Towards a Security Architecture for Protecting Connected Vehicles from Malware

Vehicles are becoming increasingly connected to the outside world. We can connect our devices to the vehicle's infotainment system and internet is being added as a functionality. Therefore, security is a major concern as the attack surface has become much larger than before. Consequently, attackers are creating malware that can infect vehicles and perform life-threatening activities. For example, a malware can compromise vehicle ECUs and cause unexpected consequences. Hence, ensuring the security of connected vehicle software and networks is extremely important to gain consumer confidence and foster the growth of this emerging market. In this paper, we propose a characterization of vehicle malware and a security architecture to protect vehicle from these malware. The architecture uses multiple computational platforms and makes use of the virtualization technique to limit the attack surface. There is a real-time operating system to control critical vehicle functionalities and multiple other operating systems for non-critical functionalities (infotainment, telematics, etc.). The security architecture also describes groups of components for the operating systems to prevent malicious activities and perform policing (monitor, detect, and control). We believe this work will help automakers guard their systems against malware and provide a clear guideline for future research.

[1]  Xuemin Shen,et al.  Connected Vehicles: Solutions and Challenges , 2014, IEEE Internet of Things Journal.

[2]  D.K. Nilsson,et al.  An approach to specification-based attack detection for in-vehicle networks , 2008, 2008 IEEE Intelligent Vehicles Symposium.

[3]  Huy Kang Kim,et al.  Intrusion detection system based on the analysis of time intervals of CAN messages for in-vehicle network , 2016, 2016 International Conference on Information Networking (ICOIN).

[4]  Tao Zhang,et al.  Defending Connected Vehicles Against Malware: Challenges and a Solution Framework , 2014, IEEE Internet of Things Journal.

[5]  Tomas Olovsson,et al.  Security aspects of the in-vehicle network in the connected car , 2011, 2011 IEEE Intelligent Vehicles Symposium (IV).

[6]  Péter Gáspár,et al.  Security issues and vulnerabilities in connected car systems , 2015, 2015 International Conference on Models and Technologies for Intelligent Transportation Systems (MT-ITS).

[7]  Hovav Shacham,et al.  Comprehensive Experimental Analyses of Automotive Attack Surfaces , 2011, USENIX Security Symposium.

[8]  Qiyan Wang,et al.  VeCure: A practical security framework to protect the CAN bus of vehicles , 2014, 2014 International Conference on the Internet of Things (IOT).

[9]  Qiang Ni,et al.  Driving with Sharks: Rethinking Connected Vehicles with Vehicle Cybersecurity , 2017, IEEE Vehicular Technology Magazine.

[10]  Y. Roudier,et al.  Security and privacy for in-vehicle networks , 2012, 2012 IEEE 1st International Workshop on Vehicular Communications, Sensing, and Computing (VCSC).

[11]  Je-Won Kang,et al.  Intrusion Detection System Using Deep Neural Network for In-Vehicle Network Security , 2016, PloS one.

[12]  Jana Dittmann,et al.  Security threats to automotive CAN networks - Practical examples and selected short-term countermeasures , 2008, Reliab. Eng. Syst. Saf..

[13]  Elyes Ben Hamida,et al.  Towards extended safety in connected vehicles , 2013, 16th International IEEE Conference on Intelligent Transportation Systems (ITSC 2013).

[14]  Aaron Hunter,et al.  A Security Analysis of an In-Vehicle Infotainment and App Platform , 2016, WOOT.

[15]  Sherif Abdelwahed,et al.  Active Malware Countermeasure Approach for Mission Critical Systems , 2017, 2017 IEEE 15th Intl Conf on Dependable, Autonomic and Secure Computing, 15th Intl Conf on Pervasive Intelligence and Computing, 3rd Intl Conf on Big Data Intelligence and Computing and Cyber Science and Technology Congress(DASC/PiCom/DataCom/CyberSciTech).

[16]  Christof Paar,et al.  Security in Automotive Bus Systems , 2004 .