Open Problems when Mapping Automotive Security Levels to System Requirements

Securing the vehicle has become an important matter in the automotive industry. The communication of vehicles increases tremendously, they communicate with each other and to the infrastructure, they will be remotely diagnosed and provide the users with third-party applications. Given these areas of application, it is evident that a security standard for the automotive domain that considers security from the beginning of the development phase to the operational and maintenance phases is needed. Proposed security models in the automotive domain describe how to derive different security levels that indicate the demand on security, but do not further provide methods that map these levels to predefined system requirements nor security mechanisms. We continue at this point and describe open problems that need to be addressed in a prospective security framework for the automotive domain. Based on a study of several safety and security standards from other areas as well as suggested automotive security models, we propose an appropriate representation of security levels which is similar to, and will work in parallel with traditional safety, and a method to perform the mapping to a set of predefined system requirements, design rules and security mechanisms

On the Secure and Resilient Design of Connected Vehicles: Methods and Guidelines

Vehicles have come a long way from being purely mechanical systems to systems that consist of an internal network of more than 100 microcontrollers and systems that communicate with external entities, such as other vehicles, road infrastructure, the manufacturer’s cloud and external applications. This combination of resource constraints, safety-criticality, large attack surface and the fact that millions of people own and use them each day, makes securing vehicles particularly challenging as security practices and methods need to be tailored to meet these requirements.This thesis investigates how security demands should be structured to ease discussions and collaboration between the involved parties and how requirements engineering can be accelerated by introducing generic security requirements. Practitioners are also assisted in choosing appropriate techniques for securing vehicles by identifying and categorising security and resilience techniques suitable for automotive systems. Furthermore, three specific mechanisms for securing automotive systems and providing resilience are designed and evaluated. The first part focuses on cyber security requirements and the identification of suitable techniques based on three different approaches, namely (i) providing a mapping to security levels based on a review of existing security standards and recommendations; (ii) proposing a taxonomy for resilience techniques based on a literature review; and (iii) combining security and resilience techniques to protect automotive assets that have been subject to attacks. The second part presents the design and evaluation of three techniques. First, an extension for an existing freshness mechanism to protect the in-vehicle communication against replay attacks is presented and evaluated. Second, a trust model for Vehicle-to-Vehicle communication is developed with respect to cyber resilience to allow a vehicle to include trust in neighbouring vehicles in its decision-making processes. Third, a framework is presented that enables vehicle manufacturers to protect their fleet by detecting anomalies and security attacks using vehicle trust and the available data in the cloud

Trust assurance levels of cybercars in V2x communication

In the last decade, the automotive industry, governments and researchers have invested a lot of effort setting up the basis for vehicle to vehicle and vehicle to infrastructure (V2X) communication with the aim of improving road safety and traffic efficiency. As for any communication involving the exchange of sensitive data, security was identified from the beginning as a key enabler for many use cases and has been already addressed in various projects. While the first focus was on security issues related to inter-vehicle communication, the Intelligent Transport System (ITS) community rapidly realized that in-vehicle security, which means secure communication endpoints, is also required to enable secure communication between cars and their environment. The recent successful hacking of automotive systems has strengthened this position. However, the holistic view required to set up a framework for mutual trust-establishment between the involving communication entities is m issing. The reception of an authentic message does not provide sufficient proof of the trustworthiness of the message without additional trust assurance regarding the message's sender and the sender's platform integrity. Hence, the need to attest/certify the trustworthiness of a remote communication partner's platform is arising. In this paper, we analyze the platform security requirements of V2X systems, define different Trust Assurance Levels (TAL) and propose a certification framework to support trust establishment between involved V2X communication partners