In English

Security analysis of SITS - An information system in the goods transport business

JONAS ANGHOLT ; Mikael Wackerberg
Göteborg : Chalmers tekniska högskola, 2015. 40 s.
[Examensarbete på avancerad nivå]

The goods transport business involves a lot of money and is a big part of the infrastructure of any European country. There are often many different actors involved in each transportation and the communication network is rather complex due to the point-to-point communication structure. It is easy to understand why there is a high demand for increased simplicity and effectiveness. With that in mind, the e-Freight project which is based on PEPPOL has moved towards a standardized solution by developing a communication system based on access points (APs). These APs acts as the interface to the system which makes it easy to establish communication between any two connected actors.

With PEPPOL and e-Freight as a foundation, VOLVO leads the SITS project in close cooperation with Stena Line and DSV. The goal is to develop a harmonized communication framework that promotes increased sharing of information between actors and enable new applications to increase effectiveness and security in the chain of transportation. This leads to simplified accessibility for actors to a set of services by being connected to an AP. At the same time service providers benefits from being able to easily set up cloud services available for all actors. In addition to the back-office communication between APs, external devices such as cellphones, in-vehicle computers and check-in terminals can communicate directly with each other over short distances. This type of communication is only partially specified and a mutual standard is yet to be decided upon.

In this thesis we have analyzed the SITS project from an IT-security perspective. The back-end system derived from e-Freight is looked into and communication links, access points, protocols, certificate handling etc., are examined. Another concern in the SITS project is the short-range communication between trucks and terminals. Since RFID is a highly potential candidate for use in this area, we have studied the technology by categorizing typical RFID system into three distinct layers and researched important security threats with the classic CIA approach. Based on the security issues found, countermeasures such as encryption, authentication and protection against man-in-the-middle attacks are reviewed.

Nyckelord: PEPPOL, BusDox, e-Freight, SITS, RFID, security, confidentiality, integrity, availability, encryption, authentication, man-in-the-middle, certificate

Publikationen registrerades 2015-02-26.

CPL ID: 213181

Detta är en tjänst från Chalmers bibliotek