Security aspects of the in-vehicle network in the connected car

In this paper, we briefly survey the research with respect to the security of the connected car, and in particular its in-vehicle network. The aim is to highlight the current state of the research; which are the problems found, and what solutions have been suggested. We have structured our investigation by categorizing the research into the following five categories: problems in the in-vehicle network, architectural security features, intrusion detection systems, honeypots, and threats and attacks. We conclude that even though quite some effort has already been expended in the area, most of it has been directed towards problem definition and not so much towards security solutions. We also highlight a few areas that we believe are of immediate concern.

[1]  Erland Jonsson,et al.  Efficient In-Vehicle Delayed Data Authentication Based on Compound Message Authentication Codes , 2008, 2008 IEEE 68th Vehicular Technology Conference.

[2]  Erland Jonsson,et al.  A First Simulation of Attacks in the Automotive Network Communications Protocol FlexRay , 2008, CISIS.

[3]  Jana Dittmann,et al.  Adaptive Dynamic Reaction to Automotive IT Security Incidents Using Multimedia Car Environment , 2008, 2008 The Fourth International Conference on Information Assurance and Security.

[4]  Srivaths Ravi,et al.  Security as a new dimension in embedded system design , 2004, Proceedings. 41st Design Automation Conference, 2004..

[5]  R.R. Brooks,et al.  Automobile security concerns , 2009, IEEE Vehicular Technology Magazine.

[6]  Jana Dittmann,et al.  Security threats to automotive CAN networks - Practical examples and selected short-term countermeasures , 2008, Reliab. Eng. Syst. Saf..

[7]  Philip Koopman,et al.  Flexible multicast authentication for time-triggered embedded control network applications , 2009, 2009 IEEE/IFIP International Conference on Dependable Systems & Networks.

[8]  Tobias Hoppe,et al.  Automotive IT-Security as a Challenge: Basic Attacks from the Black Box Perspective on the Example of Privacy Threats , 2009, SAFECOMP.

[9]  Gunter Saake,et al.  On the Need of Data Management in Automotive Systems , 2009, BTW.

[10]  Philip Koopman,et al.  A Flexible Approach to Embedded Network Multicast Authentication , 2008 .

[11]  D.K. Nilsson,et al.  An approach to specification-based attack detection for in-vehicle networks , 2008, 2008 IEEE Intelligent Vehicles Symposium.

[12]  Erland Jonsson,et al.  Creating a Secure Infrastructure for Wireless Diagnostics and Software Updates in Vehicles , 2008, SAFECOMP.

[13]  André Weimerskirch,et al.  State of the Art: Embedding Security in Vehicles , 2007, EURASIP J. Embed. Syst..

[14]  Radovan Miucic,et al.  Firmware Update Over The Air (FOTA) for Automotive Industry , 2007 .

[15]  Francisco Rodríguez-Henríquez,et al.  Achieving confidentiality security service for CAN , 2005, 15th International Conference on Electronics, Communications and Computers (CONIELECOMP'05).

[16]  Hideki Imai,et al.  New Attestation Based Security Architecture for In-Vehicle Communication , 2008, IEEE GLOBECOM 2008 - 2008 IEEE Global Telecommunications Conference.

[17]  Christoph Ruland,et al.  Secure and authentic communication on existing in-vehicle networks , 2009, 2009 IEEE Intelligent Vehicles Symposium.

[18]  Syed Masud Mahmud,et al.  Security Needs for the Future Intelligent Vehicles , 2006 .

[19]  Ulf E. Larson,et al.  Simulated attacks on CAN buses: vehicle virus , 2008 .

[20]  Erland Jonsson,et al.  An Approach to using Honeypots in In-Vehicle Networks , 2008, 2008 IEEE 68th Vehicular Technology Conference.

[21]  Hideki Imai,et al.  Formally verifiable features in embedded vehicular security systems , 2009, 2009 IEEE Vehicular Networking Conference (VNC).

[22]  Christof Paar,et al.  Security in Automotive Bus Systems , 2004 .

[23]  Laci J. Jalics,et al.  Overview of Remote Diagnosis and Maintenance for Automotive Systems , 2005 .

[24]  Matti Valovirta,et al.  Experimental Security Analysis of a Modern Automobile , 2011 .

[25]  Ulf E. Larson,et al.  Securing vehicles against cyber attacks , 2008, CSIIRW '08.

[26]  Jana Dittmann,et al.  Future Perspectives: The Car and Its IP-Address - A Potential Safety and Security Risk Assessment , 2007, SAFECOMP.

[27]  Harold Joseph Highland,et al.  AIN'T misbehaving—A taxonomy of anti-intrusion techniques , 1995 .

[28]  Dennis K. Nilsson,et al.  A Defense-in-Depth Approach to Securing the Wireless Vehicle Infrastructure , 2009, J. Networks.

[29]  Thomas A. Longstaff,et al.  A common language for computer security incidents , 1998 .