In modern cars, innovations are mainly driven by electronics and software. As a result, top-of-the-range vehicles incorporate up to 100 Electronic Control Units (ECUs) and multiple heterogeneous buses connected via gateways.
Various wireless communication protocols, like keyless entry systems or WiFi, connect the car with its surroundings while functionality in upcoming cars will be even more based on software with strong wireless connectivity.
Similar to the first computers connecting to the Internet, current automotive architectures have not been designed with respect to security, making them highly vulnerable to attacks infiltrating the system. Recently, a security analysis of a series-production vehicle revealed that an attacker might tamper with the brakes during driving after gaining access to the in-vehicle network via Bluetooth for 3G.
Furthermore, thieves have been exploiting security breaches in the keyless entry system and it was also possible to generate spare keys using the on-board diagnosis system to steal a car. While the lack of security measures in modern vehicles so far has not been exploited to harm passengers, it already causes some, mostly financial, damages to different parties, (e.g., through spurious warranty claims after illegal chip tuning or mileage manipulations. )
However, without a significant change of the design paradigm of automotive systems to increase the vehicle security, cyber-terrorism attacks addressing vehicles are only a question of time and inadequate security will become a severe safety issue.
Despite this increasing vulnerability, the design of automotive architectures is still mainly driven by safety and cost issues rather than security. In this paper, we present potential threats and vulnerabilities, and outline upcoming security challenges in automotive architectures.
In particular, in this paper we discuss the challenges arising in electric vehicles, like the vulnerability to attacks tampering with the battery management. Finally, we discuss future in-vehicle architectures based on Ethernet/IP and how formal verification methods might be used to increase the security of automotive architectures.
Embedding security into a modern car is a challenging task as the security of a vehicle needs to be ensured over the whole life-span of a car with 15 years and more. While wireless communication protocols are already connecting the car with its surroundings, upcoming technologies like C2X or the app store rise security questions which have not been satisfactorily answered.
In addition, electric vehicles introduce further security questions which might not be answered by a holistic security approach, but rather require an independent solution. The Ethernet/IP based on-board network under development by the automotive industry in combination with amiddle ware and message filltering might form the basis for a secure in-vehicle network. However, various security issues are not resolved yet and require additional solutions.
A modern car consist of various components fromdifferent suppliers which are integrated into one system. Integrating all these components into a secure architecture is almost impossible, as generally little is known about thesupplier hardware. However, for a secure architecture, a holistic design approach is necessary which takes the correlation of different components into account.
A model drivendesign approach in combination with formal verification would allow to verify the security of an automotive architecture already during the design process and avoid securityflaws from an early design stage on.
****Other authors who contributed to this paper are Marko Wolf, escrypt-Embedded Security GmbH, Alexandre Bouard, BMW Group, Germany; William R. Harris and SomeshJha, University of Wisconsin; Thomas Peyrin and Axel Poschmann, Nanyang Technological University, Singapore, and Samarjit Chakraborty, TU Munich
To read this external content in full, download the complete paper from the author articles on line at DATE.