TSP Security in Intelligent and Connected Vehicles: Challenges and Solutions

The rapid development of IoT, cloud computing, Artificial Intelligence (AI), big data, and 5G technologies has promoted the transformation of traditional vehicles toward ICVs. Compared to traditional vehicles, ICVs face many security threats introduced by network technologies and intelligent devices, especially in the field of remote wireless communications using Telematics Service Provider (TSP). As the core communication system in ICVs, TSP integrates diverse communication systems, and thus inherits the original vulnerabilities of these systems inevitably. TSP provides various methods for the ICVs to access the Internet, which makes them vulnerable to remote attacks. However, existing auto manufacturers mostly focused on the user experiences of the ICVs, and paid little attention to these potential security risks raised by TSP. Toward this end, in this article we analyze and summarize the TSP security threats in ICVs, and present some attack methodologies. After that, we discuss a practical attack case against an ICV by leveraging the vulnerabilities of TSP, and some countermeasures are proposed to enhance ICV security against TSP attacks.

[1]  Mario Gerla,et al.  Congestion Attacks to Autonomous Cars Using Vehicular Botnets , 2015 .

[2]  Carsten Willems,et al.  Practical Timing Side Channel Attacks against Kernel Space ASLR , 2013, 2013 IEEE Symposium on Security and Privacy.

[3]  Srikanth V. Krishnamurthy,et al.  Malicious co-residency on the cloud: Attacks and defense , 2017, IEEE INFOCOM 2017 - IEEE Conference on Computer Communications.

[4]  Vitaly Shmatikov,et al.  The most dangerous code in the world: validating SSL certificates in non-browser software , 2012, CCS.

[5]  Stefan Savage,et al.  Fast and Vulnerable: A Story of Telematic Failures , 2015, WOOT.

[6]  Hovav Shacham,et al.  Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds , 2009, CCS.

[7]  Michael M. Swift,et al.  A Placement Vulnerability Study in Multi-Tenant Public Clouds , 2015, USENIX Security Symposium.

[8]  Gongjun Yan,et al.  Security challenges in vehicular cloud computing , 2013, IEEE Transactions on Intelligent Transportation Systems.

[9]  Manoj Singh Gaur,et al.  DDoS attacks in cloud computing: Issues, taxonomy, and future directions , 2015, Comput. Commun..

[10]  Mehmet Kayaalp,et al.  A high-resolution side-channel attack on last-level cache , 2016, 2016 53nd ACM/EDAC/IEEE Design Automation Conference (DAC).

[11]  Hovav Shacham,et al.  Comprehensive Experimental Analyses of Automotive Attack Surfaces , 2011, USENIX Security Symposium.

[12]  Sachin Shetty,et al.  Man in the Cloud (MITC) Defender: SGX-Based User Credential Protection for Synchronization Applications in Cloud Computing Platform , 2017, 2017 IEEE 10th International Conference on Cloud Computing (CLOUD).

[13]  Jörg Schwenk,et al.  All your clouds are belong to us: security analysis of cloud management interfaces , 2011, CCSW '11.

[14]  Manoj Singh Gaur,et al.  DDoS attacks in cloud computing: Issues, taxonomy, and future directions , 2017, Comput. Commun..