An In-Depth Analysis of the Security of the Connected Repair Shop
Paper i proceeding, 2012

In this paper, we present a security analysis of delivering diagnostics services to the connected car in future connected repair shops. The repair shop will mainly provide two services; vehicle diagnostics and software download. We analyse the security within the repair shop by applying a reduced version of the threat, vulnerability, and risk analysis (TVRA) method defined by ETSI. First, a system description of the repair shop is given. Security objectives and assets are then identified, followed by the threat and vulnerability analysis. Possible countermeasures are derived and we outline and discuss one possible approach for addressing the security in the repair shop. We find that many of the identified vulnerabilities can directly be mitigated by countermeasures and, to our surprise, we find that the handling of authentication keys is critical and may affect vehicles outside the repair shop as well. Furthermore, we conclude that the TVRA method was not easy to follow, but still useful in this analysis. Finally, we suggest that repair shop security should mainly be addressed at the link layer. Such an approach may integrate network authentication mechanisms during address allocation and also support encryption of data for all upper layer protocols with minimal modifications.

security analysis

vehicle diagnostics

connected car.

Författare

Pierre Kleberger

Chalmers, Data- och informationsteknik, Nätverk och system

Tomas Olovsson

Chalmers, Data- och informationsteknik, Nätverk och system

Erland Jonsson

Chalmers, Data- och informationsteknik, Nätverk och system

The Seventh International Conference on Systems and Networks Communications (ICSNC), Proceedings. Lisbon, 18-23 November, 2012. IARIA.

99-107

Styrkeområden

Transport

Ämneskategorier

Data- och informationsvetenskap

ISBN

978-1-61208-231-8

Mer information

Skapat

2017-10-07