| 1. |
- Almgren, Magnus, 1972, et al.
(author)
-
Mapping Systems Security Research at Chalmers
- 2011
-
In: First SysSec Workshop (SysSec 2011). - 9780769545301 ; , s. 67-70
-
Conference paper (peer-reviewed)abstract
- The department of Computer Science and Engineering at Chalmers University has a long tradition of research in systems security, including security metrics, attack detection, and mitigation. We focus on security issues arising in four specific environments: (1) backbone links, (2) sensor networks, (3) the connected car, and (4) the smart grid. In this short summary we describe recent results as well as open research questions we are exploring.
|
|
| 2. |
- Karahasanovic, Adi, 1988, et al.
(author)
-
Adapting Threat Modeling Methods for the Automotive Industry
- 2017
-
Conference paper (peer-reviewed)abstract
- We live in a world that is getting more interconnected by each day and we are witnessing a global change where all the devices in our surroundings are becoming “smart” and connected to the Internet. The automotive industry is also a part of this change. Today's vehicles have more than 150 small computers, embedded control units (ECUs), and multiple connection points to the Internet which makes them vulnerable to various on-line threats. Recent attacks on connected vehicles have all been results of security vulnerabilities that could have been avoided if appropriate risk assessment methods were in place during software development. In this paper we demonstrate how the threat modeling process, common for the computer industry, can be adapted and applied in the automotive industry. The overall contribution is achieved by providing two threat modeling methods that are specifically adapted for the concept of the connected car and can further be used by automotive experts. The methods were chosen after an extensive literature survey and with support of domain experts from the vehicle industry. The two methods were then successfully applied to the connected car and the underlying software architecture based on the AUTOSAR standard. We have empirically validated our results with domain experts as well as tested the found vulnerabilities in a simulated vehicle environment.
|
|
| 3. |
- Karahasanovic, Adi, 1988, et al.
(author)
-
AUTOSAR Embedded Security in Vehicles
- 2020
-
In: Automotive Cyber Security: Introduction, Challenges, and Standardization. - Singapore : Springer Singapore. ; , s. 97-120
-
Book chapter (other academic/artistic)abstract
- We live in a world that is getting more interconnected by each day, and we are witnessing a global change where all the devices in our surroundings are becoming “smart” and connected to the Internet. The automotive industry is also a part of this change. Today’s vehicles have more than 150 small computers, embedded control units (ECUs), and multiple connection points to the Internet which makes them vulnerable to various online threats.
|
|
| 4. |
- Kleberger, Pierre, 1978, et al.
(author)
-
A Framework for Assessing the Security of the Connected Car Infrastructure
- 2011
-
In: The Sixth International Conference on Systems and Networks Communications (ICSNC), Proceedings. Barcelona, 23-29 October 2011. IARIA.. - 9781612081663 ; , s. 236-241
-
Conference paper (peer-reviewed)abstract
- In this paper, a framework for assessing the security of the connected car infrastructure is presented. The framework includes a model of the infrastructure and a security assessment tree. The model consists of a managed infrastructure and the vehicle communication. The managed infrastructure is further divided into five parts; automotive company applications’ centre, third party applications’ centre, trusted network, untrusted network, and the Internet backbone. The model clarifies the different communication possibilities between the managed infrastructure and the vehicle. Furthermore, the assessment tree defines four categories that need to be addressed in securing vehicular services; the actors, Vehicle–to–X communication technologies, network paths, and the dependability and security attributes. Moreover, we demonstrate the benefit of the framework by means of two scenarios. In this way, the communication in these scenarios are mapped to the model, which makes it possible to analyse the security issues for the scenarios according to the assessment tree. The intention with such an analysis is to identify possible weaknesses of services in the connected car.
|
|
| 5. |
- Kleberger, Pierre, 1978
(author)
-
A Structured Approach to Securing the Connected Car
- 2012
-
Licentiate thesis (other academic/artistic)abstract
- Vehicles of today have become increasingly dependent on software to handle their functionalities. Updating and maintaining the software in vehicles has therefore become a costly process for the automotive industry. By introducing wireless communications to vehicles, vehicular maintenance can greatly be improved and many other new applications can also be brought to the vehicles. However, the vehicle was not designed with security in mind. Since the vehicle is safety-critical, it is vital that such new remote services do not violate the safety and security requirements of the vehicle. Thus, this thesis presents a general approach to securing the connected car and the usefulness of the approach is demonstrated in a vehicular diagnostics scenario.The thesis comes in two main parts. In the first part, we address security mechanisms for the connected car. First, a survey of current mechanisms to secure the in-vehicle networks is made. Then, a description of possible communication methods with vehicles is given and a taxonomy of current entities involved in such communication is presented. The taxonomy is organised in actors, vehicle-to-X communications, network paths, and dependability and security attributes. The usefulness of the taxonomy is demonstrated by two examples.In the second part, we address security with respect to vehicular diagnostics. First, an overall security analysis of the interaction between the connected car and the repair shop is conducted. We find that the most imminent risk in the repair shop is the loss of authentication keys. The loss of such keys allows masquerading attacks against vehicles. To address this problem, we propose a Kerberos-inspired protocol for authentication and authorisation of the diagnostics equipment and a trusted third party is introduced.To conclude, this thesis shows the value of adopting a structured approach to securing the connected car. The approach has been shown to be useful for identifying threats and countermeasures and thus help improving security.
|
|
| 6. |
- Kleberger, Pierre, 1978, et al.
(author)
-
An In-Depth Analysis of the Security of the Connected Repair Shop
- 2012
-
In: The Seventh International Conference on Systems and Networks Communications (ICSNC), Proceedings. Lisbon, 18-23 November, 2012. IARIA.. - 9781612082318 ; , s. 99-107
-
Conference paper (peer-reviewed)abstract
- In this paper, we present a security analysis ofdelivering diagnostics services to the connected car in futureconnected repair shops. The repair shop will mainly providetwo services; vehicle diagnostics and software download. Weanalyse the security within the repair shop by applying a reducedversion of the threat, vulnerability, and risk analysis (TVRA)method defined by ETSI. First, a system description of therepair shop is given. Security objectives and assets are thenidentified, followed by the threat and vulnerability analysis.Possible countermeasures are derived and we outline and discussone possible approach for addressing the security in the repairshop. We find that many of the identified vulnerabilities candirectly be mitigated by countermeasures and, to our surprise,we find that the handling of authentication keys is critical andmay affect vehicles outside the repair shop as well. Furthermore,we conclude that the TVRA method was not easy to follow,but still useful in this analysis. Finally, we suggest that repairshop security should mainly be addressed at the link layer. Suchan approach may integrate network authentication mechanismsduring address allocation and also support encryption of datafor all upper layer protocols with minimal modifications.
|
|
| 7. |
- Kleberger, Pierre, 1978, et al.
(author)
-
Formal Verification of an Authorization Protocol for Remote Vehicle Diagnostics
- 2013
-
Reports (other academic/artistic)abstract
- Remote diagnostics protocols have generally only considered correct authentication to be enough to grant access to vehicles. However, as diagnostics equipment or their keys can be stolen or copied, these devices can not be trusted. Thus, authentication alone is not enough to prevent unauthorized access to vehicles. In previous work, we proposed an authorization protocol to prevent unauthorized access to vehicles.In the automotive industrywhere lives are at risk and a certain liability is exacted on the manufacturer, their vehicles and its software, it is critical that such a protocol has no flaws. Thus, using formal methods to prove the correctness of protocol designs is an important step.In this paper, we formally prove that the proposed authorization protocol provides mutual authentication between the diagnostics equipment and the vehicle, and that it guarantees both secrecy of the distributed session key and freshness of the distributed authorization information. Our formal analysis is conducted using both the Burrows-Abadi-Needham (BAN) Logic and the ProVerif automated verification tool.To the authors' best knowledge, this is the first formally verified authorization protocol for remote vehicular diagnostics.
|
|
| 8. |
- Kleberger, Pierre, 1978
(author)
-
On Securing the Connected Car - Methods and Protocols for Secure Vehicle Diagnostics
- 2015
-
Doctoral thesis (other academic/artistic)abstract
- Software has been the enabler for the last decades of innovation in new vehicle functions. It is now an integrated part of today's cars and the maintenance and update of this software have become a costly process for the automotive industry. As wireless communication to vehicles is being introduced, vehicular maintenance can greatly be improved and many other new applications can be brought to the vehicles. However, the vehicle was not designed with security in mind. Since the vehicle is safety-critical, it is vital that such new remote services do not violate the safety and security requirements of the vehicle and that appropriate security mechanisms are implemented in the vehicle to prevent malicious vehicle manipulations. In this thesis, approaches to secure the connected car and in particular mechanisms and protocols to secure administrative services for vehicle diagnostics and software download are presented. First, the landscape of the connected car and its infrastructure is investigated. A survey of current mechanisms to secure the in-vehicle network is made and a description of possible communication methods with vehicles is given together with a taxonomy of current entities involved in such communication. The usefulness of the taxonomy is demonstrated by two examples. Then, security analyses of vehicle maintenance in repair shops are conducted. Generic mechanisms and protocols are proposed to secure vehicle diagnostics, which are independent of the diagnostics protocol being used. The proposed protocol prevents unauthorised access to vehicles and it has been formally verified to ensure its correctness. Finally, security mechanisms for in-vehicle communication is addressed, where analyses are performed to design better in-vehicle network architectures that support both safety and security. To conclude, this thesis contributes with new approaches to perform secure maintenance of future connected cars using wireless communication and to prevent unauthorised manipulations of the vehicle.
|
|
| 9. |
- Kleberger, Pierre, 1978, et al.
(author)
-
Protecting Vehicles Against Unauthorised Diagnostics Sessions Using Trusted Third Parties
- 2013
-
In: Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). - Berlin, Heidelberg : Springer Berlin Heidelberg. - 1611-3349 .- 0302-9743. - 9783642407925 ; Lecture Notes in Computer Science:8153, s. 70-81
-
Conference paper (peer-reviewed)abstract
- Wireless vehicle diagnostics is expected to provide great improvements to the maintenance of future cars. By using certificates, vehicles can identify diagnostics equipment for a diagnostics session, even over long distances. However, since the diagnostics equipment contains authentication keys used to authenticate such sessions, it is critical that neither the keys nor the equipment is lost. Such a loss can give unauthorised access to any vehicle accepting these keys until the theft is detected and the certificates are revoked. In this paper, we propose a method to protect vehicles against unauthorised diagnostics sessions. A trusted third party is introduced to authorise sessions, thus we do not rely solely on proper identification and authentication of diagnostics equipment. Our approach enables vehicles to verify the validity of diagnostics requests. It is transparent to the diagnostics protocol being used, supports different levels of trust, and can control what commands are permitted during diagnostics sessions.
|
|
| 10. |
- Kleberger, Pierre, 1978, et al.
(author)
-
Securing Vehicle Diagnostics in Repair Shops
- 2014
-
In: Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). - Cham : Springer International Publishing. - 1611-3349 .- 0302-9743. ; 8666, s. 93-108
-
Conference paper (peer-reviewed)abstract
- Diagnostics over IP (DoIP) is a new ISO standard for transmitting diagnostics messages, such as ISO 14229 Unified Diagnostic Services (UDS), over IP-based networks. The standard specifies the communication architecture needed for diagnostics communication and defines an application layer protocol for exchanging management and diagnostics messages between DoIP-enabled devices. However, DoIP relies on the insecure network protocols used in today's Internet and no additional security was added in the standard to tackle this. Thus, to prevent malicious manipulations of vehicle diagnostics sessions in repair shops, appropriate security mechanisms need to be in place. In this paper, we analyse possible approaches to find the most suitable security architecture for diagnostics communication in repair shop networks. First, an evaluation of possible approaches is conducted. These are then analysed with respect to a set of security requirements and implementation challenges. Finally, we present the approach that best meets the requirements for a secure diagnostics architecture in repair shops.
|
|
