Security

NeoGLS has solutions to meet the security needs for each component used in our V2X solutions.

Securing V2X communications

Networked vehicle communication

Our RSUs and OBUs natively support all the functionalities linked to PKI (Public Key Infrastructure) as defined by the ETSI TS 102941 and ETSI TS 103 097 standards.

This support includes basic functions, such as obtaining certificates from a PKI, signing sent messages, and verifying received messages. Other functions for specific use cases are included, such as message encryption for peer-to-peer communications.

Private key storage and signature and encryption operations rely on the dedicated security module (HSM). This one is included in the RSU and OBU, which prevents the theft of these private keys, even in the event of physical access to the box.

Securing exchanges

Server

Several types of communication are required between the server infrastructure and field equipment. This is the case for downloading configuration files, remote update operations, and uploading logs.

Securing these exchanges is important. Primarily to prevent equipment from being compromised by a malicious configuration or update, but also to ensure data confidentiality.

The exchanges made are therefore secured with mechanisms that vary depending on the context. This includes the signing of data by the server using a private key (the corresponding public key of which is placed in the equipment upon installation), but also the use of SSH, always using private keys.

Equipment integrity

Security is based on the fact that the equipment software cannot be modified, even through physical access.

To achieve this, the first level of security consists of using a secure boot loader, known as “secure boot“. This is available on our equipment. This boot mechanism is supplemented by NeoGLS signing the entire file system. Verification is performed in real time using the dm-verity mechanism.

Finally, since normal operation requires that certain parts of the storage can be modified, these parts are fully encrypted using keys known only to the equipment.

This mechanism ensures integrity, even in the event of physical access and disassembly of memory chips. This will allow us to access L1 and L2 PKI.

Exchange between servers

Padlock

Security is systematically taken into account during exchanges between servers: this involves the use of closed networks (or VPN), or the implementation of specific security measures (SSL, HTTPS, etc.), adapted to each situation.

Additionally, we follow best practices not specific to V2X, such as hashing passwords or using complex passwords or keys for SSH connections.

Scroll to Top