CPL - Chalmers Publication Library
| Utbildning | Forskning | Styrkeområden | Om Chalmers | In English In English Ej inloggad.

How to Secure the Connected Car

Dennis K. Nilsson (Institutionen för data- och informationsteknik, Datorteknik (Chalmers))
Göteborg : Chalmers University of Technology, 2009. ISBN: 978-91-7385-245-6.- 308 s.
[Doktorsavhandling]

In recent years, information technology has entered the automobile domain. Most of the functionality in a car is now controlled by electronics and software. There is a trend among automobile manufacturers to perform administrative procedures such as diagnostics and firmware updates over a wireless communication channel and to provide various services that allow hand-held devices such as cell phones and PDAs to interact with the vehicle. Thus emerges the notion of the connected car. As external wireless communication is allowed to interact with the vehicle, a number of security risks are introduced. Achieving proper authentication and secure communication thus becomes a critical issue. The vehicle domain has traditionally only dealt with safety concerns; however, the security risks create a need to consider an intelligent attacker and appropriate security solutions in this domain. This thesis focuses on how to secure the connected car. A defense-in-depth perspective is employed to do this by means of different approaches. Various measures for prevention including authentication and integrity principles for vehicle-to-infrastructure and device-to-vehicle communication are applied. In addition, measures for prevention, detection and deflection of attacks targeting the in-vehicle network are developed. After an attack has occurred, forensics is performed to reconstruct the event and aid in locating the cyber criminals responsible. Achieving a proper level of security in the car is a challenge, given the environment, the usage scenarios and the safety concerns. Thus, while security solutions must be adapted to support the specific characteristics of the connected car, applying only one security solution for a safety-critical system such as a car may not be sufficient. Several protection mechanisms based on different approaches should be incorporated to secure the connected car and to ensure the safety of its driver and passengers.

Nyckelord: Security, defense-in-depth, connected car, wireless, firmware updates, diagnostics, in-vehicle networks, attacks



Denna post skapades 2009-04-14. Senast ändrad 2013-09-25.
CPL Pubid: 92475

 

Institutioner (Chalmers)

Institutionen för data- och informationsteknik, Datorteknik (Chalmers)

Ämnesområden

Datorteknik

Chalmers infrastruktur

Relaterade publikationer

Inkluderade delarbeten:


How to Secure Bluetooth-based Pico Networks


Simulated Attacks on CAN Buses: Vehicle virus


Secure Firmware Updates over the Air in Intelligent Vehicles


Unidirectional Auxiliary Channel Challenge-Response Authentication


Combining Physical and Digital Evidence in Vehicle Environments


Low-Cost Key Management for Hierarchical Wireless Vehicle Networks


An Approach to Specification-based Attack Detection for In-Vehicle Networks


Vehicle ECU Classification Based on Safety-Security Characteristics


Auxiliary Channel Diffie-Hellman Encrypted Key-Exchange Authentication


Efficient In-Vehicle Delayed Data Authentication Based on Compound Message Authentication Codes


Creating a Secure Infrastructure for Wireless Diagnostics and Software Updates in Vehicles


A First Simulation of Attacks in the Automotive Network Communications Protocol FlexRay


An Approach to using Honeypots in In-Vehicle Networks


A Framework for Self-Verification of Firmware Updates over the Air in Vehicle ECUs


Conducting Forensic Investigations of Cyber Attacks on Automobile In-Vehicle Networks


A Defense-in-Depth Approach to Securing the Wireless Vehicle Infrastructure


Examination

Datum: 2009-05-15
Tid: 13:15
Lokal: HC2
Opponent: Professor Dieter Gollmann, Technische Universität Hamburg-Harburg, Germany

Ingår i serie

Doktorsavhandlingar vid Chalmers tekniska högskola. Ny serie 2926


Technical report D - Department of Computer Science and Engineering, Chalmers University of Technology and Göteborg University 60D