External Monitoring Changes in Vehicle Hardware Profiles: Enhancing Automotive Cyber-Security

As the vehicles are gradually transformed into the connected-vehicles, standard features of the past (i.e., immobilizer, keyless entry, self-diagnostics) were neglected to be software updated and hardware upgraded so they do not “align” with the cyber-security demands of the new ICT era (IoT, Industry 4.0, IPv6, sensor technology) we have stepped into, therefore introducing critical legacy IT security issues. Stepping beyond the era of common auto-theft and “chop-shops,” the new wave of attackers have cyber-skills to exploit these vulnerabilities and steal the vehicle or manipulate it. Recent evolution in ICT offered automotive industry vital tools for vehicle safety, functionality and up to 2010, theft prevention. However, the same technologies are the ones that make vehicles prone to cyber-attacks. To counter such attacks, this work proposes a unified solution that logs all hardware profile changes of a vehicle in a blockchain, to manage control and allow only authenticated changes, subject to user, time, geospatial, and contextual constraints exploiting several blockchain features. Testing of the proposed solution omens the prevention of numerous commons attacks, while additionally providing forensics capabilities and significantly enhancing the security architecture of the vehicle (respecting the original IT architectural design of automotive manufacturers).

[1]  Erland Jonsson,et al.  Efficient In-Vehicle Delayed Data Authentication Based on Compound Message Authentication Codes , 2008, 2008 IEEE 68th Vehicular Technology Conference.

[2]  Kefa Rabah,et al.  Convergence of AI, IoT, Big Data and Blockchain: A Review , 2018 .

[3]  Eli Biham,et al.  A Practical Attack on KeeLoq , 2008, EUROCRYPT.

[4]  Bo Cui,et al.  A security architecture of VANET based on blockchain and mobile edge computing , 2018, 2018 1st IEEE International Conference on Hot Information-Centric Networking (HotICN).

[5]  Agusti Solanas,et al.  Privacy-aware event data recorders: cryptography meets the automotive industry again , 2013, IEEE Communications Magazine.

[6]  Kemal Akkaya,et al.  Block4Forensic: An Integrated Lightweight Blockchain Framework for Forensics Applications of Connected Vehicles , 2018, IEEE Communications Magazine.

[7]  Stefan Savage,et al.  Fast and Vulnerable: A Story of Telematic Failures , 2015, WOOT.

[8]  Zhili Sun,et al.  Blockchain-Based Dynamic Key Management for Heterogeneous Intelligent Transportation Systems , 2017, IEEE Internet of Things Journal.

[9]  Keith Mayes,et al.  Log Your Car: Reliable Maintenance Services Record , 2016, Inscrypt.

[10]  Shwetak N. Patel,et al.  Experimental Security Analysis of a Modern Automobile , 2010, 2010 IEEE Symposium on Security and Privacy.

[11]  Xiangliang Zhang,et al.  CreditCoin: A Privacy-Preserving Blockchain-Based Incentive Announcement Network for Communications of Smart Vehicles , 2018, IEEE Transactions on Intelligent Transportation Systems.

[12]  Christoph Schroth,et al.  Automotive Internetworking: Kosch/Automotive Internetworking , 2012 .

[13]  Hirofumi Onishi A Survey: Engineering Challenges to Implement VANET Security , 2018, 2018 IEEE International Conference on Vehicular Electronics and Safety (ICVES).

[14]  Christof Paar,et al.  Physical Cryptanalysis of KeeLoq Code Hopping Applications , 2008, IACR Cryptol. ePrint Arch..

[15]  Flavio D. Garcia,et al.  Dismantling iClass and iClass Elite , 2012, ESORICS.

[16]  Wenyuan Xu,et al.  Security and Privacy Vulnerabilities of In-Car Wireless Networks: A Tire Pressure Monitoring System Case Study , 2010, USENIX Security Symposium.

[17]  Hovav Shacham,et al.  Comprehensive Experimental Analyses of Automotive Attack Surfaces , 2011, USENIX Security Symposium.

[18]  Christof Paar,et al.  Secure In-Vehicle Communication , 2006 .

[19]  Cas J. F. Cremers,et al.  The Scyther Tool: Verification, Falsification, and Analysis of Security Protocols , 2008, CAV.

[20]  Constantinos Patsakis,et al.  Securing In-vehicle Communication and Redefining the Role of Automotive Immobilizer , 2012, SECRYPT.

[21]  Salil S. Kanhere,et al.  BlockChain: A Distributed Solution to Automotive Security and Privacy , 2017, IEEE Communications Magazine.

[22]  Leslie Lamport,et al.  Password authentication with insecure communication , 1981, CACM.

[23]  Ilia Petrov,et al.  Efficient Data and Indexing Structure for Blockchains in Enterprise Systems , 2018, iiWAS.

[24]  Despina Polemi,et al.  Automobile 2.0: Reformulating the Automotive Platform as an IT System , 2016, IT Professional.

[25]  Mauro Conti,et al.  FM 99.9, Radio Virus: Exploiting FM Radio Broadcasts for Malware Deployment , 2013, IEEE Transactions on Information Forensics and Security.

[26]  Tao Zhang,et al.  Defending Connected Vehicles Against Malware: Challenges and a Solution Framework , 2014, IEEE Internet of Things Journal.

[27]  Michael Devetsikiotis,et al.  Blockchains and Smart Contracts for the Internet of Things , 2016, IEEE Access.

[28]  Victor C. M. Leung,et al.  Blockchain-Based Decentralized Trust Management in Vehicular Networks , 2019, IEEE Internet of Things Journal.

[29]  Gang Qu,et al.  A Privacy-Preserving Trust Model Based on Blockchain for VANETs , 2018, IEEE Access.

[30]  Allan W.M. Bonnick 2 – The Computer ECM , 2000 .

[31]  Hideki Imai,et al.  New Attestation Based Security Architecture for In-Vehicle Communication , 2008, IEEE GLOBECOM 2008 - 2008 IEEE Global Telecommunications Conference.

[32]  Eli Biham,et al.  How to Steal Cars - A Practical Attack on KeeLoq R , 2007 .

[33]  Liam Kilmartin,et al.  Intra-Vehicle Networks: A Review , 2015, IEEE Transactions on Intelligent Transportation Systems.

[34]  Francisco Rodríguez-Henríquez,et al.  Achieving confidentiality security service for CAN , 2005, 15th International Conference on Electronics, Communications and Computers (CONIELECOMP'05).

[35]  Flavio D. Garcia,et al.  Dismantling Megamos Crypto: Wirelessly Lockpicking a Vehicle Immobilizer , 2013, USENIX Security Symposium.

[36]  Jose F. Monserrat,et al.  Trusted 5G Vehicular Networks: Blockchains and Content-Centric Networking , 2018, IEEE Vehicular Technology Magazine.

[37]  Robert Charette Every move you make , 2009, IEEE Spectrum.

[38]  Angelos Stavrou,et al.  Advancing open science with version control and blockchains , 2017 .

[39]  Allan W.M. Bonnick,et al.  Automotive Computer Controlled Systems , 2001 .

[40]  Christoph Ruland,et al.  Secure and authentic communication on existing in-vehicle networks , 2009, 2009 IEEE Intelligent Vehicles Symposium.

[41]  Ioannis Anagnostopoulos,et al.  Implementing a Blockchain Infrastructure on Top of Vehicular Ad Hoc Networks , 2018, Data Analytics: Paving the Way to Sustainable Urban Mobility.

[42]  Keith Mayes,et al.  Don't Brick Your Car: Firmware Confidentiality and Rollback for Vehicles , 2015, 2015 10th International Conference on Availability, Reliability and Security.

[43]  Fran Casino,et al.  Blockchain Meets Smart Health: Towards Next Generation Healthcare Services , 2018, 2018 9th International Conference on Information, Intelligence, Systems and Applications (IISA).

[44]  Peng Wang,et al.  Dynamic anonymous identity authentication (DAIA) scheme for VANET , 2018, International Journal of Communication Systems.

[45]  Jiaqi Yan,et al.  Overview of business innovations and research opportunities in blockchain and introduction to the special issue , 2016, Financial Innovation.

[46]  Suchetana Chakraborty,et al.  B2VDM: Blockchain Based Vehicular Data Management , 2018, 2018 International Conference on Advances in Computing, Communications and Informatics (ICACCI).

[47]  Decoster Kevin,et al.  HACIT2: A Privacy Preserving, Region Based and Blockchain Application for Dynamic Navigation and Forensics in VANET , 2018, ADHOCNETS.

[48]  Despina Polemi,et al.  Information Security Compliance over Intelligent Transport Systems: Is IT Possible? , 2015, IEEE Security & Privacy.

[49]  Matthew Green,et al.  Security Analysis of a Cryptographically-Enabled RFID Device , 2005, USENIX Security Symposium.

[50]  Tomas Olovsson,et al.  Securing Vehicle Diagnostics in Repair Shops , 2014, SAFECOMP.

[51]  Gang Qu,et al.  BARS: A Blockchain-Based Anonymous Reputation System for Trust Management in VANETs , 2018, 2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE).

[52]  Paolo Palmieri,et al.  Spatial Bloom Filters: Enabling Privacy in Location-Aware Applications , 2014, Inscrypt.

[53]  Philip Koopman,et al.  Flexible multicast authentication for time-triggered embedded control network applications , 2009, 2009 IEEE/IFIP International Conference on Dependable Systems & Networks.

[54]  Usman Ghani,et al.  A secure message-passing framework for inter-vehicular communication using blockchain , 2019, Int. J. Distributed Sens. Networks.

[55]  Fran Casino,et al.  A systematic literature review of blockchain-based applications: Current status, classification and open issues , 2019, Telematics Informatics.

[56]  Constantinos Patsakis,et al.  Towards a distributed secure in-vehicle communication architecture for modern vehicles , 2014, Comput. Secur..