论文信息 - Car-to-Smartphone Interactions: Experimental Setup, Risk Analysis and Security Technologies

Car-to-Smartphone Interactions: Experimental Setup, Risk Analysis and Security Technologies

Vehicle access control and in particular access to in-vehicle functionalities from smart mobile devices, e.g., phones or watches, has become an increasingly relevant topic. Security plays a critical part, due to both a long history of car keys that succumbed to attacks and recently reported intrusions that use various vehicle communication interfaces to further gain access to in-vehicle safety-critical components. In this work we discuss existing technologies and functionalities that should be embedded in an experimental setup that addresses such a scenario. We make emphasis on existing cryptographic technologies, from symmetric to asymmetric primitives, identity-based cryptography and group signatures. We also discuss risks associated with in-vehicle functionalities and mitigation, e.g., intrusion detection systems.

Bogdan Groza | Pal-Stefan Murvay | Lucian Popa | Horatiu Gurban | Adriana Berdich

[1] Bruno Blanchet,et al. An efficient cryptographic protocol verifier based on prolog rules , 2001, Proceedings. 14th IEEE Computer Security Foundations Workshop, 2001..

[2] Hovav Shacham,et al. Comprehensive Experimental Analyses of Automotive Attack Surfaces , 2011, USENIX Security Symposium.

[3] Alexandra Dmitrienko,et al. Smart keys for cyber-cars: secure smartphone-based NFC-enabled car immobilizer , 2013, CODASPY.

[4] Bart Preneel,et al. SePCAR: A Secure and Privacy-Enhancing Protocol for Car Access Provision , 2017, ESORICS.

[5] Bogdan Groza,et al. An Experimental Model for In-vehicle Networks and Subsystems , 2017, VEHITS.

[6] Sebastian Mödersheim,et al. The AVISPA Tool for the Automated Validation of Internet Security Protocols and Applications , 2005, CAV.

[7] Bogdan Groza,et al. Risk Assessment and Security Countermeasures for Vehicular Instrument Clusters , 2018, 2018 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops (DSN-W).

[8] Flavio D. Garcia,et al. Gone in 360 Seconds: Hijacking with Hitag2 , 2012, USENIX Security Symposium.

[9] Roberto Di Pietro,et al. Key is in the Air: Hacking Remote Keyless Entry Systems , 2018, ISSA/CSITS@ESORICS.

[10] Bharat K. Bhargava,et al. Incorporating attacker capabilities in risk estimation and mitigation , 2015, Comput. Secur..