Car-to-Smartphone Interactions: Experimental Setup, Risk Analysis and Security Technologies

International audienceVehicle access control and in particular access to in-vehicle functionalities from smart mobile devices, e.g., phones or watches, has become an increasingly relevant topic. Security plays a critical part, due to both a long history of car keys that succumbed to attacks and recently reported intrusions that use various vehicle communication interfaces to further gain access to in-vehicle safety-critical components. In this work we discuss existing technologies and functionalities that should be embedded in an experimental setup that addresses such a scenario. We make emphasis on existing cryptographic technologies, from symmetric to asymmetric primitives, identity-based cryptography and group signatures. We also discuss risks associated with in-vehicle functionalities and mitigation, e.g., intrusion detection systems

Identity-Based Key Exchange on In-Vehicle Networks: CAN-FD & FlexRay

Security has become critical for in-vehicle networks as they carry safety-critical data from various components, e.g., sensors or actuators, and current research proposals were quick to react with cryptographic protocols designed for in-vehicle buses, e.g., CAN (Controller Area Network). Obviously, the majority of existing proposals are built on cryptographic primitives that rely on a secret shared key. However, how to share such a secret key is less obvious due to numerous practical constraints. In this work, we explore in a comparative manner several approaches based on a group extension of the Diffie–Hellman key-exchange protocol and identity-based authenticated key agreements. We discuss approaches based on conventional signatures and identity-based signatures, garnering advantages from bilinear pairings that open road to several well-known cryptographic constructions: short signatures, the tripartite Diffie–Hellman key exchange and identity-based signatures or key exchanges. Pairing-based cryptographic primitives do not come computationally cheap, but they offer more flexibility that leads to constructive advantages. To further improve on performance, we also account for pairing-free identity-based key exchange protocols that do not require expensive pairing operations nor explicit signing of the key material. We present both computational results on automotive-grade controllers as well as bandwidth simulations with industry-standard tools, i.e., CANoe, on modern in-vehicle buses CAN-FD and FlexRay

LiBrA-CAN: a Lightweight Broadcast Authentication protocol for Controller Area Networks

© 2017 ACM. Despite realistic concerns, security is still absent from vehicular buses such as the widely used Controller Area Network (CAN). We design an efficient protocol based on efficient symmetric primitives, taking advantage of two innovative procedures: splitting keys between nodes and mixing authentication tags. This results in a higher security level when compromised nodes are in the minority, a realistic assumption for automotive networks. Experiments are performed on state-of-the-art Infineon TriCore controllers, contrasted with low-end Freescale S12X cores, while simulations are provided for the recently released CAN-FD standard. To gain compatibility with existent networks, we also discuss a solution based on CAN+.status: publishe