The Need for Security in Distributed Automotive Systems

Stefan Seifert, Markus Kucera, Thomas Waas

2013

Abstract

The papers main focus is on security in the automotive domain. It gives an overview about the current state of the art in this area. There is a trend to open today’s vehicle architecture to technology known from the consumer segment (e.g. All IP Car). This is mainly motivated by cost reduction, reduced cabling effort and innovative functionality (e.g. car to car communication, intelligent navigation systems). By opening the ar-chitecture in such a way cars are getting more external interfaces which make them more accessible from the outside. Hence, an attacker does not need direct physical access to attack the car anymore but rather can use one of its wireless external interfaces. Using technology from the consumer segment does not only make the software and hardware development easier due to reusability but also makes the car an easier target. Therefore, additional research is needed to harden the automotive and make it more resistant.

References

  1. Audi, “Selbststudienprogramm 459: Audi A87810 Bordnetz und Vernetzung,” 2009.
  2. BMW Group, Der neue BMW 7er: Entwicklung und Technik, 1st ed. Wiesbaden: Vieweg + Teubner, 2009.
  3. J. Dittmann, T. Hoppe, S. Kiltz, and S. Tuchscheerer, Elektronische Manipulation von Fahrzeug- und Infrastruktursystemen: Gefährdungspotential für die Straßenverkehrssicherheit. Bremerhaven: Wirtschaftsverl. NW, Verl. für Neue Wiss, 2011.
  4. S. Tuchscheerer, T. Hoppe, H. Adamczyk, M. Pukall, and J. Dittmann, “Herausforderungen an die Absicherung von IT Systemen in der Entwicklung, Betrieb und Wartung von Fahrzeugen,” in Forschung und Innovation: 10. Magdeburger Maschinenbau-Tage ; 27. - 29. September 2011, Magdeburg: Univ, 2011.
  5. T. Hoppe and J. Dittmann, “Sniffing/replay attacks on CAN buses: A simulated attack on the electric window lift classified using an adapted CERT taxonomy,” (eng), 2nd Workshop on Embedded Systems Security (WESS' 2007), 2007.
  6. T. Hoppe, S. Kiltz, and J. Dittmann, “Automotive ITsecurity as a challenge: Basic attacks from the black box perspective on the example of privacy threats,” in Lecture notes in computer science; vol. 5775, Computer safety, reliability, and security, Berlin [u.a.]: Springer, 2009, pp. 145-158.
  7. T. Hoppe, S. Kiltz, and J. Dittmann, “Security threats to automotive CAN networks: practical examples and selected short-term countermeasures,” (eng), Reliability engineering & system safety, vol. 96, no. 1, pp. 11-25, Tobias Hoppe and Jana Dittmann, “Vortäuschen von Komponentenfunktionalität im Automobil: Safetyund Komfort-Implikationen durch SecurityVerletzungen am Beispiel des Airbags,” in Sicherheit, 2008, pp. 341-353.
  8. K. Koscher, A. Czeskis, F. Roesner, S. Patel, T. Kohno, S. Checkoway, D. McCoy, B. Kantor, D. Anderson, H. Shacham, and S. Savage, “Experimental Security Analysis of a Modern Automobile,” in Security and Privacy (SP), 2010 IEEE Symposium on, 2010, pp. 447-462.
  9. S. Checkoway, D. McCoy, B. Kantor, D. Anderson, H. Shacham, S. Savage, K. Koscher, A. Czeskis, F. Roesner, and T. Kohno, “Comprehensive experimental analyses of automotive attack surfaces,” in Proceedings of the 20th USENIX conference on Security, Berkeley, CA, 2011, pp. 6-6.
  10. J. Hubaux, S. Capkun, and Jun Luo, “The security and privacy of smart vehicles,” IEEE Secur. Privacy Mag, vol. 2, no. 3, pp. 49-55.
  11. U. E. Larson and D. K. Nilsson, “Securing vehicles against cyber attacks,” in Proceedings of the 4th annual workshop on Cyber security and information intelligence research, New York, NY, USA: ACM, 2008.
  12. S. Pathak and U. Shrawankar, “Secured Communication in Real Time VANET,” in Emerging Trends in Engineering and Technology (ICETET), 2009 2nd International Conference on, 2009, pp. 1151-1155.
  13. D. Eckhoff, C. Sommer, T. Gansen, R. German, and F. Dressler, “Strong and affordable location privacy in VANETs: Identity diffusion using time-slots and swapping,” pp. 174-181.
  14. C. Lin and R. Shakya, “VANET worm spreading from traffic modeling,” in Radio and Wireless Symposium (RWS), 2010 IEEE, 2010, pp. 669-672.
  15. N. T. Courtois, G. V. Bard, and D. Wagner, “Algebraic and Slide Attacks on KeeLoq,” pp. 97-115.
  16. S. Indesteege, N. Keller, O. Dunkelman, E. Biham, and B. Preneel, “A Practical Attack on Keeloq,” IN EUROCRYPT, pp. 1-18, http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10. 1.1.190.7835, 2008.
  17. C. Paar, T. Eisenbarth, M. Kasper, T. Kasper, and A. Moradi, “KeeLoq and Side-Channel AnalysisEvolution of an Attack,” pp. 65-69.
  18. A. Francillon, B. Danev, and S. Capkun, “Relay Attacks on Passive Keyless Entry and Start Systems in Modern Cars,” IACR Cryptology ePrint Archive, vol. 2010, p. 332.
  19. A. Barisani and D. Bianco, “Hijacking RDS-TMC Traffic Information signals,” BlackHat, Las Vegas USA, 1-2 Agust 2007, http://www.phrack.org/ issues.html?issue=64&id=5#article, 2007.
  20. I. Rouf, R. Miller, H. Mustafa, T. Taylor, S. Oh, W. Xu, M. Gruteser, W. Trappe, and I. Seskar, “Security and Privacy Vulnerabilities of In-Car Wireless Networks: A Tire Pressure Monitoring System Case Study,” in Proceedings of the 19th USENIX Security Symposium, 2010.
  21. Airbiquity Inc, “Whitepaper: aqLink® Overview,” http://www.m2mpremier.com/uploadFiles/aqLink_Ov erview.pdf, 2007.
  22. A. Don Bailey, War texting: Weaponizing Machine 2 Machine. Available: http://www.isecpartners.com/storage/docs/presentation s/isec_bh2011_war_texting.pdf (2011, Nov. 28).
  23. D. Lavrinc, Nissan's Steer-by-Wire System Brings Us Closer to Autonomous Cars | Autopia | Wired.com. Available: http://www.wired.com/autopia/2012/10/nissan-steerby-wire/ (2012, Nov. 02).
  24. M. Glass, D. Herrscher, H. Meier, M. Piastowski, and P. Schoo, „SEIS“ - SICHERHEIT IN EINGEBETTETEN IP- BASIERTEN SYSTEMEN. ATZ elektronic, 2010.
  25. Continental, With Continental the Apps Conquer the Road. Available: http://www.contionline.com/generator/www/com/en/continental/pressp ortal/themes/press_releases/3_automotive_group/interi or/press_releases/pr_2010_02_23_cebit2010_autolinq _en.html (2012, Feb. 07).
  26. The Telegraph, Relaunched Audi A2 to include 'app' style customisations. Available: http://www.telegraph.co.uk/motoring/carmanufacturers/audi/7788442/Relaunched-Audi-A2-toinclude-app-style-customisations.html (2012, Feb. 07).
  27. Continental Automotive, AutoLinQ™. Available: http://www.autolinq.de/en/ (2012, Feb. 07).
  28. MeeGo, In-Vehicle. Available: https://meego.com/ devices/in-vehicle (2012, Feb. 07).
  29. F. Schaub, B. Könings, and M. Weber, “Learning from Android,” in Automotive security: 27. VDI/VWGemeinschaftstagung, Berlin, 11. und 12. Oktober 2011, Düsseldorf: VDI-Verl, 2011.
  30. N. Asaj, A. Held, and S. Schlott, “"Apps" im Fahrzeug - Ansätze und deren Sicherheits- und PrivacyImplikationen,” in Automotive security: 27. VDI/VWGemeinschaftstagung, Berlin, 11. und 12. Oktober 2011, Düsseldorf: VDI-Verl, 2011.
  31. J. Frank and P. Spindler, “Security vs. Safety,” in Automotive security: 27. VDI/VW-Gemeinschaftstagung, Berlin, 11. und 12. Oktober 2011, Düsseldorf: VDIVerl, 2011.
  32. K. Scheibert and B. Steurich, “Sichere Mikroprozessorarchitekturen: Lösungsansätze aus der Halbleiterindustrie,” in Automotive security: 27. VDI/VW-Gemeinschaftstagung, Berlin, 11. und 12. Oktober 2011, Düsseldorf: VDI-Verl, 2011.
  33. SEIS - Sicherheit in Eingebetteten IP-basierten Systemen - eNOVA - Strategiekreis Elektromobilität. Available: http://strategiekreiselektromobilitaet.de/public/projekte/seis (2012, Nov. 03).
  34. R. Dr. bless, C. Haas, and C. Werle, Eine sichere IPv6- basierte Architektur für Fahrzeugkommunikation. Available: http://strategiekreis-elektromobilitaet.de/ public/projekte/seis/das-sichere-ip-basiertefahrzeugbordnetz/pdfs/TP4_Vortrag1.pdf (2012, Nov. 03).
  35. Martin Georgiev, Subodh Iyengar, Suman Jana, Rishita Anubhai, Dan Boneh, and Vitaly Shmatikov, “The most dangerous code in the world: validating SSL certificates in non-browser software,” in ACM Conference on Computer and Communications Security, 2012, pp. 38-49.
Download


Paper Citation


in Harvard Style

Seifert S., Kucera M. and Waas T. (2013). The Need for Security in Distributed Automotive Systems . In Proceedings of the 3rd International Conference on Pervasive Embedded Computing and Communication Systems - Volume 1: PECCS, ISBN 978-989-8565-43-3, pages 104-110. DOI: 10.5220/0004341001040110


in Bibtex Style

@conference{peccs13,
author={Stefan Seifert and Markus Kucera and Thomas Waas},
title={The Need for Security in Distributed Automotive Systems},
booktitle={Proceedings of the 3rd International Conference on Pervasive Embedded Computing and Communication Systems - Volume 1: PECCS,},
year={2013},
pages={104-110},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0004341001040110},
isbn={978-989-8565-43-3},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 3rd International Conference on Pervasive Embedded Computing and Communication Systems - Volume 1: PECCS,
TI - The Need for Security in Distributed Automotive Systems
SN - 978-989-8565-43-3
AU - Seifert S.
AU - Kucera M.
AU - Waas T.
PY - 2013
SP - 104
EP - 110
DO - 10.5220/0004341001040110