This content is not included in your SAE MOBILUS subscription, or you are not logged in.
Leveraging Hardware Security to Secure Connected Vehicles
ISSN: 0148-7191, e-ISSN: 2688-3627
Published April 03, 2018 by SAE International in United States
Annotation ability available
Advanced safety features and new services in connected cars depend on the security of the underlying vehicle functions. Due to the interconnection with the outside world and as a result of being an embedded system a modern vehicle is exposed to both, malicious activities as faced by traditional IT world systems as well as physical attacks. This introduces the need for utilizing hardware-assisted security measures to prevent both kinds of attacks.
In this paper we present a survey of the different classes of hardware security devices and depict their different functional range and application. We demonstrate the feasibility of our approach by conducting a case study on an exemplary implementation of a function-on-demand use case. In particular, our example outlines how to apply the different hardware security approaches in practice to address real-world security topics.
We conclude with an assessment of today’s hardware security devices. Based on our presented case study we outline the identified gaps and derive the necessary future developments for next-generation hardware security devices to meet the requirements for automotive applications.
|Technical Paper||Security Mechanisms Design for In-Vehicle Network Gateway|
|Technical Paper||Mitigating Unknown Cybersecurity Threats in Performance Constrained Electronic Control Units|
CitationCorbett, C., Brunner, M., Schmidt, K., Schneider, R. et al., "Leveraging Hardware Security to Secure Connected Vehicles," SAE Technical Paper 2018-01-0012, 2018, https://doi.org/10.4271/2018-01-0012.
- Audi Digitalstrategie http://www.spiegel.de/auto/aktuell/audi-digitalstrategie-extras-fuer-gewisse-stunden-a-1105990.html 2018
- Falliere , N. , Murchu , L.O. , and Chien , E. 2011
- Felt , A.P. , Finifter , M. , Chin , E. , Hanna , S. et al. A Survey of Mobile Malware in the Wild Proceedings of the 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices October 2011 3 14 10.1145/2046614.2046618
- Gollmann , D. , Gurikov , P. , Isakov , A. , Krotofil , M. et al. Cyber-Physical Systems Security: Experimental Analysis of a Vinyl Acetate Monomer Plant Proceedings of the 1st ACM Workshop on Cyber-Physical System Security April 2015 1 12 10.1145/2732198.2732208
- Li , C. , Raghunathan , A. , and Jha , N.K. Hijacking an Insulin Pump: Security Attacks and Defenses for a Diabetes Therapy System 2011 13th IEEE International Conference on e-Health Networking Applications and Services (Healthcom) June 2011 150 156 10.1109/HEALTH.2011.6026732
- Luo , A. Drones Hijacking - Multi-Dimensional Attack Vectors and Countermeasures DEFCON 24 2016
- Checkoway , S. , McCoy , D. , Kantor , B. , Anderson , D. et al. Comprehensive Experimental Analyses of Automotive Attack Surfaces USENIX Security Symposium August 2011
- Miller , C. and Valasek , C. 2015
- Million Lines of Code http://www.informationisbeautiful.net/visualizations/million-lines-of-code 2018
- Chipwhisperer https://newae.com/tools/chipwhisperer/ 2018
- HackRF http://greatscottgadgets.com/hackrf/ 2018
- Hoheisel , A. 2009
- Zhang , L. , Vega , L. , and Taylor , M. Power Side Channels in Security ICs: Hardware Countermeasures University of California San Diego, CA 2016
- Mangard , S. , Oswald , E. , and Popp , T. Power Analysis Attacks: Revealing the Secrets of Smart Cards 31 Springer Science & Business Media 2008 978-0-387-38162-6
- Escherich , R. , Ledendecker , I. , Schmal , C. , Kuhls , B. et al. 2009
- https://vector.com/portal/medien/cmc/events/Vector_EMOB_2017_Phanuel_Hieber.pdf 2018
- Arthur , W. , Challener , D. , and Goldmann , K. A Practical Guide to TPM 2.0: Using the Trusted Platform Module in the New Age of Security First Apress 2015 978-1-4302-6584-9
- Heartbleed bug https://en.wikipedia.org/wiki/Heartbleed 2018
- Trust Computing and Heartbleed http://www.trustedcomputinggroup.org/avoiding-heartbleed/ 2018
- Financial Industry Affected by Heartbleed http://www.fsroundtable.org/financial-services-industry-swats-heartbleed-bug/ 2018
- Steurich , B. , Scheibert , K. , Freiwald , A. , and Klimke , M. Feasibility Study for a Secure and Seamless Integration of over the Air Software Update Capability in an Advanced Board Net Architecture SAE Technical Paper 2016-01-0056 2016 10.4271/2016-01-0056
- EU-Funded Project (2008-2011) on Secure Automotive Onboard Networks www.evita-project.org 2018
- Weyl , B. , Wolf , M. , Zweers , F. , Gendrullis , T. et al. Secure On-Board Architecture Specification EVITA Deliverable D3 2 2011
- Common Criteria Main Page https://www.commoncriteriaportal.org/ 2018
- Lomne , V. Common Criteria Certifications of a Smartcard: A Technical Overview CHES 2016 Santa Barbara, CA 2016