Herve Seudie

EDA for secure and dependable cybercars: challenges and opportunities

Modern vehicles integrate a multitude of embedded hard realtime control functionalities, and a host of advanced information and entertainment (infotainment) features. The true paradigm shift for future vehicles (cybercars) is not only a result of this increasing plurality of subsystems and functions, but is also driven by the unprecedented levels of intra- and inter-car connections and communications as well as networking with external entities. Several new cybercar security and safety challenges simultaneously arise. On one hand, many challenges arise due to increasing system complexity as well as new functionalities that should jointly work on the existing legacy protocols and technologies; such systems are likely unable to warrant a fully secure and dependable system without afterthoughts. On the other hand, challenges arise due to the escalating number of interconnections among the realtime control functions, infotainment components, and the accessible surrounding external devices, vehicles, networks, and cloud services. The arrival of cybercars calls for novel abstractions, models, protocols, design methodologies, testing and evaluation tools to automate the integration and analysis of the safety and security requirements.

Smart keys for cyber-cars: secure smartphone-based NFC-enabled car immobilizer

Smartphones have become very popular and versatile devices. An emerging trend is the integration of smartphones into automotive systems and applications, particularly access control systems to unlock cars (doors and immobilizers). Smartphone-based automotive solutions promise to greatly enhance the users experience by providing advanced features far beyond the conventional dedicated tokens/transponders. We present the first open security framework for secure smartphone-based immobilizers. Our generic security architecture protects the electronic access tokens on the smartphone and provides advanced features such as context-aware access policies, remote issuing and revocation of access rights and their delegation to other users. We discuss various approaches to instantiate our security architecture based on different hardware-based trusted execution environments, and elaborate on their security properties. We implemented our immobilizer system based on the latest Android-based smartphone and a microSD smartcard. Further, we support the algorithmic proofs of the security of the underlying protocols with automated formal verification tools.

Trust assurance levels of cybercars in v2x communication

In the last decade, the automotive industry, governments and researchers have invested a lot of effort setting up the basis for vehicle to vehicle and vehicle to infrastructure (V2X) communication with the aim of improving road safety and traffic efficiency. As for any communication involving the exchange of sensitive data, security was identified from the beginning as a key enabler for many use cases and has been already addressed in various projects. While the first focus was on security issues related to inter-vehicle communication, the Intelligent Transport System (ITS) community rapidly realized that in-vehicle security, which means secure communication endpoints, is also required to enable secure communication between cars and their environment. The recent successful hacking of automotive systems has strengthened this position. However, the holistic view required to set up a framework for mutual trust-establishment between the involving communication entities is missing. The reception of an authentic message does not provide sufficient proof of the trustworthiness of the message without additional trust assurance regarding the messages sender and the senders platform integrity. Hence, the need to attest/certify the trustworthiness of a remote communication partners platform is arising. In this paper, we analyze the platform security requirements of V2X systems, define different Trust Assurance Levels (TAL) and propose a certification framework to support trust establishment between involved V2X communication partners.