Securing the Car: How Intrusive Manufacturer-Supplier Approaches Can Reduce Cybersecurity Vulnerabilities (original) (raw)
Related papers
Understanding Common Automotive Security Issues and Their Implications
2018
With increased connectivity of safety-critical systems such as vehicles and industrial control systems, the importance of secure software rises in lock-step. Even systems that are traditionally considered to be non safety-critical can become safety-critical if they are willfully manipulated. In this paper, we identify 8 important security issues of automotive software based on a conceptually simple yet interesting example. The issues encompass problems from the design phase, including requirements engineering, to the choice of concrete parameters for an API. We then investigate how these issues are perceived by automotive security experts through a survey. The survey results indicate that the identified issues are indeed problematic in real industry use-cases. Based on the collected data, we draw conclusions which problems deserve further attention and how the problems can be addressed. In particular, we find that key distribution is a major issue. Finally, many of the identified is...
Combining Third Party Components Securely in Automotive Systems
Lecture Notes in Computer Science, 2016
Vehicle manufacturers routinely integrate third-party components and combining them securely into a larger system is a challenge, particularly when accurate specifications are not available. In this paper, we propose a methodology for users to introduce or strengthen security of these composed systems without requiring full knowledge of commercially sensitive sub-components. This methodology is supported by attack trees, which allow for systematic enumeration of black box components, the results of which are then incorporated into further design processes. We apply the methodology to a Bluetooth-enabled automotive infotainment unit, and find a legitimate Bluetooth feature that contributes to the insecurity of a system. Furthermore, we recommend a variety of follow-on processes to further strengthen the security of the system through the next iteration of design.
A Holistic Approach on Automotive Cybersecurity for Suppliers
VEHICULAR 2023, The Twelfth International Conference on Advances in Vehicular Systems, Technologies and Applications, 2023
Electronics are increasingly present in automobiles. This has led to a change and automotive parts suppliers are forced to integrate electronic components into their mechanical parts. As if this were not enough of a change, the transition to electronics brings with it other issues, such as cybersecurity. Vehicles are becoming increasingly technological and connected, and car manufacturers are already asking suppliers to ensure cybersecurity. For a traditional supplier, this is something new, and what they often ignore is that it affects not just the product, but the whole organization. Therefore, the purpose of this article is to shine a spotlight on cybersecurity and explain simply, but honestly, the new challenges they face. The automotive industry is a sector that has been able to reinvent itself throughout its history, and in these times of abrupt and accelerated change, it must do so again.
Cybersecurity and the auto industry: the growing challenges presented by connected cars
International Journal of Automotive Technology and Management, 2018
This document is the author's post-print version, incorporating any revisions agreed during the peer-review process. Some differences between the published version and this version may remain and you are advised to consult the published version if you wish to cite from it. Cybersecurity and the auto industry: the growing challenges presented by connected cars.
Experimental Security Analysis of a Modern Automobile
2010 IEEE Symposium on Security and Privacy, 2010
Modern automobiles are no longer mere mechanical devices; they are pervasively monitored and controlled by dozens of digital computers coordinated via internal vehicular networks. While this transformation has driven major advancements in efficiency and safety, it has also introduced a range of new potential risks. In this paper we experimentally evaluate these issues on a modern automobile and demonstrate the fragility of the underlying system structure. We demonstrate that an attacker who is able to infiltrate virtually any Electronic Control Unit (ECU) can leverage this ability to completely circumvent a broad array of safety-critical systems. Over a range of experiments, both in the lab and in road tests, we demonstrate the ability to adversarially control a wide range of automotive functions and completely ignore driver inputincluding disabling the brakes, selectively braking individual wheels on demand, stopping the engine, and so on. We find that it is possible to bypass rudimentary network security protections within the car, such as maliciously bridging between our car's two internal subnets. We also present composite attacks that leverage individual weaknesses, including an attack that embeds malicious code in a car's telematics unit and that will completely erase any evidence of its presence after a crash. Looking forward, we discuss the complex challenges in addressing these vulnerabilities while considering the existing automotive ecosystem.
Integration of Security in the Development Lifecycle of Dependable Automotive CPS
Advances in systems analysis, software engineering, and high performance computing book series, 2018
The security and safety of Cyber-Physical Systems (CPS) often influence each other. Ensuring that this does not have negative implications might require a large and rigorous effort during the development of CPS. However, early in the lifecycle, quick feedback can be valuable helping security and safety engineers to understand how seemingly trivial design choices in their domain may have unacceptable implications in the other. We propose the Cyber Risk Assessment Framework (CRAF) for this purpose. The CRAF is based on openly available and widely used taxonomies from the safety and security domains, and a unique mapping of where loss of data security may impact aspects of data with safety implications. This paper represents the first time these different elements have been brought together into a single framework with an associated process. Through examples from within our organisations we show how this framework can be put to good use.
Towards a Standardized Mapping from Automotive Security Levels to Security Mechanisms
2018 21st International Conference on Intelligent Transportation Systems (ITSC), 2018
Modern vehicles are becoming targets and need to be secured throughout their lifetime. There exist several risk assessment models which can be used to derive security levels that describe to what extent components, functions and messages (signals), need to be protected. These models provide methods to gather application specific security requirements based on identified threat and item combinations that need to be coped with. However, a standardized mapping between security levels and required mandatory security mechanisms and design rules is currently missing. We address this problem first by suggesting that the risk assessment process should result in five security levels, similar to the functional safety standard ISO 26262. Second, we identify suitable security mechanisms and design rules for automotive system design and associate them with appropriate security levels. Our proposed methodology is as much as possible aligned with ISO 26262 and we believe that it should therefore be realistic to deploy in existing organizations.
The Security Aspects of Automotive Over-the-Air Updates
International Journal of Cyber Warfare and Terrorism, 2020
Over-the-air (OTA) update is a method for vehicle manufacturers to remotely distribute maintenance updates, performance, and feature enhancements through the vehicle's lifespan. Recalls of vehicles cost the manufactures a lot of money. OTA solves the recall issue, while allowing consumers to pay for services and features via an update. The OTA ecosystem includes the coders who first developed the firmware, the 1st Tier suppliers, the vehicle manufacturers, and the vehicle itself. Currently, manufacturers designed the networks for speed and responsiveness, and not security. This article examines these elements and drills into the security available for each. The slowest and one of the most vulnerable parts of the system is the communications within the vehicle. The vehicle networks must ensure the integrity and authenticity of messages transmitted to guarantee software programmed onto ECUs are authorized and tamper-free. Specialist hardware within the vehicle makes this possible ...
A Secure-by-Design Framework for Automotive On-board Network Risk Analysis
2019 IEEE Vehicular Networking Conference (VNC), 2019
Vehicles have evolved from isolated and mechanical systems, into complex ecosystems of on-board networks composed of Electronic Control Units (ECUs), sensors and actuators, which govern their functionalities. These networks have been traditionally designed as trusted, closed systems, but modern needs have opened them to remote and local connections. Researchers have shown that modern vehicles are vulnerable to multiple types of attacks leveraging remote and physical access, which allow attackers to gain control and affect safety-critical systems. Therefore, the interest of manufacturers for embedding security into the design phase of new vehicles is rising. In this paper, we propose a semi-automated and topologybased risk analysis framework that helps in designing and assessing the security of automotive on-board networks. The tool receives the network topology as an input and evaluates its security using state-of-the-art risk metrics. Then, it provides the analyst with security-hardened network topologies, as a countermeasure against the most dangerous attacks. We evaluate our approach on known topologies and demonstrate its effectiveness.