Security and privacy in automotive on-board networks

Abstract : Electronic equipment has become an integral part of a vehicle's network architecture, which consists of multiple buses and microcontrollers called Electronic Control Units (ECUs). These ECUs recently also connect to the outside world. Navigation and entertainment system, consumer devices, and Car2X functions are examples for this. Recent security analyses have shown severe vulnerabilities of exposed ECUs and protocols, which may make it possible for attackers to gain control over a vehicle. Given that car safety-critical systems can no longer be fully isolated from such third party devices and infotainment services, we propose a new approach to securing vehicular on-board systems that combines mechanisms at different layers of the communication stack and of the execution platforms. We describe our secure communication protocols, which are designed to provide strong cryptographic assurances together with an efficient implementation fitting the prevalent vehicular communication paradigms. They rely on hardware security modules providing secure storage and acting as root of trust. A distributed data flow tracking based approach is employed for checking code execution against a security policy describing authorized communication patterns. Binary instrumentation is used to track data flows throughout execution (taint engine) and also between control units (middleware), thus making it applicable to industrial applications. We evaluate the feasibility of our mechanisms to secure communication on the CAN bus, which is ubiquitously implemented in cars today. A proof of concept demonstrator also shows the feasibility of integrating security features into real vehicles.
Keywords : On-board security
Complete list of metadatas

Cited literature [138 references]  Display  Hide  Download

https://pastel.archives-ouvertes.fr/tel-01157229
Contributor : Abes Star <>
Submitted on : Wednesday, May 27, 2015 - 5:52:06 PM
Last modification on : Thursday, October 17, 2019 - 12:36:09 PM
Long-term archiving on : Tuesday, September 15, 2015 - 7:07:26 AM

File

TheseSchweppeV2.pdf
Version validated by the jury (STAR)

Identifiers

  • HAL Id : tel-01157229, version 1

Citation

Hendrik Schweppe. Security and privacy in automotive on-board networks. Networking and Internet Architecture [cs.NI]. Télécom ParisTech, 2012. English. ⟨NNT : 2012ENST0062⟩. ⟨tel-01157229⟩

Share

Metrics

Record views

2521

Files downloads

4143