This content is not included in your SAE MOBILUS subscription, or you are not logged in.
Do Vehicles Need Data Security?
ISSN: 0148-7191, e-ISSN: 2688-3627
Published April 12, 2011 by SAE International in United States
Annotation ability available
Data security was introduced to vehicles in the 1980's with the electronic theft protection system. Since then data security was also implemented in further electronic systems of vehicles, including theft protection for electronic control units, protection of mileage counter integrity, protection against software manipulation (secure flashing), and secure wireless on-board diagnoses (e.g. via Bluetooth). Vehicles include more and more electronic systems and open communication channels based on public standards, making them vulnerable to a variety of attacks. Security mitigation mechanisms are implemented in software and might be supported by a controller with basic security features.
Recently, research was started to centralize security features in a single dedicated security controller. This security controller implements cryptographic methods and provides tamper resistance. Current and future applications with need for security include vehicular communication, feature activation and pay-on-demand applications as well as digital content protection systems.
In this work we will analyze which degree of implemented security features in a vehicle is reasonable. We will consider both security features based on secure hardware and software mechanisms. We will distinguish applications that protect a financial asset (e.g. theft protection) and safety applications (e.g. future vehicle-to-vehicle wireless communication safety applications). We will evaluate whether there is a threat to safety because of new technologies, and how this threat needs to be mitigated. Finally, we will identify the useful mitigation mechanisms and describe how these need to evolve over time. We will perform the evaluation under the premise of economic security, i.e. always assuming that only economically feasible solutions will be deployed.
CitationWeimerskirch, A., "Do Vehicles Need Data Security?," SAE Technical Paper 2011-01-0040, 2011, https://doi.org/10.4271/2011-01-0040.
- Anderson, R. J., Security Engineering: A Guide to Building Dependable Distributed Systems, John Wiley & Sons, Inc. 2001
- Eisenbarth, T., Kasper, T., Moradi, A., Paar, C., Salmasizadeh, M., Shalmani, M. T. M., On the Power of Power Analysis in the Real World: A Complete Break of the KeeLoq Code Hopping Scheme, 28th International Cryptology Conference - CRYPTO 2008, Santa Barbara, CA, USA. August 17-21, 2008.
- IEEE 1609.2-2006, Standard for Wireless Access in Vehicular Environments (WAVE), Security Services for Applications and Management Messages, June 2006.
- EVITA, e-safety vehicle intrusion protected applications, http://evita-project.org/.
- Koscher, K., Czeskis, A., Roesner, F., Patel, S., Kohno, T., Checkoway, S., McCoy, D., Kantor, B., Anderson, D., Shacham, H., Savage, S., Experimental Security Analysis of a Modern Automobile, Proceedings of the 31st IEEE Symposium on Security and Privacy, May 16-19, 2010 (Oakland).
- Rouf, I., Miller, R., Mustafa, H., Taylor, T., Oh, S., Xu, W., Gruteser, M., Trappe, W., and Seskar, I., Security and Privacy Vulnerabilities of In-Car Wireless Networks: A Tire Pressure Monitoring System Case Study, in Proceedings of the 19th USENIX Security Symposium, Washington DC, August 11-13, 2010.
- Lemke, K., Paar, C., Wolf, M. (Editors), Embedded Security in Cars - Securing Current and Future Automotive IT Applications, Springer-Verlag, 2006.
- OVERSEE, Open vehicular secure platform, https://www.oversee-project.com.
- Weimerskirch, A., Haas, J. J., Hu, Y-C., and Laberteaux, K. P., Data Security in Vehicular Communications Networks, VANET - Vehicular Applications and Inter-Networking Technologies, Wiley Blackwell, 2010.
- Weimerskirch, A., “Secure Software Flashing,” SAE Int. J. Passeng. Cars - Electron. Electr. Syst. 2(1):83-86, 2009, doi:10.4271/2009-01-0272.
- Weimerskirch, André, Paar, Christof, and Wolf, Marko, Cryptographic Component Identification: Enabler for Secure Inter-vehicular Networks, 62nd IEEE Vehicular Technology Conference, September 25-28, 2005, Dallas, TX, USA.
- Schramm, K. and Wolf, M., “Secure Feature Activation,” SAE Int. J. Passeng. Cars - Electron. Electr. Syst. 2(1)62-67, 2009, doi:10.4271/2009-01-0262.
- Wolf, M., Weimerskirch, A., and Wollinger, T., State-of-the-Art: Embedding Security in Vehicles, EURASIP Journal on Embedded Systems, Special Issue on Embedded Systems for Intelligent Vehicles, 2007.