4 research outputs found

    Sécurité et protection de la vie privée dans les systÚmes embarqués automobiles

    Get PDF
    Electronic equipment has become an integral part of a vehicle's network architecture, which consists of multiple buses and microcontrollers called Electronic Control Units (ECUs). These ECUs recently also connect to the outside world. Navigation and entertainment system, consumer devices, and Car2X functions are examples for this. Recent security analyses have shown severe vulnerabilities of exposed ECUs and protocols, which may make it possible for attackers to gain control over a vehicle. Given that car safety-critical systems can no longer be fully isolated from such third party devices and infotainment services, we propose a new approach to securing vehicular on-board systems that combines mechanisms at different layers of the communication stack and of the execution platforms. We describe our secure communication protocols, which are designed to provide strong cryptographic assurances together with an efficient implementation fitting the prevalent vehicular communication paradigms. They rely on hardware security modules providing secure storage and acting as root of trust. A distributed data flow tracking based approach is employed for checking code execution against a security policy describing authorized communication patterns. Binary instrumentation is used to track data flows throughout execution (taint engine) and also between control units (middleware), thus making it applicable to industrial applications. We evaluate the feasibility of our mechanisms to secure communication on the CAN bus, which is ubiquitously implemented in cars today. A proof of concept demonstrator also shows the feasibility of integrating security features into real vehicles.L'Ă©quipement Ă©lectronique de bord est maintenant devenue partie intĂ©grante de l'architecture rĂ©seau des vĂ©hicules. Elle s’appuie sur l'interconnexion de microcontroleurs appelĂ©s ECUs par des bus divers. On commence maintenant Ă  connecter ces ECUs au monde extĂ©rieur, comme le montrent les systĂšmes de navigation, de divertissement, ou de communication mobile embarquĂ©s, et les fonctionnalitĂ©s Car2X. Des analyses rĂ©centes ont montrĂ© de graves vulnĂ©rabilitĂ©s des ECUs et protocoles employĂ©s qui permettent Ă  un attaquant de prendre le contrĂŽle du vĂ©hicule. Comme les systĂšmes critiques du vĂ©hicule ne peuvent plus ĂȘtre complĂštement isolĂ©s, nous proposons une nouvelle approche pour sĂ©curiser l'informatique embarquĂ©e combinant des mĂ©canismes Ă  diffĂ©rents niveaux de la pile protocolaire comme des environnements d'exĂ©cution. Nous dĂ©crivons nos protocoles sĂ©curisĂ©s qui s'appuient sur une cryptographie efficace et intĂ©grĂ©e au paradigme de communication dominant dans l'automobile et sur des modules de sĂ©curitĂ© matĂ©riels fournissant un stockage sĂ©curisĂ© et un noyau de confiance. Nous dĂ©crivons aussi comment surveiller les flux d'information distribuĂ©s dans le vĂ©hicule pour assurer une exĂ©cution conforme Ă  la politique de sĂ©curitĂ© des communications. L'instrumentation binaire du code, nĂ©cessaire pour l’industrialisation, est utilisĂ©e pour rĂ©aliser cette surveillance durant l’exĂ©cution (par data tainting) et entre ECUs (dans l’intergiciel). Nous Ă©valuons la faisabilitĂ© de nos mĂ©canismes pour sĂ©curiser la communication sur le bus CAN aujourd'hui omniprĂ©sent dans les vĂ©hicules. Une preuve de concept montre aussi la faisabilitĂ© d'intĂ©grer des mĂ©canismes de sĂ©curitĂ© dans des vĂ©hicules rĂ©els

    GSI Scientific Report 2008 [GSI Report 2009-1]

    Get PDF

    Proceedings of the 19th Sound and Music Computing Conference

    Get PDF
    Proceedings of the 19th Sound and Music Computing Conference - June 5-12, 2022 - Saint-Étienne (France). https://smc22.grame.f
    corecore