A Structured Approach to Securing the Connected Car
Licentiatavhandling, 2012

Vehicles of today have become increasingly dependent on software to handle their functionalities. Updating and maintaining the software in vehicles has therefore become a costly process for the automotive industry. By introducing wireless communications to vehicles, vehicular maintenance can greatly be improved and many other new applications can also be brought to the vehicles. However, the vehicle was not designed with security in mind. Since the vehicle is safety-critical, it is vital that such new remote services do not violate the safety and security requirements of the vehicle. Thus, this thesis presents a general approach to securing the connected car and the usefulness of the approach is demonstrated in a vehicular diagnostics scenario. The thesis comes in two main parts. In the first part, we address security mechanisms for the connected car. First, a survey of current mechanisms to secure the in-vehicle networks is made. Then, a description of possible communication methods with vehicles is given and a taxonomy of current entities involved in such communication is presented. The taxonomy is organised in actors, vehicle-to-X communications, network paths, and dependability and security attributes. The usefulness of the taxonomy is demonstrated by two examples. In the second part, we address security with respect to vehicular diagnostics. First, an overall security analysis of the interaction between the connected car and the repair shop is conducted. We find that the most imminent risk in the repair shop is the loss of authentication keys. The loss of such keys allows masquerading attacks against vehicles. To address this problem, we propose a Kerberos-inspired protocol for authentication and authorisation of the diagnostics equipment and a trusted third party is introduced. To conclude, this thesis shows the value of adopting a structured approach to securing the connected car. The approach has been shown to be useful for identifying threats and countermeasures and thus help improving security.

vehicular services

connected car

remote diagnostics.

security mechanisms

room EF, Rännvägen 6, Chalmers
Opponent: Associate Professor Panos Papadimitratos, School of Electrical Engineering, KTH Royal Institute of Technology, Sweden

Författare

Pierre Kleberger

Chalmers, Data- och informationsteknik, Nätverk och system

An In-Depth Analysis of the Security of the Connected Repair Shop

The Seventh International Conference on Systems and Networks Communications (ICSNC), Proceedings. Lisbon, 18-23 November, 2012. IARIA.,; (2012)p. 99-107

Paper i proceeding

Security aspects of the in-vehicle network in the connected car

IEEE Intelligent Vehicles Symposium, Proceedings. Baden-Baden, 5-9 June 2011,; (2011)p. 528-533

Paper i proceeding

A Framework for Assessing the Security of the Connected Car Infrastructure

The Sixth International Conference on Systems and Networks Communications (ICSNC), Proceedings. Barcelona, 23-29 October 2011. IARIA.,; (2011)p. 236-241

Paper i proceeding

Styrkeområden

Transport

Ämneskategorier

Data- och informationsvetenskap

Technical report L - Department of Computer Science and Engineering, Chalmers University of Technology and Göteborg University: 99L

room EF, Rännvägen 6, Chalmers

Opponent: Associate Professor Panos Papadimitratos, School of Electrical Engineering, KTH Royal Institute of Technology, Sweden