Automotive Communication Security Methods and Recommendations for Securing In-vehicle and V2X Communications

Today’s vehicles contain approximately more than 100 interconnected computers (ECUs), several of which will be connected to the Internet or external devices and networks around the vehicle. In the near future vehicles will extensively communicate with their environment via Vehicle to Vehicle (V2V) and Vehicle to Infrastructure (V2I), together called V2X communications. Such level of connectivity enables car manufacturers to implement new entertainment systems and to provide safety features to decrease the number of road accidents. Moreover, authorities can deploy the traffic information provided by vehicular communications to improve the traffic management. Despite the great benefits that comes with vehicular communications, there are also risks associated with exposing a safety-critical integrated system to external networks. It has already been proved that vehicles can be remotely hacked and the safety critical functions such as braking system and steering wheel can be compromised to endanger the safety of passengers. This putshigh demands on IT security and car manufacturers to secure vehicular communications. This thesis proposes methods and recommendations for improving the security of internal and external vehicular communications.The main contributions of this thesis are contained in six included papers, and cover the following research areas of automotive security: (i) secure network architecture design, (ii) attack protection, (iii) attack detection, and (iv) V2X security. The first two papers in the collection are on the topic of secure network architecture design and propose an automated approach for grouping in-vehicle ECUs into security domains which facilitate the implementation of security measures in in-vehicle networks. The third paper is on the topic of attack protection and evaluates the applicability of existing Controller Area Network (CAN) bus authentication solutions to a vehicular context. In particular, this paper identifies five critical requirements for an authentication solution to be used in such a context. The fourth paper deals with the issue of attack detection in in-vehicle networks and proposes a specification agnostic method for detecting intrusion in vehicles. The fifth paper identifies weaknesses or deficiencies in the design of the ETSI V2X security standard and proposes changes to fix the identified weaknesses or deficiencies. The last paper investigates the security implications of adopting 5G New Radio (NR) for V2X communications

A Validity of in-Vehicle Networks Using CAN-FD

The most common communication interface for automotive electronic control units is CAN (Controller Area Network). Since CAN was first introduced in Daimler vehicles in 1991, all automotive manufacturers have adopted CAN communication for in-vehicle networks. However, as the number of electronic control units connected to the CAN network grows rapidly, the CAN protocol is reaching its technological limits. To overcome this limitation, Bosch has introduced a new communication protocol, CAN-FD (Flexible Data-rate). In this paper, we analyse the characteristics and limitations of CAN-FD communication according to the topology under the in-vehicle wiring harness environment designed based on the existing classic CAN communication

Improving In-Vehicle Network Architectures Using Automated Partitioning Algorithms

Today's in-vehicle networks are divided into domains using "best engineering practice". However, as far as we are aware of, there are no existing tools that do this domain partitioning in an automated and optimal way. A strategy for designing in-vehicle networks is to group Electronic Control Units (ECUs) into domains so that each domain isolates a certain functionality and minimizes dependencies to other domains. In this paper, we use an automated partitioning algorithm and apply it to an in-vehicle network from a real, modern car, and we analyze the results from such an approach and compare it with the EVITA reference architecture. Different partitioning criteria can be used, and we investigate security domains based on both message types and on domains optimized to minimize inter-domain traffic. We show that our approach is very flexible and can identify meaningful in-vehicle network domains which are better than the EVITA domains with respect to communication, safety and security. We have also investigated the relationship between safety and security to see if security domains contradict or support partitions based on ASILs