André Weimerskirch

State of the Art: Embedding Security in Vehicles

For new automotive applications and services, information technology (IT) has gained central importance. IT-related costs in car manufacturing are already high and they will increase dramatically in the future. Yet whereas safety and reliability have become a relatively well-established field, the protection of vehicular IT systems against systematic manipulation or intrusion has only recently started to emerge. Nevertheless, IT security is already the base of some vehicular applications such as immobilizers or digital tachographs. To securely enable future automotive applications and business models, IT security will be one of the central technologies for the next generation of vehicles. After a state-of-the-art overview of IT security in vehicles, we give a short introduction into cryptographic terminology and functionality. This contribution will then identify the need for automotive IT security while presenting typical attacks, resulting security objectives, and characteristic constraints within the automotive area. We will introduce core security technologies and relevant security mechanisms followed by a detailed description of critical vehicular applications, business models, and components relying on IT security. We conclude our contribution with a detailed statement about challenges and opportunities for the automotive IT community for embedding IT security in vehicles.

Elliptic Curve Cryptography on a Palm OS Device

The market for Personal Digital Assistants (PDA) is growing rapidly and PDAs are becoming increasingly interesting for commercial transactions. One requirement for further growing of eCommerce with mobile devices is the provision of security.We implemented elliptic curves over binary fields on a Palm OS device. We chose the NIST recommended random and Koblitz curves over GF(2163) that are providing a sufficient level of security for most commercial applications. Using Koblitz curves a typical security protocol like Diffie-Hellman key exchange or ECDSA signature verification requires less than 2.4 seconds, while ECDSA signature generation can be done in less than 0.9 seconds. This should be tolerated by most users.

Secure In-Vehicle Communication

This work presents a study of state of the art bus systems with respect to their security against various malicious attacks. After a brief description of the most well-known and established vehicular communication systems, we present feasible attacks and potential exposures for these automotive networks. We also provide an approach for secured automotive communication based on modern cryptographic mechanisms that provide secrecy, manipulation prevention and authentication to solve most of the vehicular bus security issues.

Recognition in a low-power environment

This paper formally defines recognition as a new security principle closely related to authentication. Low-power sensor networks with no pre-deployment information require the less authoritative security of recognition. We give general properties of recognition protocols based on the method of key disclosure. We examine previously proposed low-power protocols according to the environment and security model presented. Finally, we give measurements from an implementation of a recognition protocol called zero common-knowledge and discuss how well this proof-of-concept satisfies the properties of the environment.

Concrete Security for Entity Recognition: The Jane Doe Protocol

Entity recognition does not ask whether the message is from some entity X, just whether a message is from the same entity as a previous message. This turns turns out to be very useful for low-end devices. Motivated by an attack against a protocol presented at SAC 2003, the current paper proposes a new protocol – the “Jane Doe Protocol” –, and provides a formal proof of its concrete security. The protocol neither employs asymmetric cryptography, nor a trusted third party, nor any key pre-distribution. It is suitable for light-weight cryptographic devices such as sensor network motes and RFID tags.

Embedded security in a pervasive world

Embedded systems have become an integral part of our everyday life. Devices like vehicles, household appliances, and cell phones are already equipped with embedded microcontrollers. The networking of the myriads of embedded devices gives rise to the brave new world of pervasive computing. Pervasive computing offers enormous advantages and opportunities for users and businesses through new applications, increased comfort, and cost reduction. One often overlooked aspect of pervasive computing, however, are new security threats. This article describes security issues in current and future pervasive security scenarios, ranging from privacy threats and unreliable products to loss of revenue. We also highlight the opportunities, such as new business models, which are enabled through strong embedded security solutions. Current research issues are also summarized. As case studies, we introduce security aspects in future automotive systems and in ad-hoc networks.

Cryptographic component identification: enabler for secure vehicles

Modern vehicles embed several dozens of electronic control units, infotainment devices, and safety relevant components. All these devices might be manipulated, counterfeited, stolen, and illegally exchanged. Hence, a proper identification of components would be valuable. In this work we propose protocols for component identification in a vehicle. The component identification provides protection against manipulation, counterfeits, and theft by implementing a mechanism to bind security relevant components to a given system. Additionally, such component identification enables secure inter-vehicular networks as well as innovative technologies such as an electronic license plate.

Secure Key Management - A Key Feature for Modern Vehicle Electronics

The need for vehicular data security and privacy protection is already enormous and increases even further. Prominent application areas are for instance theft protection, anticounterfeiting, secure data storage and secure communication inside the vehicle and from the vehicle to the outside world. However, most of the vehicular security and privacy protection solutions involve modern cryptography and require availability of cryptographic keys in the vehicle and in related backend infrastructure. A central aspect for ensuring this availability and a controlled usage of such cryptographic keys is a secure key management, which affects the whole lifecycle of the key, from creation and distribution, usage, backup and update up to key deactivation. Even though secure key management is quite well understood in the standard computer world, the situation in the automotive world is quite different, as we have different functional requirements (e.g., sporadic low-bandwidth connections) and different security requirements (e.g., physical insider attacks). We hence analyze the requirements and give best practice approaches for a secure key management solution in the automotive context. We highlight potential security concerns that are encountered during each phase on a lifecycle of a cryptographic key used in a typical vehicular security solution. Knowing the security vulnerabilities, we will introduce open solutions and best practice approaches for secure key management implementation both in the embedded in-vehicle domain as well as for the supporting backend infrastructure.

Implementing Data Security and Privacy in Next-Generation Electric Vehicle Systems

Due to economic, environmental and political reasons, there is an increasing demand for zero-emission vehicles. With the wide-scale deployment of electric car systems, a variety of parties with conflicting interests will be interacting, and there will be incentives for dishonest behavior. Consequently, new technical challenges that are related to IT security and embedded security arise in the context of electric vehicle systems. For instance, payment and metering needs to be secured, privacy needs to be preserved, and the infrastructure needs to be protected. This work investigates for the first time the security threats that must be addressed in intelligent transportation systems, it discusses possible solutions, and it presents the benefits that IT security provides in this context.

Embedded security solutions for automotive applications

In this paper we present a number of architectural security solutions based upon concrete hardware components such as customized security controllers, trusted platform modules (TPMs), “security boxes”, FPGAs and ASICs. We analyze benefits and disadvantages of each solution proposed in terms of physical and cryptographic security, costs, needed and achievable performance. We also discuss the consequences of the solutions with respect to several wide-spread security applications including immobilizer systems, component identification, software flashing, etc.