Automotive Communication Security Methods and Recommendations for Securing In-vehicle and V2X Communications

Today’s vehicles contain approximately more than 100 interconnected computers (ECUs), several of which will be connected to the Internet or external devices and networks around the vehicle. In the near future vehicles will extensively communicate with their environment via Vehicle to Vehicle (V2V) and Vehicle to Infrastructure (V2I), together called V2X communications. Such level of connectivity enables car manufacturers to implement new entertainment systems and to provide safety features to decrease the number of road accidents. Moreover, authorities can deploy the traffic information provided by vehicular communications to improve the traffic management. Despite the great benefits that comes with vehicular communications, there are also risks associated with exposing a safety-critical integrated system to external networks. It has already been proved that vehicles can be remotely hacked and the safety critical functions such as braking system and steering wheel can be compromised to endanger the safety of passengers. This putshigh demands on IT security and car manufacturers to secure vehicular communications. This thesis proposes methods and recommendations for improving the security of internal and external vehicular communications.The main contributions of this thesis are contained in six included papers, and cover the following research areas of automotive security: (i) secure network architecture design, (ii) attack protection, (iii) attack detection, and (iv) V2X security. The first two papers in the collection are on the topic of secure network architecture design and propose an automated approach for grouping in-vehicle ECUs into security domains which facilitate the implementation of security measures in in-vehicle networks. The third paper is on the topic of attack protection and evaluates the applicability of existing Controller Area Network (CAN) bus authentication solutions to a vehicular context. In particular, this paper identifies five critical requirements for an authentication solution to be used in such a context. The fourth paper deals with the issue of attack detection in in-vehicle networks and proposes a specification agnostic method for detecting intrusion in vehicles. The fifth paper identifies weaknesses or deficiencies in the design of the ETSI V2X security standard and proposes changes to fix the identified weaknesses or deficiencies. The last paper investigates the security implications of adopting 5G New Radio (NR) for V2X communications

A Systematic Literature Review on Automotive Digital Forensics: Challenges, Technical Solutions and Data Collection

A modern vehicle has a complex internal architecture and is wirelessly connected to the Internet, other vehicles, and the infrastructure. The risk of cyber attacks and other criminal incidents along with recent road accidents caused by autonomous vehicles calls for more research on automotive digital forensics. Failures in automated driving functions can be caused by hardware and software failures and cyber security issues. Thus, it is imperative to be able to determine and investigate the cause of these failures, something which requires trustable data. However, automotive digital forensics is a relatively new field for the automotive where most existing self-monitoring and diagnostic systems in vehicles only monitor safety-related events. To the best of our knowledge, our work is the first systematic literature review on the current research within this field. We identify and assess over 300 papers published between 2006 - 2021 and further map the relevant papers to different categories based on identified focus areas to give a comprehensive overview of the forensics field and the related research activities. Moreover, we identify forensically relevant data from the literature, link the data to categories, and further map them to required security properties and potential stakeholders. Our categorization makes it easy for practitioners and researchers to quickly find relevant work within a particular sub-field of digital forensics. We believe our contributions can guide digital forensic investigations in automotive and similar areas, such as cyber-physical systems and smart cities, facilitate further research, and serve as a guideline for engineers implementing forensics mechanisms

Spectra: Detecting Attacks on In-Vehicle Networks through Spectral Analysis of CAN-Message Payloads

Nowadays, vehicles have complex in-vehicle networks that have recently been shown to be increasingly vulnerable to cyber-attacks capable of taking control of the vehicles, thereby threatening the safety of the passengers. Several countermeasures have been proposed in the literature in response to the arising threats, however, hurdle requirements imposed by the industry is hindering their adoption in practice. In this paper, we propose SPECTRA, a data-driven anomaly-detection mechanism that is based on spectral analysis of CAN-message payloads. SPECTRA does not abide by the strict specifications predefined for every vehicle model and addresses key real-world deployability challenges

A Preliminary Security Assessment of 5G V2X

Research on intelligent transport systems (ITS) for improved traffic safety and efficiency has reached a high level of maturity and first applications will hit the market in 2019. Since 2004, the wireless standard 802.11p has been developed specifically for ITS services. Since then new telecommunication standards have been devised, and the new 5G telecommunication standard is nearing completion. Due to its technological advantages such as higher speeds and reliability, it is being considered to be used for ITS services.The new radio technology “NewRadio (NR)”, which is being developed as part of 5G, can complement or replace 802.11p in V2X applications. While there has been some work to compare 802.11p and 5G New Radio in terms of performance and applicability for safety-critical use cases, little work has been done to investigate the implications for security. In this paper, we provide an overview of the security requirements of known ETSI ITS use cases, and based on those use cases we compare and assess the security implications of replacing 802.11p with cellular V2X. We find that due to the use of millimeter waves, beamforming and massive MIMO, there will be an implicit improvement for confidentiality and privacy, and it may also be possible to shorten authentication procedures in certain cases. When a fully network-assisted C-V2X mode is chosen, it is also possible to outsource several of the ITS security requirements to the cellular network

Resilient Shield: Reinforcing the Resilience of Vehicles Against Security Threats

Vehicles have become complex computer systems with multiple communication interfaces. In the future, vehicles will have even more connections to e.g., infrastructure, pedestrian smartphones, cloud, road-side-units and the Internet. External and physical interfaces, as well as internal communication buses have shown to have potential to be exploited for attack purposes. As a consequence, there is an increase in regulations which demand compliance with vehicle cyber resilience requirements. However, there is currently no clear guidance on how to comply with these regulations from a technical perspective.To address this issue, we have performed a comprehensive threat and risk analysis based on published attacks against vehicles from the past 10 years, from which we further derive necessary security and resilience techniques. The work is done using the SPMT methodology where we identify vital vehicle assets, threat actors, their motivations and objectives, and develop a comprehensive threat model. Moreover, we develop a comprehensive attack model by analyzing the identified threats and attacks. These attacks are filtered and categorized based on attack type, probability, and consequence criteria. Additionally, we perform an exhaustive mapping between asset, attack, threat actor, threat category, and required mitigation mechanism for each attack, resulting in a presentation of a secure and resilient vehicle design. Ultimately, we present the Resilient Shield a novel and imperative framework to justify and ensure security and resilience within the automotive domain

CONSERVE: A framework for the selection of techniques for monitoring containers security

Context:\ua0Container-based virtualization is gaining popularity in different domains, as it supports continuous development and improves the efficiency and reliability of run-time environments.\ua0Problem:\ua0Different techniques are proposed for monitoring the security of containers. However, there are no guidelines supporting the selection of suitable techniques for the tasks at hand.\ua0Objective:\ua0We aim to support the selection and design of techniques for monitoring container-based virtualization environments.\ua0Approach: First, we review the literature and identify techniques for monitoring containerized environments. Second, we classify these techniques according to a set of categories, such as technical characteristic, applicability, effectiveness, and evaluation. We further detail the pros and cons that are associated with each of the identified techniques.\ua0Result:\ua0As a result, we present CONSERVE, a multi-dimensional decision support framework for an informed and optimal selection of a suitable set of container monitoring techniques to be implemented in different application domains.\ua0Evaluation:\ua0A mix of eighteen researchers and practitioners evaluated the ease of use, understandability, usefulness, efficiency, applicability, and completeness of the framework. The evaluation shows a high level of interest, and points out to potential benefits

On Securing Vehicular Communications: Methods and Recommendations for Secure In-vehicle and Car2X Communications

Today\u27s vehicles contain approximately more than 100 interconnected computers (ECUs), several of which will be connected to the Internet or external devices and networks around the vehicle. In the near future vehicles will extensively communicate with their environment via Vehicle to Vehicle and Vehicle to Infrastructure\ua0(together called V2X) communications. Such level of connectivity enables car manufacturers to implement new entertainment systems and to provide safety features to decrease the number of road accidents. Moreover, authorities can deploy the traffic information provided by vehicular communications to improve the traffic management. Despite the great benefits that comes with vehicular communications, there are also risks associated with exposing a safety-critical integrated system to external networks. It has already been proved that vehicles can be remotely hacked and the safety critical functions such as braking system and steering wheel can be compromised to endanger the safety of passengers. This puts high demands on IT security and car manufacturers to secure vehicular communications. In this thesis, we propose methods and recommendations for improving the security of internal and external vehicular communications.The thesis is divided into two parts. In the first part, we identify weaknesses or deficiencies in the design of the ETSI V2X security standard and propose changes to fix the identified weaknesses or deficiencies. The second part of the thesis focuses on the security of the internal vehicular communications. First, in order to facilitate the implementation of security measures in in-vehicle networks, we propose an automated approach for grouping in-vehicle ECUs into domains based on different criteria. Then, we compare such an automatically generated in-vehicle network architecture with a reference architecture model to show that our approach is able to identify meaningful domains with better quality with respect to communication, safety and security. Finally, we seek to evaluate the applicability of existing CAN bus authentication solutions to a vehicular context. To this end, and in cooperation with industry, we have identified five critical requirements for an authentication solution to be used in such a context. We found that no authentication solution fulfilled all the requirements, something that indicates that the CAN bus may not be suitable for secure vehicular applications

Experiences from Implementing the ETSI ITS SecuredMessage Service

Cooperative intelligent transport systems supporting secure vehicle to vehicle and vehicle to infrastructure communications, is becoming a very important topic. The aim of this paper is to share our experiences from implementing the ETSI Intelligent Transport System (ITS) SecuredMessage and sign/verify services on an existing ETSI ITS communication stack (ITSC). We have followed the new ETSI TS 103 097 v1.1.1 standard when implementing the security services, and have made our best to create a robust and secure implementation. Our goal has been to identify flaws and vulnerabilities in our implementation that are caused by weaknesses or deficiencies in the standard and in its description of services. We have then performed an analysis of the protocol, its headers and created test cases used to test our implementation. Several problems were found, and we have also repeated the tests with another, supposedly very stable implementation, provided by Fraunhofer FOKUS. To our surprise, this system also showed unexpected behavior as our system. We show that these problems are the result of weaknesses and complexities in the design of the standard. We present the problems found in our implementation and show what part in the standard was causing the problems. We show that several problems in the standard, mainly due to their complexity, open up for misinterpretation leading to various types of implementation errors. We conclude the paper with proposing changes to the standard to prevent other implementations from repeating the same mistakes

Towards designing secure in-vehicle network architectures using community detection algorithms

Efforts in securing the in-vehicle network have resulted in a number of proposed security mechanisms in recent years. However, so far little attention has been given to the actual architecture of the in-vehicle network. An approach within in-vehicle network design is to divide the network into domains, where each domain consists of a set of Electronic Control Units (ECUs) that handles some united functionality, e.g., body control, powertrain, and telematics. Still, this approach is based on \u27best engineering practice\u27 and there is room for improvements. In this paper, we study real traffic from a modern car and we try to divide the in-vehicle network into domains using automated partitioning algorithms. To find the optimum division, we select four community detection algorithms, known from social network analysis, and we evaluate their ability to find these domains. We conclude that community detection algorithms can be used to identify in-vehicle domains based on the message types (signals) used in the in-vehicle network and we demonstrate this by applying the algorithms to real data. The approach is not limited to only message types, but domains can also be identified based on other criteria, such as frequency of messages, payload sizes, or Automotive Safety Integrity Levels (ASILs). We also conclude that the identification of good domains can facilitate the implementation of security measures. Therefore, we believe that the approach has great potential to help engineers in deriving secure in-vehicle network architectures during the design of a vehicle