Towards a Standardised Framework for Securing Connected Vehicles
Licentiatavhandling, 2019

Vehicular security was long limited to physical security - to prevent theft. However, the trend of adding more comfort functions and delegating advanced driving tasks back to the vehicle increased the magnitude of attacks, making cybersecurity inevitable. Attackers only need to find one vulnerability in the myriad of electronic control units (ECUs) and communication technologies used in a vehicle to compromise its functions. Vehicles might also be attacked by the owners, who want to modify or even disable certain vehicle functions.
Many different parties are involved in the development of such a complex system as the functions are distributed over more than 100 ECUs, making it difficult to get an overall picture of the achieved security. Therefore, moving towards a standardised security framework tailored for the automotive domain is necessary.
In this thesis we study various safety and security standards and proposed frameworks from different industrial domains with respect to their way of classifying demands in the form of levels and their methods to derive requirements. In our proposed framework, we suggest security levels appropriate for automotive systems and continue with a mapping between these security levels and identified security mechanisms and design rules to provide basic security. We further study in detail a mechanism which provides freshness to authenticated messages, namely AUTOSAR SecOC Profile 3, and present a novel extension that offers a faster synchronisation between ECUs and reduces the number of required messages for synchronisation.

Security Classification

Vehicular Security

In-Vehicle Network


EE, EDIT building, Rännvägen 6B, Chalmers University of Technology
Opponent: Panos Papadimitratos, KTH Royal Institute of Technology, Sweden


Thomas Rosenstatter

Chalmers, Data- och informationsteknik, Nätverk och system

Open Problems when Mapping Automotive Security Levels to System Requirements

Proceedings of the 4th International Conference on Vehicle Technology and Intelligent Transport Systems ,; (2018)p. 251-260

Paper i proceeding

Towards a Standardized Mapping from Automotive Security Levels to Security Mechanisms

IEEE Conference on Intelligent Transportation Systems, Proceedings, ITSC,; (2018)p. 1501-1507

Paper i proceeding

T. Rosenstatter, C. Sandberg, and T. Olovsson, Extending AUTOSAR's Counter-based Solution for Freshness of Authenticated Messages in Vehicles

Holistiskt angreppssätt att förbättra datasäkerhet (HoliSec)

VINNOVA (2015-06894), 2016-04-01 -- 2019-03-31.


Informations- och kommunikationsteknik



Elektroteknik och elektronik

Inbäddad systemteknik

Annan elektroteknik och elektronik

Technical report L - Department of Computer Science and Engineering, Chalmers University of Technology and Göteborg University: 198



EE, EDIT building, Rännvägen 6B, Chalmers University of Technology

Opponent: Panos Papadimitratos, KTH Royal Institute of Technology, Sweden

Mer information

Senast uppdaterat