How to Secure the Connected Car

Dennis Nilsson

How to Secure the Connected Car
Doctoral thesis, 2009

In recent years, information technology has entered the automobile domain. Most of the functionality in a car is now controlled by electronics and software. There is a trend among automobile manufacturers to perform administrative procedures such as diagnostics and firmware updates over a wireless communication channel and to provide various services that allow hand-held devices such as cell phones and PDAs to interact with the vehicle. Thus emerges the notion of the connected car. As external wireless communication is allowed to interact with the vehicle, a number of security risks are introduced. Achieving proper authentication and secure communication thus becomes a critical issue. The vehicle domain has traditionally only dealt with safety concerns; however, the security risks create a need to consider an intelligent attacker and appropriate security solutions in this domain. This thesis focuses on how to secure the connected car. A defense-in-depth perspective is employed to do this by means of different approaches. Various measures for prevention including authentication and integrity principles for vehicle-to-infrastructure and device-to-vehicle communication are applied. In addition, measures for prevention, detection and deflection of attacks targeting the in-vehicle network are developed. After an attack has occurred, forensics is performed to reconstruct the event and aid in locating the cyber criminals responsible. Achieving a proper level of security in the car is a challenge, given the environment, the usage scenarios and the safety concerns. Thus, while security solutions must be adapted to support the specific characteristics of the connected car, applying only one security solution for a safety-critical system such as a car may not be sufficient. Several protection mechanisms based on different approaches should be incorporated to secure the connected car and to ensure the safety of its driver and passengers.

in-vehicle networks

firmware updates

attacks

connected car

defense-in-depth

Security

diagnostics

wireless

Author

Dennis Nilsson

Chalmers, Computer Science and Engineering (Chalmers), Computer Engineering (Chalmers)

Other publications Research

Categorizing

Subject Categories (SSIF 2011)

Computer Engineering

Identifiers

ISBN

978-91-7385-245-6

Other

Series

Doktorsavhandlingar vid Chalmers tekniska högskola. Ny serie: 2926

Technical report D - Department of Computer Science and Engineering, Chalmers University of Technology and Göteborg University: 60D

Public defence

2009-05-15 15:15

HC2

Opponent: Professor Dieter Gollmann, Technische Universität Hamburg-Harburg, Germany

More information

Created

10/6/2017

How to Secure the Connected Car
Doctoral thesis, 2009

Author

Dennis Nilsson

Included papers

Combining Physical and Digital Evidence in Vehicle Environments

Simulated Attacks on CAN Buses: Vehicle virus

Vehicle ECU Classification Based on Safety-Security Characteristics

An Approach to Specification-based Attack Detection for In-Vehicle Networks

A First Simulation of Attacks in the Automotive Network Communications Protocol FlexRay

A Defense-in-Depth Approach to Securing the Wireless Vehicle Infrastructure

Conducting Forensic Investigations of Cyber Attacks on Automobile In-Vehicle Networks

Efficient In-Vehicle Delayed Data Authentication Based on Compound Message Authentication Codes

How to Secure Bluetooth-based Pico Networks

Auxiliary Channel Diffie-Hellman Encrypted Key-Exchange Authentication

Creating a Secure Infrastructure for Wireless Diagnostics and Software Updates in Vehicles

Low-Cost Key Management for Hierarchical Wireless Vehicle Networks

Unidirectional Auxiliary Channel Challenge-Response Authentication

An Approach to using Honeypots in In-Vehicle Networks

Secure Firmware Updates over the Air in Intelligent Vehicles

A Framework for Self-Verification of Firmware Updates over the Air in Vehicle ECUs

Categorizing

Subject Categories (SSIF 2011)

Identifiers

ISBN

Other

Series

Public defence

More information

Created

How to Secure the Connected Car Doctoral thesis, 2009

Author

Dennis Nilsson

Included papers

Combining Physical and Digital Evidence in Vehicle Environments

Simulated Attacks on CAN Buses: Vehicle virus

Vehicle ECU Classification Based on Safety-Security Characteristics

An Approach to Specification-based Attack Detection for In-Vehicle Networks

A First Simulation of Attacks in the Automotive Network Communications Protocol FlexRay

A Defense-in-Depth Approach to Securing the Wireless Vehicle Infrastructure

Conducting Forensic Investigations of Cyber Attacks on Automobile In-Vehicle Networks

Efficient In-Vehicle Delayed Data Authentication Based on Compound Message Authentication Codes

How to Secure Bluetooth-based Pico Networks

Auxiliary Channel Diffie-Hellman Encrypted Key-Exchange Authentication

Creating a Secure Infrastructure for Wireless Diagnostics and Software Updates in Vehicles

Low-Cost Key Management for Hierarchical Wireless Vehicle Networks

Unidirectional Auxiliary Channel Challenge-Response Authentication

An Approach to using Honeypots in In-Vehicle Networks

Secure Firmware Updates over the Air in Intelligent Vehicles

A Framework for Self-Verification of Firmware Updates over the Air in Vehicle ECUs

Categorizing

Subject Categories (SSIF 2011)

Identifiers

ISBN

Other

Series

Public defence

More information

Created

How to Secure the Connected Car
Doctoral thesis, 2009