On Securing Vehicular Communications: Methods and Recommendations for Secure In-vehicle and Car2X Communications

Licentiate thesis, 2017

Today's vehicles contain approximately more than 100 interconnected computers (ECUs), several of which will be connected to the Internet or external devices and networks around the vehicle. In the near future vehicles will extensively communicate with their environment via Vehicle to Vehicle and Vehicle to Infrastructure (together called V2X) communications. Such level of connectivity enables car manufacturers to implement new entertainment systems and to provide safety features to decrease the number of road accidents. Moreover, authorities can deploy the traffic information provided by vehicular communications to improve the traffic management. Despite the great benefits that comes with vehicular communications, there are also risks associated with exposing a safety-critical integrated system to external networks. It has already been proved that vehicles can be remotely hacked and the safety critical functions such as braking system and steering wheel can be compromised to endanger the safety of passengers. This puts high demands on IT security and car manufacturers to secure vehicular communications. In this thesis, we propose methods and recommendations for improving the security of internal and external vehicular communications. The thesis is divided into two parts. In the first part, we identify weaknesses or deficiencies in the design of the ETSI V2X security standard and propose changes to fix the identified weaknesses or deficiencies. The second part of the thesis focuses on the security of the internal vehicular communications. First, in order to facilitate the implementation of security measures in in-vehicle networks, we propose an automated approach for grouping in-vehicle ECUs into domains based on different criteria. Then, we compare such an automatically generated in-vehicle network architecture with a reference architecture model to show that our approach is able to identify meaningful domains with better quality with respect to communication, safety and security. Finally, we seek to evaluate the applicability of existing CAN bus authentication solutions to a vehicular context. To this end, and in cooperation with industry, we have identified five critical requirements for an authentication solution to be used in such a context. We found that no authentication solution fulfilled all the requirements, something that indicates that the CAN bus may not be suitable for secure vehicular applications.