Secure and authentic communication on existing in-vehicle networks

Because of the increasing number of electronic components, the automotive manufacturers introduced data bus systems to decrease the number of discrete lines. Inside modern vehicles there are several bus systems that are used for communication to provide many safety-relevant functions with direct impact to the vehicle's behaviour. Due to missing security services, these in-car networks are unprotected against malicious attacks. Exemplarily focussing CAN, this article explains that the missing of authenticity and confidentiality are the most important issues concerning security risks for in-car communication. A flexible and adaptive solution using trusted communication groups is presented that enables confidential communication between components of a vehicle and guarantees that only authentic controllers - holding a certificate signed by the manufacturer - are able to be part of these closed communication groups.