State of the Art Security Concepts and Hacks
In January 2014 I wrote my first bachelor thesis (yes, we had to write two…) about Security in Automotive Systems. You can download the thesis below the abstract if you want to have a look at it (it’s in German).
In modern vehicles there are more than one hundred different electronic control units, which communicate with each other and also with external devices, like diagnosis tester and smartphones. This makes them to high degree connected systems with a few, well-defined interfaces to the outside. But the past teaches us the following: The higher the degree on networking is, the more complex and vulnerable for errors and security breaches the system gets. Therefore a high amount of time is spend on planning and tests.
But anyone who might thought that the connectivity has reached its climax, is wrong. Because with the upcoming of so called “Intelligent Transportation Systems (ITS)” all the vehicles will communicate among each other and with their environment. Therefore the goals confidentiality, availability, authentication, liability and integrity become central requirements to each component in the ITS.
But a closer look at the current situations shows us, that even present cars, with just a few interfaces to the outside, are classified as critical in terms of security due to the lack of security mechanisms in the control units. Also the used system buses for communication within the vehicles do not offer any security features. Is it under those conditions sensible to make these systems even more open and complex?
The goal of this paper is to show how much of security is currently employed inside a vehicle and how the different security mechanisms are designed and implemented. Especially the interfaces to the outside of the vehicle are investigated and already known hacks of criminals or published papers from academics are referred to.
Concluding there is an improvement suggestion from the author regarding the actual standard bus system (CAN).
The intended audience of this bachelor thesis are IT people with automotive background and IT specialists, who want to have a closer look on what’s inside a car. Especially for readers with automotive background it should get obvious that in future, the demanded safety by law is only possible to reach, if also security is involved in the engineering process of a vehicle.
Additionally this first bachelor thesis is the prerequisite for the second bachelor thesis of the author, which has the emphasis on Intelligent Transportation Systems.
Download my first bachelor thesis