This content is not included in your SAE MOBILUS subscription, or you are not logged in.
Do Vehicles Need Data Security?
ISSN: 0148-7191, e-ISSN: 2688-3627
Published April 12, 2011 by SAE International in United States
Annotation ability available
Data security was introduced to vehicles in the 1980's with the electronic theft protection system. Since then data security was also implemented in further electronic systems of vehicles, including theft protection for electronic control units, protection of mileage counter integrity, protection against software manipulation (secure flashing), and secure wireless on-board diagnoses (e.g. via Bluetooth). Vehicles include more and more electronic systems and open communication channels based on public standards, making them vulnerable to a variety of attacks. Security mitigation mechanisms are implemented in software and might be supported by a controller with basic security features.
Recently, research was started to centralize security features in a single dedicated security controller. This security controller implements cryptographic methods and provides tamper resistance. Current and future applications with need for security include vehicular communication, feature activation and pay-on-demand applications as well as digital content protection systems.
In this work we will analyze which degree of implemented security features in a vehicle is reasonable. We will consider both security features based on secure hardware and software mechanisms. We will distinguish applications that protect a financial asset (e.g. theft protection) and safety applications (e.g. future vehicle-to-vehicle wireless communication safety applications). We will evaluate whether there is a threat to safety because of new technologies, and how this threat needs to be mitigated. Finally, we will identify the useful mitigation mechanisms and describe how these need to evolve over time. We will perform the evaluation under the premise of economic security, i.e. always assuming that only economically feasible solutions will be deployed.
CitationWeimerskirch, A., "Do Vehicles Need Data Security?," SAE Technical Paper 2011-01-0040, 2011, https://doi.org/10.4271/2011-01-0040.
- Anderson, R. J. Security Engineering: A Guide to Building Dependable Distributed Systems John Wiley & Sons, Inc. 2001
- Eisenbarth, T. Kasper, T. Moradi, A. Paar, C. Salmasizadeh, M. Shalmani, M. T. M. On the Power of Power Analysis in the Real World: A Complete Break of the KeeLoq Code Hopping Scheme 28th International Cryptology Conference - CRYPTO 2008 Santa Barbara, CA, USA August 17 21 2008
- IEEE 1609.2-2006 Standard for Wireless Access in Vehicular Environments ( WAVE ) , Security Services for Applications and Management Messages June 2006
- EVITA e-safety vehicle intrusion protected applications http://evita-project.org/
- Koscher, K. Czeskis, A. Roesner, F. Patel, S. Kohno, T. Checkoway, S. McCoy, D. Kantor, B. Anderson, D. Shacham, H. Savage, S. Experimental Security Analysis of a Modern Automobile the 31st IEEE Symposium on Security and Privacy May 16 19 2010 Oakland
- Rouf, I. Miller, R. Mustafa, H. Taylor, T. Oh, S. Xu, W. Gruteser, M. Trappe, W. Seskar, I. Security and Privacy Vulnerabilities of In-Car Wireless Networks: A Tire Pressure Monitoring System Case Study the 19th USENIX Security Symposium Washington DC August 11 13 2010
- Lemke, K. Paar, C. Wolf, M. Embedded Security in Cars - Securing Current and Future Automotive IT Applications Springer-Verlag 2006
- OVERSEE Open vehicular secure platform https://www.oversee-project.com
- Weimerskirch, A. Haas, J. J. Hu, Y-C. Laberteaux, K. P. Data Security in Vehicular Communications Networks VANET - Vehicular Applications and Inter-Networking Technologies, Wiley Blackwell 2010
- Weimerskirch, A. “Secure Software Flashing,” SAE Int. J. Passeng. Cars - Electron. Electr. Syst. 2 1 83 86 2009 10.4271/2009-01-0272
- Weimerskirch, André Paar, Christof Wolf, Marko Cryptographic Component Identification: Enabler for Secure Inter-vehicular Networks 62nd IEEE Vehicular Technology Conference September 25 28 2005 Dallas, TX, USA
- Schramm, K. Wolf, M. “Secure Feature Activation,” SAE Int. J. Passeng. Cars - Electron. Electr. Syst. 2 1 62 67 2009 10.4271/2009-01-0262
- Wolf, M. Weimerskirch, A. Wollinger, T. State-of-the-Art: Embedding Security in Vehicles EURASIP Journal on Embedded Systems, Special Issue on Embedded Systems for Intelligent Vehicles 2007