Security and privacy for in-vehicle networks

Schweppe, Hendrik; Roudier, Yves

doi:10.1109/vcsc.2012.6281235

Cited by 30 publications

(25 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…To that goal, they used the vehicle infotainment system to access the ECU that sends legitimate commands to other ECU components. To cope with such attacks, Schweppe and Roudier presented an architecture capable of monitoring data flow through the car's CAN. This approach enhances vehicle security by using taint tracking tools along with a security framework able to dynamically tag data flows within or among control units.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Static analysis of Android Auto infotainment and on‐board diagnostics II apps

et al. 2019

View full text Add to dashboard Cite

Summary Smartphone and automotive technologies are rapidly converging, letting drivers enjoy communication and infotainment facilities and monitor in‐vehicle functionalities, via on‐board diagnostics (OBD) technology. Among the various automotive apps available in playstores, Android Auto infotainment and OBD‐II apps are widely used and are the most popular choice for smartphone to car interaction. Automotive apps have the potential of turning cars into smartphones on wheels but can be also the gateway of attacks. This paper defines a static analysis that identifies potential security risks in Android infotainment and OBD‐II apps. It identifies a set of potential security threats and presents an actual static analyzer for such apps. It has been applied to most of the highly rated infotainment apps available in the Google Play store, as well as on the available open‐source OBD‐II apps, against a set of possible exposure scenarios. Results show that almost 60% of such apps are potentially vulnerable and that 25% pose security threats related to the execution of JavaScript. The analysis of the OBD‐II apps shows possibilities of severe controller area network injections and privacy violations, because of leaks of sensitive information.

show abstract

Section: Related Workmentioning

confidence: 99%

“…Various techniques to mitigate the security risks of the infotainment and OBD systems have been proposed . However, the security of the modern automotive infotainment systems can be still greatly compromised by interfering with Bluetooth, Wi‐Fi, and telematics signals .…”

Section: Introductionmentioning

confidence: 99%

Static analysis of Android Auto infotainment and on‐board diagnostics II apps

et al. 2019

View full text Add to dashboard Cite

show abstract

“…Moreover, anomaly detection has also been considered for in-vehicle security. The work in [46] introduces a binary instrumentation technique to mark and track data for anomaly detection. The work in [31] introduces an entropy concept for CAN and uses deviations of entropy to detect anomalies.…”

Section: Intra-vehicle Securitymentioning

confidence: 99%

Design and verification for transportation system security

Zheng

Deng

et al. 2015

Proceedings of the 52nd Annual Design Automation Conference

View full text Add to dashboard Cite

Cyber-security has emerged as a pressing issue for transportation systems. Studies have shown that attackers can attack modern vehicles from a variety of interfaces and gain access to the most safety-critical components. Such threats become even broader and more challenging with the emergence of vehicle-to-vehicle (V2V) and vehicle-to-infrastructure (V2I) communication technologies. Addressing the security issues in transportation systems requires comprehensive approaches that encompass considerations of security mechanisms, safety properties, resource constraints, and other related system metrics. In this work, we propose an integrated framework that combines hybrid modeling, formal verification, and automated synthesis techniques for analyzing the security and safety of transportation systems and carrying out design space exploration of both in-vehicle electronic control systems and vehicle-to-vehicle communications. We demonstrate the ideas of our framework through a case study of cooperative adaptive cruise control.

show abstract

“…Plus, using highly optimized special circuitry instead of costly general purpose hardware makes it possible to reduce the security cost. In other studies, one research equipped "taint tracking tools" in a security framework for the conventional automobile communications system [16]. By observing the data flow in the control units with an architecture introducing data flow tracking, data could only be used for their intended purpose in applications, and the data could be monitored by ECUs when the code was executed.…”

Section: Related Workmentioning

confidence: 99%

An Analysis Platform for the Information Security of In-Vehicle Networks Connected with External Networks

Ezaki

Date

Inoue

2015

Advances in Information and Computer Security

View full text Add to dashboard Cite

Abstract. Most in-vehicle units, which are used for various services such as remote diagnosis, information gathering, telematics, car navigation with communications, etc., are connected to both an external network and an automotive network, referred to as an in-vehicle network. The information security of the in-vehicle network is an important concern. In this paper, we describe the analysis platform that we designed and developed for protection mechanisms to analyze and verify the information security of an in-vehicle network connected with external networks. The platform provides features to analyze messages of the in-vehicle network, to evaluate the effects of attacks on the in-vehicle network, and to verify protection mechanisms for the in-vehicle network. First, we developed a message analysis platform subsystem that analyzes messages of the in-vehicle network and performs send and receive processes in the in-vehicle network. Next, we designed an attack evaluation platform subsystem that evaluates attack mechanisms from servers or attackers on the Internet. We also developed a prototype (MoVIS) of the subsystem. We confirmed the effectiveness of the attack evaluation platform and MoVIS in an actual automobile, which was subjected to spoofing and DoS attacks to the in-vehicle network via the Internet. Finally, we discuss the requirements of the protection verification platform, which provides protection mechanisms and protection features based on the experimental results and the characteristics of the in-vehicle network.

show abstract

Security and privacy for in-vehicle networks

Cited by 30 publications

References 9 publications

Static analysis of Android Auto infotainment and on‐board diagnostics II apps

Static analysis of Android Auto infotainment and on‐board diagnostics II apps

Design and verification for transportation system security

An Analysis Platform for the Information Security of In-Vehicle Networks Connected with External Networks

Contact Info

Product

Resources

About