Security and privacy for in-vehicle networks

Mobile devices such as smartphones have gained more and more attention from security researchers and malware authors, the latter frequently attacking those platforms and stealing personal information. Vehicle on-board networks, in particular infotainment systems, are increasingly connected with such mobile devices and the internet and will soon make it possible to load and install third party applications. This makes them susceptible to new attacks similar to those which plague mobile phones and personal computers. The breach of privacy is equally sensitive in the vehicular domain. Even worse, broken security is a serious threat to car safety. In this paper, we show how traditional automotive communication systems can be instrumented with taint tracking tools in a security framework that allows to dynamically monitor data flows within and between control units to achieve elevated security and privacy.

[1]  Winnie Wing-Yee Cheng Information flow for secure distributed applications , 2009 .

[2]  Ludovic Apvrille,et al.  Car2X Communication: Securing the Last Meter - A Cost-Effective Approach for Ensuring Trust in Car2X Applications Using In-Vehicle Symmetric Cryptography , 2011, 2011 IEEE Vehicular Technology Conference (VTC Fall).

[3]  Hovav Shacham,et al.  Comprehensive Experimental Analyses of Automotive Attack Surfaces , 2011, USENIX Security Symposium.

[4]  James Newsome,et al.  Dynamic Taint Analysis for Automatic Detection, Analysis, and SignatureGeneration of Exploits on Commodity Software , 2005, NDSS.

[5]  Angelos D. Keromytis,et al.  libdft: practical dynamic data flow tracking for commodity systems , 2012, VEE '12.

[6]  Matthew Caesar,et al.  Towards Practical Avoidance of Information Leakage in Enterprise Networks , 2011, HotSec.

[7]  A. One,et al.  Smashing The Stack For Fun And Profit , 1996 .

[8]  Panagiotis Papadimitratos,et al.  Secure vehicular communication systems: design and architecture , 2008, IEEE Communications Magazine.

[9]  Byung-Gon Chun,et al.  TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones , 2010, OSDI.

[10]  Matti Valovirta,et al.  Experimental Security Analysis of a Modern Automobile , 2011 .

[11]  Hovav Shacham,et al.  On the effectiveness of address-space randomization , 2004, CCS '04.

[12]  Alessandro Orso,et al.  Dytan: a generic dynamic taint analysis framework , 2007, ISSTA '07.

[13]  Heng Yin,et al.  Panorama: capturing system-wide information flow for malware detection and analysis , 2007, CCS '07.

[14]  Leyla Bilge,et al.  G-Free: defeating return-oriented programming through gadget-less binaries , 2010, ACSAC '10.

[15]  Dawn Xiaodong Song,et al.  TaintEraser: protecting sensitive data leaks using application-level taint tracking , 2011, OPSR.

[16]  Angelos D. Keromytis,et al.  Taint-Exchange: A Generic System for Cross-Process and Cross-Host Taint Tracking , 2011, IWSEC.

[17]  Wenyuan Xu,et al.  Security and Privacy Vulnerabilities of In-Car Wireless Networks: A Tire Pressure Monitoring System Case Study , 2010, USENIX Security Symposium.

[18]  Harish Patil,et al.  Pin: building customized program analysis tools with dynamic instrumentation , 2005, PLDI '05.