Towards a systematic security evaluation of the automotive Bluetooth interface

In-cabin connectivity and its enabling technologies have increased dramatically in recent years. Security was not considered an essential property, a mind-set that has shifted significantly due to the appearance of demonstrated vulnerabilities in these connected vehicles. Connectivity allows the possibility that an external attacker may compromise the security - and therefore the safety - of the vehicle. Many exploits have already been demonstrated in literature. One of the most pervasive connective technologies is Bluetooth, a short-range wireless communication technology. Security issues with this technology are well-documented, albeit in other domains. A threat intelligence study was carried out to substantiate this motivation and finds that while the general trend is towards increasing (relative) security in automotive Bluetooth implementations, there is still significant technological lag when compared to more traditional computing systems. The main contribution of this thesis is a framework for the systematic security evaluation of the automotive Bluetooth interface from a black-box perspective (as technical specifications were loose or absent). Tests were performed through both the vehicle’s native connection and through Bluetoothenabled aftermarket devices attached to the vehicle. This framework is supported through the use of attack trees and principles as outlined in the Penetration Testing Execution Standard. Furthermore, a proof-of-concept tool was developed to implement this framework in a semi-automated manner, to carry out testing on real-world vehicles. The tool also allows for severity classification of the results acquired, as outlined in the SAE J3061 Cybersecurity Guidebook for Cyber-Physical Vehicle Systems. Results of the severity classification are validated through domain expert review. Finally, how formal methods could be integrated into the framework and tool to improve confidence and rigour, and to demonstrate how future iterations of design could be improved is also explored. In conclusion, there is a need for systematic security testing, based on the findings of the threat intelligence study. The systematic evaluation and the developed tool successfully found weaknesses in both the automotive Bluetooth interface and in the vehicle itself through Bluetooth-enabled aftermarket devices. Furthermore, the results of applying this framework provide a focus for counter-measure development and could be used as evidence in a security assurance case. The systematic evaluation framework also allows for formal methods to be introduced for added rigour and confidence. Demonstrations of how this might be performed (with case studies) were presented. Future recommendations include using this framework with more test vehicles and expanding on the existing attack trees that form the heart of the evaluation. Further work on the tool chain would also be desirable. This would enable further accuracy of any testing or modelling required, and would also take automation of the entire process further

Road traffic incident management and situational awareness

Rietveld, P. [Promotor]Scholten, H.J. [Promotor]Vlist, M. van der [Copromotor

Challenges in artificial socio-cognitive systems: A study based on intelligent vehicles

This record contains the (video) data and source code created in relation to the submitted thesis of the same title.The videos included in this collection have been derived using the 3D view components included in the BSF software framework, during a number of scenarios explained more fully in the related thesis: "Challenges in artificial socio-cognitive systems: A study based on intelligent vehicles" Additional views such as the graph views have been created from the rdfUtilities package. These scenarios can be re-run by using the included version of the BSF framework which is provided as zip file. From the command line, run "ant -p" to see available projects, which includes the traffic simulation, institutions, 3D view, and more

LOGGING, ALERT & EMERGENCY SYSTEM FOR ROAD TRANSPORT VEHICLES - An Experimental eCall, Black-box and Driver Alerting System

This paper describes the experimental platform developed at UEM, mounted on a conventional vehicle. It monitors most of the driver’s actions on the controls of the vehicle, logs the vehicle speed and position using a GPS, detects and recognizes vertical traffic signs, and records the last seconds of the trip with a panoramic video camera. If an accident occurs, the system calls emergency services (112 in Spain) sending vehicle position information (via SMS) and opening a voice channel Remove selected. SIN FINANCIACIÓN No data (2006) UE

Logging, alert & emergency system for road transport vehicles: An experimental ecall, black-box and driver alerting system

This paper describes the experimental platform developed at UEM, mounted on a conventional vehicle. It monitors most of the driver’s actions on the controls of the vehicle, logs the vehicle speed and position using a GPS, detects and recognizes vertical traffic signs, and records the last seconds of the trip with a panoramic video camera. If an accident occurs, the system calls emergency services (112 in Spain) sending vehicle position information (via SMS) and opening a voice channel Remove selected.Sin financiaciónNo data (2006)UE

Logging, alert and emergency system for road transport vehicles - an experimental ecall, black-box and driver alerting system

The Dom Feliciano Belt in Uruguay represents a counterpart of the Gariep Belt in Namibia and these two belts are presently considered as relics of one orogen split by the Atlantic Ocean. In this study, two presumed flysch samples from the Marmora Terrane of the Gariep Belt in Namibia, and five samples from potential source areas in the Nico Perez Terrane of the Dom Feliciano Belt in Uruguay have been dated to determine the possible source regions for the flysch sedimentation on the Namibian side of the orogenic system. Two granites from the Nico Perez Terrane show Neoproterozoic ages of c. 614 Ma, interpreted as the crystallization ages. These data are compatible with the magmatic activity found in the Dom Feliciano Belt from 634 – 564 Ma. A metavolcanic sample from the Zanja del Tigre Complex presents crystallization age of 1.45 Ga. One of the metasedimentary samples from the Nico Perez Terrane shows zircon ages with dominant Mesoproterozoic peak at ca. 1.45 Ga interpreted as an age of volcanic admixture, and minor amount of Paleoproterozoic and Archean zircon. interpreted as detrital grains. Another sample of metasedimentary rock shows only Paleoproterozoic to Archean zircon ages. The detrital zircon population is interpreted as a result of erosion of the surrounding geological units. Two presumed samples of metamorphosed flysch sediments from the Marmora Terrane present very different detrital zircon age spectra. One of the samples shows mainly Meso- and Paleoproterozoic ages, with individual Archean ages. This sample is interpreted as possibly connected with sedimentation in the rifting stage of the orogenic cycle. The second sample has a detrital zircon age spectrum that is consistent with syn-orogenic nature of flysch sedimentation, and shows several peaks at c. 650 Ma, 750 Ma, 1.0 Ga and 1.85 Ga. When comparing the zircon signature in the flysch sample with protolith ages found in the surrounding geological units (the Nico Perez Terrane, The Punta del Este Terrane, SouthAfrican sources and the Rio de la Plata Craton), it becomes clear that the flysch sediment is a result of erosion of the Punta del Este Terrane basement, which contains the only nearby source of the c. 650 Ma zircons, the c. 800-750 Ma zircons and inherited zircons dated at 1.2 – 1.0 Ga. The sample also shows the same detrital zircon pattern found by other workers in their studies of flysch sediments in the Dom Feliciano – Gariep Belt

Sécurité et protection de la vie privée dans les systèmes embarqués automobiles

Electronic equipment has become an integral part of a vehicle's network architecture, which consists of multiple buses and microcontrollers called Electronic Control Units (ECUs). These ECUs recently also connect to the outside world. Navigation and entertainment system, consumer devices, and Car2X functions are examples for this. Recent security analyses have shown severe vulnerabilities of exposed ECUs and protocols, which may make it possible for attackers to gain control over a vehicle. Given that car safety-critical systems can no longer be fully isolated from such third party devices and infotainment services, we propose a new approach to securing vehicular on-board systems that combines mechanisms at different layers of the communication stack and of the execution platforms. We describe our secure communication protocols, which are designed to provide strong cryptographic assurances together with an efficient implementation fitting the prevalent vehicular communication paradigms. They rely on hardware security modules providing secure storage and acting as root of trust. A distributed data flow tracking based approach is employed for checking code execution against a security policy describing authorized communication patterns. Binary instrumentation is used to track data flows throughout execution (taint engine) and also between control units (middleware), thus making it applicable to industrial applications. We evaluate the feasibility of our mechanisms to secure communication on the CAN bus, which is ubiquitously implemented in cars today. A proof of concept demonstrator also shows the feasibility of integrating security features into real vehicles.L'équipement électronique de bord est maintenant devenue partie intégrante de l'architecture réseau des véhicules. Elle s’appuie sur l'interconnexion de microcontroleurs appelés ECUs par des bus divers. On commence maintenant à connecter ces ECUs au monde extérieur, comme le montrent les systèmes de navigation, de divertissement, ou de communication mobile embarqués, et les fonctionnalités Car2X. Des analyses récentes ont montré de graves vulnérabilités des ECUs et protocoles employés qui permettent à un attaquant de prendre le contrôle du véhicule. Comme les systèmes critiques du véhicule ne peuvent plus être complètement isolés, nous proposons une nouvelle approche pour sécuriser l'informatique embarquée combinant des mécanismes à différents niveaux de la pile protocolaire comme des environnements d'exécution. Nous décrivons nos protocoles sécurisés qui s'appuient sur une cryptographie efficace et intégrée au paradigme de communication dominant dans l'automobile et sur des modules de sécurité matériels fournissant un stockage sécurisé et un noyau de confiance. Nous décrivons aussi comment surveiller les flux d'information distribués dans le véhicule pour assurer une exécution conforme à la politique de sécurité des communications. L'instrumentation binaire du code, nécessaire pour l’industrialisation, est utilisée pour réaliser cette surveillance durant l’exécution (par data tainting) et entre ECUs (dans l’intergiciel). Nous évaluons la faisabilité de nos mécanismes pour sécuriser la communication sur le bus CAN aujourd'hui omniprésent dans les véhicules. Une preuve de concept montre aussi la faisabilité d'intégrer des mécanismes de sécurité dans des véhicules réels