security verification.
4. A test with an unknown authorization authority - if a certificate of some authorization authority is not in the TSL, then this authorization authority should not be trusted and in turn, no certificates issued by this authority either. In this scenario no french message was trusted, since the french authorization authority was not in TSL. Messages by other PKI were trusted.
5. A test  of updating the CRL after expiration. The expired CRL from scenario 3 was updated, uch that the setup is the same as scenario 1.
6. A test of combination of all cases above.  The CRL expires in the middle of the ride, the belgian authority in is CRL, Siemens’s stations are in not in TSL. After the CRL expired, is should be updated on-fly. This scenario was announced the evening before it was tested, so the participants had to prepare for it in short time.

Complete results and analysis of Testfest are being processed. We are looking forward to see how other stations accepted our messages. So far it seems that we had some problems with the timestamp of the messages. However, our stations interpreted the messages of other stations correcly.

Our team succeeded in all 6 scenarios, as one of only three teams.  We value this as an international success. As was written in the introduction of this article, we pay great attention to security issued of V2X, which was also confirmed by this Intercor Testfest. And since soon we will deploy V2X for public transport priority and other use-cases in public transport, it was necessary to verify internationally how we implemented security in V2X.

In the conclusion we would like the thank the organizers for preparing such a great event which gave us an important feedback.