Towards a Standardised Framework for Securing Connected Vehicles
Licentiate thesis, 2019

Vehicular security was long limited to physical security - to prevent theft. However, the trend of adding more comfort functions and delegating advanced driving tasks back to the vehicle increased the magnitude of attacks, making cybersecurity inevitable. Attackers only need to find one vulnerability in the myriad of electronic control units (ECUs) and communication technologies used in a vehicle to compromise its functions. Vehicles might also be attacked by the owners, who want to modify or even disable certain vehicle functions.
Many different parties are involved in the development of such a complex system as the functions are distributed over more than 100 ECUs, making it difficult to get an overall picture of the achieved security. Therefore, moving towards a standardised security framework tailored for the automotive domain is necessary.
In this thesis we study various safety and security standards and proposed frameworks from different industrial domains with respect to their way of classifying demands in the form of levels and their methods to derive requirements. In our proposed framework, we suggest security levels appropriate for automotive systems and continue with a mapping between these security levels and identified security mechanisms and design rules to provide basic security. We further study in detail a mechanism which provides freshness to authenticated messages, namely AUTOSAR SecOC Profile 3, and present a novel extension that offers a faster synchronisation between ECUs and reduces the number of required messages for synchronisation.

Security Classification

Vehicular Security

In-Vehicle Network

Freshness

EE, EDIT building, Rännvägen 6B, Chalmers University of Technology
Opponent: Panos Papadimitratos, KTH Royal Institute of Technology, Sweden

Author

Thomas Rosenstatter

Chalmers, Computer Science and Engineering (Chalmers), Networks and Systems (Chalmers)

Open Problems when Mapping Automotive Security Levels to System Requirements

Proceedings of the 4th International Conference on Vehicle Technology and Intelligent Transport Systems ,; Vol. 1(2018)p. 251-260

Paper in proceedings

Towards a Standardized Mapping from Automotive Security Levels to Security Mechanisms

IEEE Conference on Intelligent Transportation Systems, Proceedings, ITSC,; (2018)p. 1501-1507

Paper in proceedings

T. Rosenstatter, C. Sandberg, and T. Olovsson, Extending AUTOSAR's Counter-based Solution for Freshness of Authenticated Messages in Vehicles

Holistiskt angreppssätt att förbättra datasäkerhet (HoliSec)

VINNOVA, 2016-04-01 -- 2019-03-31.

Areas of Advance

Information and Communication Technology

Transport

Subject Categories

Electrical Engineering, Electronic Engineering, Information Engineering

Embedded Systems

Other Electrical Engineering, Electronic Engineering, Information Engineering

Technical report L - Department of Computer Science and Engineering, Chalmers University of Technology and Göteborg University: 198

Publisher

Chalmers University of Technology

EE, EDIT building, Rännvägen 6B, Chalmers University of Technology

Opponent: Panos Papadimitratos, KTH Royal Institute of Technology, Sweden

More information

Latest update

9/2/2019 7