Automotive security

Source: Wikipedia, the free encyclopedia.

Automotive security refers to the branch of

cybersecurity dedicated to the threats associated with vehicles. Not to be confused with automotive safety
.

Causes

The implementation of multiple

ADAS, alongside sensors (lidars and radars
) and their control units.

Inside the vehicle, the ECUs are connected with each other through cabled or wireless communication networks, such as

RF (radio frequency) as in many implementations of TPMSs (tire-pressure monitoring systems). Many of these ECUs require data received through these networks that arrive from various sensors to operate and use such data to modify the behavior of the vehicle (e.g., the cruise control
modifies the vehicle's speed depending on signals arriving from a button usually located on the steering wheel).

Since the development of cheap wireless communication technologies such as

Threat model

GPS data on the vehicle, or capturing microphone signals and similar.[7]

Regarding the

OBD-II and all the attack surfaces that require physical access to the car are defined as local. An attacker that is able to implement the attack through a long-range surface is considered stronger and more dangerous than the one that requires physical access to the vehicle. In 2015 the possibility of attacks on vehicles already on the market has been proven possible by Miller and Valasek, that managed to disrupt the driving of a Jeep Cherokee while remotely connecting to it through remote wireless communication.[9][10]

Controller area network attacks

The most common network used in vehicles and the one that is mainly used for safety-related communication is CAN, due to its real-time properties, simplicity, and cheapness. For this reason the majority of real-world attacks have been implemented against ECUs connected through this type of network.[5][6][9][10]

The majority of attacks demonstrated either against actual vehicles or in testbeds fall in one or more of the following categories:

Sniffing

Sniffing in the computer security field generally refers to the possibility of intercepting and logging packets or more generally data from a network. In the case of CAN, since it is a bus network, every node listens to all communication on the network. It is useful for the attacker to read data to learn the behavior of the other nodes of the network before implementing the actual attack. Usually, the final goal of the attacker is not to simply sniff the data on CAN, since the packets passing on this type of network are not usually valuable just to read.[8]

Denial of service

Denial of service (

DoS attacks against ECUs connected to CAN buses can be done both against the network, by abusing the arbitration protocol used by CAN to always win the arbitration, and targeting the single ECU, by abusing the error handling protocol of CAN.[11] In this second case the attacker flags the messages of the victim as faulty to convince the victim of being broken and therefore shut itself off the network.[11]

Spoofing

Spoofing attacks comprise all cases in which an attacker, by falsifying data, sends messages pretending to be another node of the network. In automotive security usually spoofing attacks are divided into masquerade and replay attacks. Replay attacks are defined as all those where the attacker pretends to be the victim and sends sniffed data that the victim sent in a previous iteration of authentication. Masquerade attacks are, on the contrary, spoofing attacks where the data payload has been created by the attacker.[12]

Real life automotive threat example

Security researchers Charlie Miller and Chris Valasek have successfully demonstrated remote access to a wide variety of vehicle controls using a Jeep Cherokee as the target. They were able to control the radio, environmental controls, windshield wipers, and certain engine and brake functions.[10]

The method used to hack the system was implementation of pre-programmed chip into the controller area network (CAN) bus. By inserting this chip into the CAN bus, he was able to send arbitrary message to CAN bus. One other thing that Miller has pointed out is the danger of the CAN bus, as it broadcasts the signal which the message can be caught by the hackers throughout the network.

The control of the vehicle was all done remotely, manipulating the system without any physical interaction. Miller states that he could control any of some 1.4 million vehicles in the United States regardless of the location or distance, the only thing needed is for someone to turn on the vehicle to gain access.[13]

The work by Miller and Valasek replicated earlier work completed and published by academics in 2010 and 2011 on a different vehicle.[14] The earlier work demonstrated the ability to compromise a vehicle remotely, over multiple wireless channels (including cellular), and the ability to remotely control critical components on the vehicle post-compromise, including the telematics unit and the car's brakes. While the earlier academic work was publicly visible, both in peer-reviewed scholarly publications[15][16] and in the press,[17] the Miller and Valesek work received even greater public visibility.

Security measures

The increasing complexity of devices and networks in the automotive context requires the application of security measures to limit the capabilities of a potential attacker. Since the early 2000 many different countermeasures have been proposed and, in some cases, applied. Following, a list of the most common security measures:[8]

  • Sub-networks: to limit the attacker capabilities even if he/she manages to access the vehicle from remote through a remotely connected ECU, the networks of the vehicle are divided in multiple sub-networks, and the most critical ECUs are not placed in the same sub-networks of the ECUs that can be accessed from remote.[8]
  • Gateways: the sub-networks are divided by secure gateways or firewalls that block messages from crossing from a sub-network to the other if they were not intended to.[8]
  • Intrusion Detection Systems (IDS): on each critical sub-network, one of the nodes (ECUs) connected to it has the goal of reading all data passing on the sub-network and detect messages that, given some rules, are considered malicious (made by an attacker).[18] The arbitrary messages can be caught by the passenger by using IDS which will notify the owner regarding with unexpected message.[19]
  • Authentication protocols: in order to implement authentication on networks where it is not already implemented (such as CAN), it is possible to design an authentication protocol that works on the higher layers of the ISO OSI model, by using part of the data payload of a message to authenticate the message itself.[12]
  • Hardware Security Modules: since many ECUs are not powerful enough to keep real-time delays while executing encryption or decryption routines, between the ECU and the network it is possible to place a hardware security module that manages security for it.[7]
  • Intrusion Detection and IT-forensic Measures: reactive measures that address basic weaknesses.[20]

Legislation

In June 2020, the United Nations Economic Commission for Europe (UNECE) World Forum for Harmonization of Vehicle Regulations released two new regulations, R155 and R156, establishing "clear performance and audit requirements for car manufacturers" in terms of automotive cybersecurity and software updates.[21]

Notes

  1. ^ "Trends in the Semiconductor Industry: 1970s". Semiconductor History Museum of Japan. Archived from the original on 27 June 2019. Retrieved 27 June 2019.
  2. ^ "OnStar system website main page". Retrieved 3 July 2019.
  3. ^ "Android Auto website page". Retrieved 3 July 2019.
  4. ^ "Apple CarPlay website page". Retrieved 3 July 2019.
  5. ^
    S2CID 15241702
    .
  6. ^ a b "Comprehensive Experimental Analyses of Automotive Attack Surfaces | USENIX". www.usenix.org. 2011.
  7. ^ a b "Securing Vehicular On-Board IT Systems: The EVITA Project" (PDF). evita-project.org.
  8. ^
    S2CID 53753547
    .
  9. ^ a b Greenberg, Andy (1 August 2016). "The Jeep Hackers Are Back to Prove Car Hacking Can Get Much Worse". Wired.
  10. ^ a b c Greenberg, Andy (21 July 2015). "Hackers Remotely Kill a Jeep on the Highway—With Me in It". Wired. Retrieved 11 October 2020.
  11. ^
    S2CID 37334277
    .
  12. ^ .
  13. .
  14. ^ "2021: The Fast and the Curious". 22 September 2021.
  15. CiteSeerX 10.1.1.184.3183
    .
  16. ^ "Comprehensive Experimental Analyses of Automotive Attack Surfaces". 2011.
  17. ^ Markoff, John (14 May 2010). "Cars' Computer Systems Called at Risk to Hackers". The New York Times.
  18. ISSN 1687-1499
    .
  19. .
  20. .
  21. ^ Nations, United Nations Economic Commission for EuropeInformation UnitPalais des; Geneva 10, CH-1211; Switzerl. "UN Regulations on Cybersecurity and Software Updates to pave the way for mass roll out of connected vehicles". www.unece.org. Retrieved 2020-11-10.{{cite web}}: CS1 maint: numeric names: authors list (link)