CPL - Chalmers Publication Library
| Utbildning | Forskning | Styrkeområden | Om Chalmers | In English In English Ej inloggad.

An In-Depth Analysis of the Security of the Connected Repair Shop

Pierre Kleberger (Institutionen för data- och informationsteknik, Nätverk och system (Chalmers) ) ; Tomas Olovsson (Institutionen för data- och informationsteknik, Nätverk och system (Chalmers) ) ; Erland Jonsson (Institutionen för data- och informationsteknik, Nätverk och system (Chalmers) )
The Seventh International Conference on Systems and Networks Communications (ICSNC), Proceedings. Lisbon, 18-23 November, 2012. IARIA. p. 99-107. (2012)
[Konferensbidrag, refereegranskat]

In this paper, we present a security analysis of delivering diagnostics services to the connected car in future connected repair shops. The repair shop will mainly provide two services; vehicle diagnostics and software download. We analyse the security within the repair shop by applying a reduced version of the threat, vulnerability, and risk analysis (TVRA) method defined by ETSI. First, a system description of the repair shop is given. Security objectives and assets are then identified, followed by the threat and vulnerability analysis. Possible countermeasures are derived and we outline and discuss one possible approach for addressing the security in the repair shop. We find that many of the identified vulnerabilities can directly be mitigated by countermeasures and, to our surprise, we find that the handling of authentication keys is critical and may affect vehicles outside the repair shop as well. Furthermore, we conclude that the TVRA method was not easy to follow, but still useful in this analysis. Finally, we suggest that repair shop security should mainly be addressed at the link layer. Such an approach may integrate network authentication mechanisms during address allocation and also support encryption of data for all upper layer protocols with minimal modifications.

Nyckelord: security analysis; vehicle diagnostics; connected car.



Den här publikationen ingår i följande styrkeområden:

Läs mer om Chalmers styrkeområden  

Denna post skapades 2012-11-30. Senast ändrad 2015-12-17.
CPL Pubid: 166959