Security threats to automotive CAN networks - Practical examples and selected short-term countermeasures

The IT security of automotive systems is an evolving area of research. To analyse the current situation we performed several practical tests on recent automotive technology, focusing on automotive systems based on CAN bus technology. With respect to the results of these tests, in this paper we discuss selected countermeasures to address the basic weaknesses exploited in our tests and also give a short outlook to requirements, potential and restrictions of future, holistic approaches.

[1]  H. Zimmermann,et al.  OSI Reference Model - The ISO Model of Architecture for Open Systems Interconnection , 1980, IEEE Transactions on Communications.

[2]  Thomas A. Longstaff,et al.  A common language for computer security incidents , 1998 .

[3]  Eoghan Casey,et al.  Digital Evidence and Computer Crime , 2000 .

[4]  André Weimerskirch,et al.  State of the Art: Embedding Security in Vehicles , 2007, EURASIP J. Embed. Syst..

[5]  Johnny S. Wong,et al.  A taxonomy of intrusion response systems , 2007, Int. J. Inf. Comput. Secur..

[6]  Jana Dittmann,et al.  Future Perspectives: The Car and Its IP-Address - A Potential Safety and Security Risk Assessment , 2007, SAFECOMP.

[7]  Tobias Hoppe,et al.  Exemplary Automotive Attack Scenarios : Trojan Horses for Electronic Throttle Control System ( ETC ) and Replay Attacks on the Power Window System , 2007 .

[8]  A. Saltelli,et al.  Reliability Engineering and System Safety , 2008 .

[9]  Jana Dittmann,et al.  Vortäuschen von Komponentenfunktionalität im Automobil: Safety- und Komfort-Implikationen durch Security-Verletzungen am Beispiel des Airbags , 2008, Sicherheit.

[10]  Marko Wolf Security engineering for vehicular IT systems : improving the trustworthiness and dependability of automotive IT applications , 2009 .

[11]  Jana Dittmann,et al.  A new forensic model and its application to the collection, extraction and long term storage of screen content off a memory dump , 2009, 2009 16th International Conference on Digital Signal Processing.

[12]  Tobias Hoppe,et al.  Automotive IT-Security as a Challenge: Basic Attacks from the Black Box Perspective on the Example of Privacy Threats , 2009, SAFECOMP.