Modern vehicles integrate a multitude of embedded hard realtime control functionalities, and a host of advanced information and entertainment (infotainment) features. The true paradigm shift for future vehicles (cybercars) is not only a result of this increasing plurality of subsystems and functions, but is also driven by the unprecedented levels of intra-and inter-car connections and communications as well as networking with external entities.Several new cybercar security and safety challenges simultaneously arise. On one hand, many challenges arise due to increasing system complexity as well as new functionalities that should jointly work on the existing legacy protocols and technologies; such systems are likely unable to warrant a fully secure and dependable system without afterthoughts. On the other hand, challenges arise due to the escalating number of interconnections among the realtime control functions, infotainment components, and the accessible surrounding external devices, vehicles, networks, and cloud services. The arrival of cybercars calls for novel abstractions, models, protocols, design methodologies, testing and evaluation tools to automate the integration and analysis of the safety and security requirements.
In the last decade, the automotive industry, governments and researchers have invested a lot of effort setting up the basis for vehicle to vehicle and vehicle to infrastructure (V2X) communication with the aim of improving road safety and traffic efficiency.As for any communication involving the exchange of sensitive data, security was identified from the beginning as a key enabler for many use cases and has been already addressed in various projects. While the first focus was on security issues related to inter-vehicle communication, the Intelligent Transport System (ITS) community rapidly realized that in-vehicle security, which means secure communication endpoints, is also required to enable secure communication between cars and their environment. The recent successful hacking of automotive systems has strengthened this position.However, the holistic view required to set up a framework for mutual trust-establishment between the involving communication entities is missing. The reception of an authentic message does not provide sufficient proof of the trustworthiness of the message without additional trust assurance regarding the message's sender and the sender's platform integrity. Hence, the need to attest/certify the trustworthiness of a remote communication partner's platform is arising. In this paper, we analyze the platform security requirements of V2X systems, define different Trust Assurance Levels (TAL) and propose a certification framework to support trust establishment between involved V2X communication partners.
Smartphones have become very popular and versatile devices. An emerging trend is the integration of smartphones into automotive systems and applications, particularly access control systems to unlock cars (doors and immobilizers). Smartphone-based automotive solutions promise to greatly enhance the user's experience by providing advanced features far beyond the conventional dedicated tokens/transponders.We present the first open security framework for secure smartphone-based immobilizers. Our generic security architecture protects the electronic access tokens on the smartphone and provides advanced features such as context-aware access policies, remote issuing and revocation of access rights and their delegation to other users. We discuss various approaches to instantiate our security architecture based on different hardware-based trusted execution environments, and elaborate on their security properties. We implemented our immobilizer system based on the latest Android-based smartphone and a microSD smartcard. Further, we support the algorithmic proofs of the security of the underlying protocols with automated formal verification tools.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
customersupport@researchsolutions.com
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.