Leveraging Hardware Security to Secure Connected Vehicles
Annotation of this paper is available
Sector:
Language:
English
Abstract
Advanced safety features and new services in connected cars depend on the security of the underlying vehicle functions. Due to the interconnection with the outside world and as a result of being an embedded system a modern vehicle is exposed to both, malicious activities as faced by traditional IT world systems as well as physical attacks. This introduces the need for utilizing hardware-assisted security measures to prevent both kinds of attacks.
In this paper we present a survey of the different classes of hardware security devices and depict their different functional range and application. We demonstrate the feasibility of our approach by conducting a case study on an exemplary implementation of a function-on-demand use case. In particular, our example outlines how to apply the different hardware security approaches in practice to address real-world security topics.
We conclude with an assessment of today’s hardware security devices. Based on our presented case study we outline the identified gaps and derive the necessary future developments for next-generation hardware security devices to meet the requirements for automotive applications.
Authors
Citation
Corbett, C., Brunner, M., Schmidt, K., Schneider, R. et al., "Leveraging Hardware Security to Secure Connected Vehicles," SAE Technical Paper 2018-01-0012, 2018, https://doi.org/10.4271/2018-01-0012.Also In
References
- Audi Digitalstrategie, http://www.spiegel.de/auto/aktuell/audi-digitalstrategie-extras-fuer-gewisse-stunden-a-1105990.html, accessed Feb. 2018.
- Falliere, N., Murchu, L.O., and Chien, E., “W32.Stuxnet Dossier,” White Paper, Symantec Corp., Security Response, 5(6), 2011.
- Felt, A.P., Finifter, M., Chin, E., Hanna, S. et al., “A Survey of Mobile Malware in the Wild,” in Proceedings of the 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices, ACM, October 2011, 3-14, doi:10.1145/2046614.2046618.
- Gollmann, D., Gurikov, P., Isakov, A., Krotofil, M. et al., “Cyber-Physical Systems Security: Experimental Analysis of a Vinyl Acetate Monomer Plant,” in Proceedings of the 1st ACM Workshop on Cyber-Physical System Security, ACM, April 2015, 1-12, doi:10.1145/2732198.2732208.
- Li, C., Raghunathan, A., and Jha, N.K., “Hijacking an Insulin Pump: Security Attacks and Defenses for a Diabetes Therapy System,” in 2011 13th IEEE International Conference on e-Health Networking Applications and Services (Healthcom), IEEE, June 2011, 150-156, doi:10.1109/HEALTH.2011.6026732.
- Luo, A., “Drones Hijacking - Multi-Dimensional Attack Vectors and Countermeasures,” in DEFCON 24, 2016.
- Checkoway, S., McCoy, D., Kantor, B., Anderson, D. et al., “Comprehensive Experimental Analyses of Automotive Attack Surfaces,” in USENIX Security Symposium, August 2011.
- Miller, C. and Valasek, C., “Remote Exploitation of an Unaltered Passenger Vehicle,” Black Hat USA, 2015.
- Million Lines of Code, http://www.informationisbeautiful.net/visualizations/million-lines-of-code, accessed Jan. 2018.
- Chipwhisperer, https://newae.com/tools/chipwhisperer/, accessed Jan. 2018.
- HackRF, http://greatscottgadgets.com/hackrf/, accessed Jan. 2018.
- Hoheisel, A., “Side-Channel Analysis Resistant Implementation of AES on Automotive Processors,” Master Thesis, Ruhr-University Bochum, June 2009.
- Zhang, L., Vega, L., and Taylor, M., “Power Side Channels in Security ICs: Hardware Countermeasures,” University of California, San Diego, CA, 2016.
- Mangard, S., Oswald, E., and Popp, T., “Power Analysis Attacks: Revealing the Secrets of Smart Cards,” . Vol. 31 (Springer Science & Business Media, 2008). ISBN:978-0-387-38162-6.
- Escherich, R., Ledendecker, I., Schmal, C., Kuhls, B. et al., “SHE - Secure Hardware Extension - Functional Specification,” Version 1.1, Hersteller Initiative Software (HIS) AK Security, Oct. 16, 2009.
- “Introducing Hardware Security Modules to Embedded Systems,” https://vector.com/portal/medien/cmc/events/Vector_EMOB_2017_Phanuel_Hieber.pdf, accessed Jan. 2018.
- Arthur, W., Challener, D., and Goldmann, K., “A Practical Guide to TPM 2.0: Using the Trusted Platform Module in the New Age of Security,” First Edition (Apress, 2015). ISBN:978-1-4302-6584-9.
- Heartbleed bug, https://en.wikipedia.org/wiki/Heartbleed, accessed Jan. 2018.
- Trust Computing and Heartbleed, http://www.trustedcomputinggroup.org/avoiding-heartbleed/, accessed Jan. 2018.
- Financial Industry Affected by Heartbleed, http://www.fsroundtable.org/financial-services-industry-swats-heartbleed-bug/, accessed Jan. 2018.
- Steurich, B., Scheibert, K., Freiwald, A., and Klimke, M., “Feasibility Study for a Secure and Seamless Integration of over the Air Software Update Capability in an Advanced Board Net Architecture,” SAE Technical Paper 2016-01-0056, 2016, doi:10.4271/2016-01-0056.
- EU-Funded Project (2008-2011) on Secure Automotive Onboard Networks, www.evita-project.org, accessed Jan. 2018.
- Weyl, B., Wolf, M., Zweers, F., Gendrullis, T. et al., “Secure On-Board Architecture Specification,” EVITA Deliverable D3(2), Aug. 2011.
- Common Criteria Main Page, https://www.commoncriteriaportal.org/, accessed Jan. 2018.
- Lomne, V., “Common Criteria Certifications of a Smartcard: A Technical Overview,” in CHES 2016, Santa Barbara, CA, 2016.