An Experimental Model for In-vehicle Networks and Subsystems

We pursue an experimental setup that gathers various in-vehicle networks and subsystems that are critical from a security perspective. As cyber-attacks to cars have become a reality, the model comes handy for both research and engineering education. The usefulness of this empirical model stems from both being helpful in creating a realistic view on the security of automotive systems and for creating security awareness. We do congregate in our setup various communication buses, e.g., CAN, LIN and FlexRay, and bring connectivity between several low and high-end automotive-grade development boards that are linked to off-the-shelf invehicle components, e.g., an instrument cluster and an infotainment unit, etc. The setup serves as a concise and practical representation of in-vehicle subsystems, network topologies and highlights security implications.

[1]  Hovav Shacham,et al.  Comprehensive Experimental Analyses of Automotive Attack Surfaces , 2011, USENIX Security Symposium.

[2]  Bogdan Groza,et al.  Efficient Protocols for Secure Broadcast in Controller Area Networks , 2013, IEEE Transactions on Industrial Informatics.

[3]  Ingrid Verbauwhede,et al.  LiBrA-CAN: A Lightweight Broadcast Authentication Protocol for Controller Area Networks , 2012, CANS.

[4]  Alexandra Dmitrienko,et al.  Smart keys for cyber-cars: secure smartphone-based NFC-enabled car immobilizer , 2013, CODASPY.

[5]  Matti Valovirta,et al.  Experimental Security Analysis of a Modern Automobile , 2011 .

[6]  Wenhua Dou,et al.  SAFE: Security-Aware FlexRay Scheduling Engine , 2014, 2014 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[7]  Ahmad-Reza Sadeghi,et al.  Anti-theft Protection: Electronic Immobilizers , 2006 .

[8]  Jason Staggs How to Hack Your Mini Cooper: Reverse Engineering CAN Messages on Passenger Automobiles , 2013 .

[9]  Alberto L. Sangiovanni-Vincentelli,et al.  Security-Aware Modeling and Efficient Mapping for CAN-Based Real-Time Distributed Automotive Systems , 2015, IEEE Embedded Systems Letters.

[10]  Flavio D. Garcia,et al.  Gone in 360 Seconds: Hijacking with Hitag2 , 2012, USENIX Security Symposium.

[11]  Alberto L. Sangiovanni-Vincentelli,et al.  Security-aware mapping for CAN-based real-time distributed automotive systems , 2013, 2013 IEEE/ACM International Conference on Computer-Aided Design (ICCAD).

[12]  Hiroaki Takada,et al.  CaCAN: Centralized Authentication System in CAN (Controller Area Network) , 2016 .

[13]  Wenyuan Xu,et al.  Security and Privacy Vulnerabilities of In-Car Wireless Networks: A Tire Pressure Monitoring System Case Study , 2010, USENIX Security Symposium.

[14]  Charles Miller,et al.  The Mac Hacker's Handbook , 2011 .

[15]  Bogdan Groza,et al.  LiMon - Lightweight Authentication for Tire Pressure Monitoring Sensors , 2015, CyberICS/WOS-CPS@ESORICS.

[16]  Miao Xu,et al.  Lightweight secure communication protocols for in-vehicle sensor networks , 2013, CyCAR '13.

[17]  Zonghua Gu,et al.  Security-Aware Mapping and Scheduling with Hardware Co-Processors for FlexRay-Based Distributed Embedded Systems , 2016, IEEE Transactions on Parallel and Distributed Systems.