Every new promising paradigm that hits the market comes with its economical benefits and security issues (which are hopefully addressable). For the moment I think that there three disruptive (in a positive sense) technologies that are hitting the automotive markets and a forth which I regard as a trend rather than a technology by itself:
1. vehicle-to-vehicle (or infrastructure) communications which will bring connectivity to the automotive world,
2. electrical engines (hybrid or not) which can drastically save on fuel (and pollution),
3. self-driving carswhich can turn our driving experience from stress and time waste to tranquil or productive moments.
4. an over-abundance of functionalities seem to be the recent trend in the car industry, start- ing from sensors, rear cameras, dynamically adjustable mirrors, phone-based access control, cloud-based support, etc.
More than a decade ago, vehicle-to-vehicle communication became a topic of high interest. It is clear that the impact of such technology could be highly beneficial, starting from route optimization to collision avoidance, there are many functionalities that can greatly benefit from the existence of communication channels between vehicles. But inevitably, this opens road for attacks and there are already hundreds of research papers that address such issues. However, the true challenge comes once such systems are largely deployed in practice. Imagine how all the research on Internet security would look, in the absence of the physical (real-world) Internet. Clearly, some of the aspects that are solved on paper will prove to be unsolved once the solution is ported to practice (or even prove not to have a solution at all). In practice, there are hundreds of implementation mistakes which open back-doors. It is likely that the practical deployment of such technology will open many research opportunities in the future, so we will hear more and more on this in the forthcoming years. It is however somewhat surprising that this technology hits the market so slow.
In the recent years, hybrid electrical vehicles became very popular. One would say that there are no security implications if the vehicle runs on petrol or batteries. However, this may not be so.
A car that is cheaper on fuel is also likely to travel more. This is common sense in economics, it the price of fuel is lower, people will likely tend to buy more satisfying needs that they could not afford in the past. A car that travels more, leads to a heavier interconnected world, this bring more security implications. It don’t think that this would bring drastic changes, but it is a paradigm that should not be neglected in the security landscape.
Finally, an entirely new era seems to be opened by self-driving cars. This new technology, pioneered by Google with much noise and silently by many automotive manufacturers, has the potential to drastically change the landscape. But there are little doubts that for vehicles that can be stirred from the electronic brain, security will play a critical role as any back-door inside the software has the potential to turn the vehicle into a weapon. Open questions related to self-driving cars are numerous. Starting from who is responsible for the accidents (the one who designed the brain of the car vs. the driver or owner of the car) to what are the legal privileges of authorities against such cars (can the police request a self-driving car to stop or force it to follow a path by simply pressing a button?). To the best we can foresee, this technology will bring many new security perspectives.
I will not discuss on how the over-abundance of functionalities could affect security. Clearly, each functionality brings at least one more attack surface, each of us can imagine various scenarios.
In the long run, it is likely that the legal and ethical security concerns will be more critical than designing cryptographic security. However, one will be unable to tackle these more important issues as long as cryptographic security is not deployed on in-vehicle networks and components. So in the short run cryptographic security for automotive systems is an issue that needs to be urgently addressed.
Part III
References
Bibliography
[1] R. Anderson. On the security of digital tachographs. In Computer Security-ESORICS 98, pages 111–125. Springer, 1998.
[2] AUTOSAR. Requirements on Crypto Service Manager, Part of AUTOSAR 4.2.1, 2014.
[3] M. Bacchus, A. Coronado, and M. A. Gutierrez. The insights into car hacking. 2014.
[4] D. Basin, C. Cremers, and S. Meier. Provably repairing the iso/iec 9798 standard for entity authentication. Journal of Computer Security, 21(6):817–846, 2013.
[5] L. Bauer, L. F. Cranor, M. K. Reiter, and K. Vaniea. Lessons learned from the deployment of a smartphone-based access-control system. InProceedings of the 3rd Symposium on Usable Privacy and Security, pages 64–75. ACM, 2007.
[6] R. Beaulieu, D. Shors, J. Smith, S. Treatman-Clark, B. Weeks, and L. Wingers. National Security Agency. THESIMON ANDSPECK FAMILIES OF LIGHTWEIGHT BLOCK CIPHERS. pages 16–45, 2013.
[7] M. Bellare and P. Rogaway. Optimal asymmetric encryption. In Advances in Cryptology- EUROCRYPT’94, pages 92–111. Springer, 1995.
[8] S. Bittl. Attack potential and efficient security enhancement of automotive bus networks using short macs with rapid key change. InCommunication Technologies for Vehicles, pages 113–125. Springer, 2014.
[9] M. Broy. Challenges in automotive software engineering. InProceedings of the 28th inter- national conference on Software engineering, pages 33–42. ACM, 2006.
[10] A. Bruni, M. Sojka, F. Nielson, and H. R. Nielson. Formal security analysis of the macan protocol. InIntegrated Formal Methods, pages 241–255. Springer, 2014.
[11] O. Bubeck and V. Bourgeois. New security concepts for future generation automotive elec- tronic control units.
[12] M. Burrows, M. Abadi, and R. Needham. A logic of authentication. Proc. Royal Society of London. Series A, Mathematical and Physical Sciences, 426(1871):233–271, 1989.
[13] C. Busold, A. Taha, C. Wachsmann, A. Dmitrienko, H. Seudié, M. Sobhani, and A.-R.
Sadeghi. Smart keys for cyber-cars: secure smartphone-based nfc-enabled car immobilizer.
InProceedings of the third ACM conference on Data and application security and privacy, pages 233–242. ACM, 2013.
[14] R. Canetti, J. Garay, G. Itkis, D. Micciancio, M. Naor, and B. Pinkas. Multicast security:
A taxonomy and some efficient constructions. In INFOCOM’99. Eighteenth Annual Joint Conference of the IEEE Computer and Communications Societies. Proceedings. IEEE, vol- ume 2, pages 708–716. IEEE, 1999.
[15] L. Carettoni, C. Merloni, and S. Zanero. Studying bluetooth malware propagation. IEEE Security & Privacy, 2007.
[16] H. Chan, A. Perrig, and D. Song. Random key predistribution schemes for sensor networks.
In Security and Privacy, 2003. Proceedings. 2003 Symposium on, pages 197–213. IEEE, 2003.
[17] S. Checkoway, D. McCoy, B. Kantor, D. Anderson, H. Shacham, S. Savage, K. Koscher, A. Czeskis, F. Roesner, and T. Kohno. Comprehensive experimental analyses of automotive attack surfaces. InUSENIX Security 2011, 2011.
[18] A. Dardanelli, F. Maggi, M. Tanelli, S. Zanero, S. M. Savaresi, R. Kochanek, and T. Holz.
A security layer for smartphone-to-vehicle communication over bluetooth. 2013.
[19] G. Delzanno and P. Ganty. Automatic verification of time sensitive cryptographic protocols.
Tools and Algorithms for the Construction and Analysis of Systems, pages 342–356, 2004.
[20] Y. Dodis, L. Reyzin, and A. Smith. Fuzzy extractors: How to generate strong keys from biometrics and other noisy data. InAdvances in cryptology-Eurocrypt 2004, pages 523–540.
Springer, 2004.
[21] A. Fiat and M. Naor. Broadcast encryption. InAdvances in Cryptology (CryptoŠ93), pages 480–491. Springer, 1994.
[22] Freescale. Freescale MC9S12XDP512 Data Sheet, Rev. 2.21, 2009.
[23] E. Fujisaki, T. Okamoto, D. Pointcheval, and J. Stern. Rsa-oaep is secure under the rsa assumption. InAdvances in Cryptology-CRYPTO 2001, pages 260–274. Springer, 2001.
[24] I. Furgel and K. Lemke. A review of the digital tachograph system. InEmbedded Security in Cars, pages 69–94. Springer, 2006.
[25] A. Greenberg. After jeep hack, chrysler recalls 1.4m vehicles for bug fix. www.wired.com, July 2015.
[26] A. Greenberg. Hackers remotely kill a jeep on the highway - with me in it. www.wired.com, July 2015.
[27] B. Groza and M. Minea. Bridging dolev-yao adversaries and control systems with time-sensitive channels. In Critical Information Infrastructures Security, pages 167–178.
Springer, 2013.
[28] B. Groza and P.-S. Murvay. Broadcast authentication in a low speed controller area network.
InE-Business and Telecommunications, pages 330–344. Springer, 2012.
[29] B. Groza and P.-S. Murvay. Efficient Protocols For Secure Broadcast In Controller Area Networks. accepted for publication in: Industrial Informatics, IEEE Transactions on, 2012.
[30] B. Groza, P.-S. Murvay, A. Van Herrewege, and I. Verbauwhede. LiBrA-CAN: a Lightweight Broadcast Authentication protocol for Controller Area Networks. In Proceedings of The 11th International Conference on Cryptology and Network Security, CANS 2012, Springer- Verlag, LNCS, 2012.
[31] B. Groza and S. Murvay. Secure broadcast with one-time signatures in controller area net- works. InAvailability, Reliability and Security (ARES), 2011 Sixth International Conference on, pages 371–376. IEEE, 2011.
[32] T. Guneysu, T. Kasper, M. Novotny, C. Paar, and A. Rupp. Cryptanalysis with copacobana.
Computers, IEEE Transactions on, 57(11):1498–1513, 2008.
[33] C. T. Hager and S. F. Midkiff. Demonstrating vulnerabilities in bluetooth security. In Global Telecommunications Conference, 2003. GLOBECOM’03. IEEE, volume 3, pages 1420–1424. IEEE, 2003.
[34] H. Hartenstein and K. Laberteaux. VANET Vehicular Applications and Inter-Networking Technologies. Wiley, 2009.
[35] O. Hartkopp, C. Reuber, and R. Schilling. Macan-message authenticated can. In 10th Int.
Conf. on Embedded Security in Cars (ESCAR 2012), 2012.
[36] E. Haselsteiner and K. BreitfuSS. Security in near field communication (nfc) strengths and weaknesses. Technical report, Philips Semiconductors, 2006.
[37] D. Holcomb, W. Burleson, and K. Fu. Power-up sram state as an identifying fingerprint and source of true random numbers. Computers, IEEE Transactions on, 58(9):1198–1210, Sept 2009.
[38] C.-M. Huang, Y.-S. Chen, and I. Global. Telematics communication technologies and ve- hicular networks: wireless architectures and applications. Information Science Reference, 2010.
[39] Infineon. Tricore TC1797 32-Bit Single-Chip Microcontroller, UserŠs Manual V1.1, 2009.
[40] Infineon. SP37T Datasheet., 1.0 edition, January 2010.
[41] R. M. Ishtiaq Roufa, H. Mustafaa, S. O. Travis Taylora, W. Xua, M. Gruteserb, W. Trappeb, and I. Seskarb. Security and privacy vulnerabilities of in-car wireless networks: A tire pressure monitoring system case study. In19th USENIX Security Symposium, Washington DC, pages 11–13, 2010.
[42] R. M. Ishtiaq Roufa, H. Mustafaa, S. O. Travis Taylora, W. Xua, M. Gruteserb, W. Trappeb, and I. Seskarb. Security and privacy vulnerabilities of in-car wireless networks: A tire pressure monitoring system case study. In19th USENIX Security Symposium, Washington DC, pages 11–13, 2010.
[43] T. Jeske. Floating car data from smartphones: What google and waze know about you and how hackers can control traffic. InProceedings of BlackHat Europe 2013, MARCH 2013.
[44] F. Koeune and F.-X. Standaert. A tutorial on physical security and side-channel attacks. In Foundations of Security Analysis and Design III, pages 78–108. Springer, 2005.
[45] T. Kohno, A. Broido, and K. C. Claffy. Remote physical device fingerprinting. IEEE Trans.
Dependable Secur. Comput., 2(2):93–108, Apr. 2005.
[46] K. Koscher, A. Czeskis, F. Roesner, S. Patel, T. Kohno, S. Checkoway, D. McCoy, B. Kantor, D. Anderson, H. Shacham, and S. Savage. Experimental security analysis of a modern automobile. InSecurity and Privacy (SP), 2010 IEEE Symposium on, pages 447 –462, May 2010.
[47] R. Kurachi, Y. Matsubara, H. Takada, N. Adachi, Y. Miyashita, and S. Horihata. Cacan - centralized authentication system in can (controller area network). In 14th Int. Conf. on Embedded Security in Cars (ESCAR 2014), 2014.
[48] K. Lemke, C. Paar, and M. Wolf. Embedded Security in Cars Securing Current and Future Automotive IT Applications. Springer Verlag, 2006.
[49] J. Leohold. Communication requirements for automotive systems. In Keynote speech 5th IEEE international workshop on factory communication systems, Vienna, Austria, Vienna University of Technology, 2004.
[50] C.-W. Lin, Q. Zhu, and A. Sangiovanni-Vincentelli. Security-aware modeling and efficient mapping for can-based real-time distributed automotive systems. 2014.
[51] G. Lowe. Breaking and fixing the needham-schroeder public-key protocol using fdr. InTools and Algorithms for the Construction and Analysis of Systems, pages 147–166. Springer, 1996.
[52] G. Lowe. Casper: A compiler for the analysis of security protocols. In 10th Computer Security Foundations Workshop, pages 18–30. IEEE, 1997.
[53] G. Madlmayr, J. Langer, C. Kantner, and J. Scharinger. Nfc devices: Security and privacy.
InAvailability, Reliability and Security, 2008. ARES 08. Third International Conference on, pages 642–647, March 2008.
[54] S. Malipatlolla and I. Stierand. Evaluating the impact of integrating a security module on the real-time properties of a system. InEmbedded Systems: Design, Analysis and Verification, pages 343–352. Springer, 2013.
[55] M. Matsui and Y. Murakami. Minimalism of software implementation. In Fast Software Encryption, pages 393–409. Springer, 2014.
[56] C. Meadows. The nrl protocol analyzer: An overview. The Journal of Logic Programming, 26(2):113–131, 1996.
[57] S. B. Moon, P. Skelly, and D. Towsley. Estimation and removal of clock skew from network delay measurements. Technical report, Amherst, MA, USA, 1998.
[58] C. Mulliner. Vulnerability analysis and attacks on nfc-enabled mobile phones. InAvailabil- ity, Reliability and Security, 2009. ARES ’09. International Conference on, pages 695–700, March 2009.
[59] P.-S. Murvay and B. Groza. Performance evaluation of sha-2 standard vs. sha-3 finalists on two freescale platforms. International Journal of Secure Software Engineering (IJSSE), 4(4):1–24, 2013.
[60] P.-S. Murvay and B. Groza. Source identification using signal characteristics in controller area networks. Signal Processing Letters, IEEE, 21(4):395–399, 2014.
[61] M. Naor and B. Pinkas. Threshold traitor tracing. InAdvances in Cryptology (CRYPTO’98), pages 502–517. Springer, 1998.
[62] T. Nolte, H. Hansson, and L. L. Bello. Wireless automotive communications. In J. Kaiser, editor, Proceedings of the 4th International Workshop on Real-Time Networks (RTN05) in conjunction with the 17th Euromicro International Conference on Real-Time Systems (ECRTS05), pages 35–38. ISBN 3-929757-90-7, July 2005.
[63] A. Perrig. The biba one-time signature and broadcast authentication protocol. InProceedings of the Eighth ACM Conference on Computer and Communications Security (CCS-8), pages 28–37, Philadelphia PA, USA, 2001.
[64] A. Perrig, R. Canetti, D. Song, and J. D. Tygar. SPINS: Security protocols for sensor net- works. In Seventh Annual ACM International Conference on Mobile Computing and Net- works (MobiCom 2001), pages 189–199, 2001.
[65] A. Perrig, R. Canetti, J. Tygar, and D. X. Song. Efficient authentication and signing of multicast streams over lossy channels. InIEEE Symposium on Security and Privacy, pages 56–73, 2000.
[66] R. Popescu-Zeletin, I. Radusch, and M. A. Rigani. Vehicular-2-X Communication. Springer, 2009.
[67] Portland Press Herald. U.S. military hackers scramble to fortify cars cyber defenses, Novem- ber 2014.
[68] A. Radu and B. Groza. Security concept for smartphone car access via nfc rf id device.
Technical report, Continental Software Conference, Regensburg, 2015.
[69] L. Reyzin and N. Reyzin. Better than biba: Short one-time signatures with fast signing and verifying. In Proceedings of the 7th Australian Conference on Information Security and Privacy, ACISP ’02, pages 144–153, London, UK, 2002. Springer-Verlag.
[70] Robert BOSCH GmbH. CAN Specification Version 2.0., 1991.
[71] Robert BOSCH GmbH. CAN with Flexible Data-Rate Version 1.0, 2012.
[72] T. Roeder, R. Pass, and F. Schneider. Multi-verifier signatures. Journal of Cryptology, 25(2):310–348, 2012.
[73] A. Rukhin, J. Soto, J. Nechvatal, M. Smid, E. Barker, S. Leigh, M. Levenson, M. Vangel, D. Banks, A. Heckert, J. Dray, and S. Vo. A Statistical Test Suite for Random and Pseudo- random Number Generators for Cryptographic Applications. National Institute of Standards and Technology, Revised: April 2010 Lawrence E Bassham III, Special Publication 800-22 Revision 1a.
[74] V. Shoup. Oaep reconsidered. In Advances in Cryptology-CRYPTO 2001, pages 239–259.
Springer, 2001.
[75] V. Shoup. A computational introduction to number theory and algebra. Cambridge Univer- sity Press, 2009.
[76] C. Solomon and B. Groza. Limon - lightweight authentication for tire pressure monitoring sensors. In1st Workshop on the Security of Cyber-Physical Systems (affiliated to ESORICS 2015), 2015.
[77] F. Stajano. The resurrecting duckling. InSecurity Protocols, pages 183–194. Springer, 2000.
[78] D. Stebila, L. Kuppusamy, J. Rangasamy, C. Boyd, and J. G. Nieto. Stronger difficulty notions for client puzzles and denial-of-service-resistant protocols. In Proceedings of the 11th international conference on Topics in cryptology: CT-RSA 2011, CT-RSA’11, pages 284–301. Springer-Verlag, 2011.
[79] R. Steffen, J. PreiSSinger, T. Scho´lllermann, A. Mu´lller, and I. Schnabel. Near field com- munication (nfc) in an automotive environment. InNear Field Communication (NFC), 2010 Second International Workshop on, pages 15–20, April 2010.
[80] I. Studnia, V. Nicomette, E. Alata, Y. Deswarte, M. Kaâniche, and Y. Laarouchi. Survey on security threats and protection mechanisms in embedded automotive networks. InDepend- able Systems and Networks Workshop (DSN-W), 2013 43rd Annual IEEE/IFIP Conference on, pages 1–12. IEEE, 2013.
[81] P. Syverson. A taxonomy of replay attacks. In7thComputer Security Foundations Workshop, pages 187–191. IEEE, 1994.
[82] C. Szilagyi and P. Koopman. Flexible multicast authentication for time-triggered embed- ded control network applications. In Dependable Systems & Networks, 2009. DSN’09.
IEEE/IFIP International Conference on, pages 165–174. IEEE, 2009.
[83] C. Szilagyi and P. Koopman. Low cost multicast authentication via validity voting in time- triggered embedded control networks. In Proceedings of the 5th Workshop on Embedded Systems Security, page 10. ACM, 2010.
[84] C. J. Szilagyi. LOW COST MULTICAST NETWORK AUTHENTICATION FOR EMBED- DED CONTROL SYSTEMS. PhD thesis, Carnegie Mellon University, 2012.
[85] A. V. Thiemel, D.-E. M. Janke, and D.-E. B. Steurich. Speedometer manipulation-putting a stop to fraud. ATZelektronik worldwide, 8(2):16–19, 2013.
[86] S. Tillich and M. Wójcik. Security analysis of an open car immobilizer protocol stack. In Trusted Systems, pages 83–94. Springer, 2012.
[87] G. Tipa and B. Groza. High quality randomness for safety critical tasks on automotive embedded devices, research report. Technical report, 2014.
[88] G. Tipa, B. Groza, and R. Ragobete. Generation of random numbers from an uninitialised memory unit (European Patent Application EP 14465511.5-1953/28.05.14. on behalf of Continental Corporation). Technical report, 2014.