Designing Security for In-vehicle Networks: A Body Control Module (BCM) Centered Viewpoint

The overabundance of attacks reported on in-vehicle networks triggered reactions from both the academic research communities and industry professionals. However, designing security for in-vehicle networks is a challenging task and it is yet unclear to what extent current proposals are suitable for real world vehicles. In this work, we advocate the use of a top-down approach in which we analyze the functionalities along with reported attacks. Due to the abundance of in-vehicle services and the associated large number of Electronic Control Units (ECUs), we center our analysis on a key subsystem from the car: the Body Control Module (BCM). The rationale behind choosing this particular module comes from at least three key factors: i) a large number of components that aredirectly linked to the BCM were target of previously reported attacks (e.g., keys and electronic immobilizes, tire sensors, diagnostic ports, etc.), ii) by design, body components are generally exposed to the outside and it is reasonable to assumethat adversaries will frequently have access to peripherals controlled by the BCM, iii) the BCM controls subsystems thatare both attractive from an economic perspective (e.g., accessto the car), or from a safety perspective (e.g., seat-belts, lights, etc.). Our discussion is entailed by a concrete analysis of therisks of reported attacks and preferable security designs.

[1]  Jana Dittmann,et al.  Security threats to automotive CAN networks - Practical examples and selected short-term countermeasures , 2008, Reliab. Eng. Syst. Saf..

[2]  Flavio D. Garcia,et al.  Gone in 360 Seconds: Hijacking with Hitag2 , 2012, USENIX Security Symposium.

[3]  Ludovic Apvrille,et al.  Security requirements for automotive on-board networks , 2009, 2009 9th International Conference on Intelligent Transport Systems Telecommunications, (ITST).

[4]  Miao Xu,et al.  Lightweight secure communication protocols for in-vehicle sensor networks , 2013, CyCAR '13.

[5]  Jack Erjavec Automotive Technology: A Systems Approach , 1992 .

[6]  Stuart McClure Caution: malware ahead , 2013 .

[7]  Christof Paar,et al.  KeeLoq and Side-Channel Analysis-Evolution of an Attack , 2009, 2009 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC).

[8]  Marcin Wójcik,et al.  Security Analysis of an Open Car Immobilizer Protocol Stack , 2012, INTRUST.

[9]  Eli Biham,et al.  A Practical Attack on KeeLoq , 2008, Journal of Cryptology.

[10]  Matti Valovirta,et al.  Experimental Security Analysis of a Modern Automobile , 2011 .

[11]  Bharat K. Bhargava,et al.  Incorporating attacker capabilities in risk estimation and mitigation , 2015, Comput. Secur..

[12]  Patrick E. Lanigan,et al.  Diagnosis in Automotive Systems : A Survey , 2011 .

[13]  Paulo Tabuada,et al.  Non-invasive Spoofing Attacks for Anti-lock Braking Systems , 2013, CHES.

[14]  Hovav Shacham,et al.  Comprehensive Experimental Analyses of Automotive Attack Surfaces , 2011, USENIX Security Symposium.

[15]  Jos Wetzels Broken keys to the kingdom: Security and privacy aspects of RFID-based car keys , 2014, ArXiv.

[16]  Wenyuan Xu,et al.  Security and Privacy Vulnerabilities of In-Car Wireless Networks: A Tire Pressure Monitoring System Case Study , 2010, USENIX Security Symposium.

[17]  Srdjan Capkun,et al.  Relay Attacks on Passive Keyless Entry and Start Systems in Modern Cars , 2010, NDSS.

[18]  P. Cochat,et al.  Et al , 2008, Archives de pediatrie : organe officiel de la Societe francaise de pediatrie.

[19]  Konrad Reif Automotive mechatronics : automotive networking, driving stability systems, electronics , 2015 .

[20]  Tom Denton,et al.  Automobile Electrical And Electronic Systems , 1995 .

[21]  David Hynd,et al.  Study on the benefits resulting from the installation of Event Data Recorders , 2014 .