Advertisement

External Monitoring Changes in Vehicle Hardware Profiles: Enhancing Automotive Cyber-Security

  • Constantinos PatsakisEmail author
  • Kleanthis Dellios
  • Jose Maria De Fuentes
  • Fran Casino
  • Agusti Solanas
Article
  • 12 Downloads

Abstract

As the vehicles are gradually transformed into the connected-vehicles, standard features of the past (i.e., immobilizer, keyless entry, self-diagnostics) were neglected to be software updated and hardware upgraded so they do not “align” with the cyber-security demands of the new ICT era (IoT, Industry 4.0, IPv6, sensor technology) we have stepped into, therefore introducing critical legacy IT security issues. Stepping beyond the era of common auto-theft and “chop-shops,” the new wave of attackers have cyber-skills to exploit these vulnerabilities and steal the vehicle or manipulate it. Recent evolution in ICT offered automotive industry vital tools for vehicle safety, functionality and up to 2010, theft prevention. However, the same technologies are the ones that make vehicles prone to cyber-attacks. To counter such attacks, this work proposes a unified solution that logs all hardware profile changes of a vehicle in a blockchain, to manage control and allow only authenticated changes, subject to user, time, geospatial, and contextual constraints exploiting several blockchain features. Testing of the proposed solution omens the prevention of numerous commons attacks, while additionally providing forensics capabilities and significantly enhancing the security architecture of the vehicle (respecting the original IT architectural design of automotive manufacturers).

Keywords

Vehicle monitoring Hardware changes Blockchains 

Notes

References

  1. 1.
  2. 2.
    eBACS: ECRYPT benchmarking of cryptographic systems. http://bench.cr.yp.to/computers.html
  3. 3.
    SAE J2735 dedicated short range communications (DSRC) message set dictionary. SAE J2735, November 2009Google Scholar
  4. 4.
    IEEE standard for wireless access in vehicular environments security services for applications and management messages. IEEE Std 1609.2-2013 (Revision of IEEE Std 1609.2-2006), pp 1–289, April 2013Google Scholar
  5. 5.
  6. 6.
  7. 7.
  8. 8.
    Automotive open system architecture. http://www.autosar.org/
  9. 9.
    Awais Hassan M, Habiba U, Ghani U, Shoaib M (2019) A secure message-passing framework for inter-vehicular communication using blockchain. Int J Distrib Sensor Netw, 15(2)Google Scholar
  10. 10.
    Bell J, Latoza TD, Baldmitsi F, Stavrou A (2017) Advancing open science with version control and blockchains, 13–14Google Scholar
  11. 11.
    Biham E, Dunkelman O, Indesteege S, Keller N, Preneel B (2010) How to steal cars - a practical attack on keeloq. In: CRYPTO 2007Google Scholar
  12. 12.
  13. 13.
    Bonnick A (2001) Automotive computer controlled systems. RoutledgeGoogle Scholar
  14. 14.
    Bono S, Green M, Stubblefield A, Juels A, Rubin A, Szydlo M (2007) Security analysis of a cryptographically-enabled rfid device. In: USENIX securityGoogle Scholar
  15. 15.
    Bosch R (2013) Bosch automotive electrics and automotive electronics: systems and components, networking and hybrid drive. Springer ViewegGoogle Scholar
  16. 16.
    Casino F, Dasaklis TK, Patsakis C (2019) A systematic literature review of blockchain-based applications: current status, classification and open issues. Telematics Inform 36:55–81CrossRefGoogle Scholar
  17. 17.
    Cebe M, Erdin E, Akkaya K, Aksu H, Uluagac S (2018) Block4forensic: an integrated lightweight blockchain framework for forensics applications of connected vehicles. IEEE Commun Mag 56(10):50–57CrossRefGoogle Scholar
  18. 18.
    Charette RN (2009) This car runs on code. Spectrum, 46(3)Google Scholar
  19. 19.
    Chavez ML, Rosete CH, Henriguez FR (2005) Security and privacy vulnerabilities of in-car wireless networks: a tire pressure monitoring system case study. In: Proceedings of the 15th international conference on electronics, communications and computers (CONIELECOMP), pp 166–170Google Scholar
  20. 20.
    Checkoway S, McCoy D, Kantor B, Anderson D, Shacham H, Savage S, Koscher K, Czeskis A, Roesner F, Kohn T (2011) Comprehensive experimental analyses of automotive attack surfaces. In: USENIX SecurityGoogle Scholar
  21. 21.
    Christidis K, Devetsikiotis M (2016) Blockchains and smart contracts for the internet of things. IEEE Access 4:2292–2303CrossRefGoogle Scholar
  22. 22.
    Cremers CJF (2008) The Scyther tool: verification, falsification, and analysis of security protocols. In: Computer aided verification, 20th international conference, CAV 2008, Princeton, USA, Proc., volume 5123/2008 of lecture notes in computer science. Springer, pp 414–418Google Scholar
  23. 23.
    Dasaklis TK, Casino F, Patsakis C (2018) Blockchain meets smart health: towards next generation healthcare services. In: 2018 9th International conference on information, intelligence, systems and applications (IISA), pp 1–8Google Scholar
  24. 24.
    Dellios K, Papanikas D, Polemi D (2015) Information security compliance over the intelligent transport systems: is it possible? Secur Privacy 13(3):770–772. (in press)Google Scholar
  25. 25.
    Dellios K, Patsakis C, Polemi D (2016) Automobile2.0: reformulating the automotive platform as an it system. IT Professional 18(5):48–56CrossRefGoogle Scholar
  26. 26.
    Dorri A, Steger M, Kanhere SS, Jurdak R (2017) Blockchain: a distributed solution to automotive security and privacy. IEEE Commun Mag 55(12):119–125CrossRefGoogle Scholar
  27. 27.
    Eisenbarth T, Kasper T, Moradi A, Paar C, Salmasizadeh M, Shalmani M (2008) Physical cryptanalysis of keeloq code hopping applications. http://eprint.iacr.org/2008/058
  28. 28.
    ENISA (2017) Cyber security and resilience of smart cars. https://www.enisa.europa.eu/publications/cyber-security-and-resilience-of-smart-cars
  29. 29.
    Evita FP7 project. http://evita-project.org
  30. 30.
    Fernandes E, Crispo B, Conti M (2013) Fm99.9, radio virus: exploiting fm radio broadcasts for malware deployment. IEEE Trans Inf Forens Secur 8(6):1027–1037CrossRefGoogle Scholar
  31. 31.
    Foster I, Prudhomme A, Koscher K, Savage S (2015) Fast and vulnerable: a story of telematic failures. In: Proceedings of workshop on offensive technologies (WOOT). Washington, DCGoogle Scholar
  32. 32.
    Garcia FD, de Koning Gans G, Verdult R, Meriac M (2012) Dismantling iclass and iclass elite. In: European symposium on research in computer security. Springer, pp 697–715Google Scholar
  33. 33.
    Garcia FD, Oswald D, Kasper T, Pavlidès P (2016) Lock it and still lose it - on the (in)security of automotive remote keyless entry systems. In: Holz T, Savage S (eds) 25th USENIX security symposium, USENIX security 16, Austin, TX, USA, August 10-12, 2016. USENIX AssociationGoogle Scholar
  34. 34.
    Gkogkidis A, Giachoudis N, Spathoulas G, Anagnostopoulos I (2019) Implementing a blockchain infrastructure on top of vehicular ad hoc networks. Adv Intell Syst Comput 879:764–771Google Scholar
  35. 35.
    Groll A, Ruland C (2009) Secure and authentic communication on existing in-vehicle networks. In: Proceedings of the IEEE intelligent vehicles symposium, pp 1093–1097Google Scholar
  36. 36.
    Indesteege S, Keller N, Dunkelman O, Biham E, Preneel B (2008) A practical attack on keeloq. In: EUROCRYPT’08 proceedings of the theory and applications of cryptographic techniques, pp 1– 18Google Scholar
  37. 37.
    Kevin D, David B (2019) Hacit2: a privacy preserving, region based and blockchain application for dynamic navigation and forensics in vanet. Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST 258:225–236CrossRefGoogle Scholar
  38. 38.
    Kleberger P, Olovsson T (2014) Securing vehicle diagnostics in repair shops. In: Computer safety, reliability, and security. Springer, pp 93–108Google Scholar
  39. 39.
    Kosch T, Christoph S, Markus S, Marc B (2012) Automotive Inter-networking. Wiley PressGoogle Scholar
  40. 40.
    Koscher K, Czeskis A, Roesner F, Patel S, Kohno T, Checkoway S, McCoy D, Kantor B, Anderson D, Shacham H, Savage S (2010) Experimental security analysis of a modern automobile. In: IEEE Symposium on security and privacy. Oakland, pp 447–462Google Scholar
  41. 41.
    Lamport L (1981) Password authentication with insecure communication. Commun ACM 24(11):770–772CrossRefGoogle Scholar
  42. 42.
    Lei A, Cruickshank H, Cao Y, Asuquo P, Ogah CPA, Sun Z (2017) Blockchain-based dynamic key management for heterogeneous intelligent transportation systems. IEEE Int Things J 4(6):1832–1843CrossRefGoogle Scholar
  43. 43.
    Li L, Liu J, Cheng L, Qiu S, Wang W, Zhang X, Zhang Z (2018) Creditcoin: a privacy-preserving blockchain-based incentive announcement network for communications of smart vehicles. IEEE Trans Intell Transport Syst 19(7):2204–2220CrossRefGoogle Scholar
  44. 44.
    Liu Y-N, Lv S-Z, Xie M, Chen Z-B, Wang P (2019) Dynamic anonymous identity authentication (daia) scheme for vanet. Int J Commun Syst, 32(5)Google Scholar
  45. 45.
    Lu Z, Liu W, Wang Q, Qu G, Liu Z (2018) A privacy-preserving trust model based on blockchain for vanets. IEEE Access 6:45655–45664CrossRefGoogle Scholar
  46. 46.
    Lu Z, Wang Q, Qu G, Liu Z (2018) Bars: a blockchain-based anonymous reputation system for trust management in vanets, 98–103Google Scholar
  47. 47.
    Mahaffey K (2015) Hacking a tesla model s: what we found and what we learned. https://blog.lookout.com/hacking-a-tesla
  48. 48.
    Mansor H, Markantonakis K, Akram R, Mayes K, Gurulian I (2017) Log your car: reliable maintenance services record, volume 10143 of lecture notes in computer science. Springer, pp 484–504Google Scholar
  49. 49.
    Mansor H, Markantonakis K, Akram RN, Mayes K (2015) Don’t brick your car: firmware confidentiality and rollback for vehicles. In: 2015 10th International conference on availability, reliability and security (ARES). IEEE, pp 139–148Google Scholar
  50. 50.
    Miller C, Valasek C A survey of remote automotive attack surfaces, 8 2014. Blackhat USA 2014, Las Vegas, NV, USAGoogle Scholar
  51. 51.
    Miller C, Valasek C Remote exploitation of an unaltered passenger vehicle, 8 2015. Blackhat USA 2015, Las Vegas, NV, USAGoogle Scholar
  52. 52.
    Nakamoto S (2008) Bitcoin: a peer-to-peer electronic cash systemGoogle Scholar
  53. 53.
    Naver N, Simonot-Lion F (2009) Automotive embedded systems handbook: industrial information technology. CRC PressGoogle Scholar
  54. 54.
    Nilsson DK, Larson UE, Jonsson E (2008) Efficient in-vehicle delayed data authentication based on compound message authentication codes. In: Proceedings of the 68th IEEE vehicular technology conference (VTC 2008-Fall), pp 1–5Google Scholar
  55. 55.
    Nohl K (2010) Car immobilizer security. In: ESCARGoogle Scholar
  56. 56.
    Oguma H, Yoshioka A, Nishikawa M, Shigetomi R, Otsuka A, Imai H (2008) New attestation based security architecture for in-vehicle communication. In: IEEE GLOBECOM, pp 1909–1914Google Scholar
  57. 57.
    Onishi H (2018) A survey: engineering challenges to implement vanet securityGoogle Scholar
  58. 58.
  59. 59.
    Organisation Internationale des Constructeurs d’Automobiles. http://oica.net/
  60. 60.
    Ortega V, Bouchmal F, Monserrat JF (2018) Trusted 5g vehicular networks: blockchains and content-centric networking. IEEE Veh Technol Mag 13(2):121–127CrossRefGoogle Scholar
  61. 61.
    Palmieri P, Calderoni L, Maio D (2014) Spatial bloom filters: enabling privacy in location-aware applications. In: Information security and cryptology. Springer International Publishing, pp 16–36Google Scholar
  62. 62.
    Patsakis C, Dellios K (2012) Securing in-vehicle communication and redefining the role of automotive immobilizer. In: SECRYPT, pp 221–226Google Scholar
  63. 63.
    Patsakis C, Dellios K, Bouroche M (2014) Towards a distributed secure in-vehicle communication architecture for modern vehicles. Comput Secur 40:60–74CrossRefGoogle Scholar
  64. 64.
    Patsakis C, Solanas A (2013) Privacy-aware event data recorders: cryptography meets the automotive industry again. IEEE Commun Mag, 51(12)Google Scholar
  65. 65.
    Rabah K (2018) Convergence of AI, IoT, big data and blockchain: a review. Lake Instit J 1(1):1–18Google Scholar
  66. 66.
    Riegger C, Vinçon T, Petrov I (2018) Efficient data and indexing structure for blockchains in enterprise systems, 173–182Google Scholar
  67. 67.
    Rouf I, Miller R, Mustafa R, Taylor T, Oh S, Xu W, Gruteser M, Trappe W, Seskar I (2010) Security and privacy vulnerabilities of in-car wireless networks: a tire pressure monitoring system case study. In: Proceedings of the 19th USENIX security symposium. Washington DC, p 21Google Scholar
  68. 68.
  69. 69.
    Sethumadhavan S, Waksman A, Suozzo M, Huang Y, Eum J (2015) Trustworthy hardware from untrusted components. Commun ACM 58(9):60–71CrossRefGoogle Scholar
  70. 70.
    Sharma R, Chakraborty S (2018) B2vdm: blockchain based vehicular data management, 2337–2343Google Scholar
  71. 71.
    Szabo N (1997) The idea of smart contractsGoogle Scholar
  72. 72.
    Szijj A, Buttyán L Hacking cars in the style of stuxnet, 10 2015. Hacktivity 2015. Las Vegas, NV, USAGoogle Scholar
  73. 73.
    Szilagyi C, Koopman P (2008) A flexible approach to embedded network multicast authentication. In: 2nd Workshop on embedded systems security (WESS), pp 165–174Google Scholar
  74. 74.
    Szilagyi C, Koopman P (2009) Flexible multicast authentication for time-triggered embedded control network applications. In: IEEE/IFIP International conference on dependable systems & networks, 2009. DSN’09. IEEE, pp 165–174Google Scholar
  75. 75.
    Tuohy S, Glavin M, Hughes C, Jones E, Trivedi M, Kilmartin L (2015) Intra-vehicle networks: a review. IEEE Trans Intell Transport Syst, 16(2)Google Scholar
  76. 76.
    Verdult R, Garcia FD, Ege B (2013) Dismantling megamos crypto. Wirelessly lockpicking a vehicle immobilizer. In: 22nd USENIX security symposium (USENIX Security 2013). USENIX AssociationGoogle Scholar
  77. 77.
    Weimerskirch A, Paar C, Wolf M (2006) Secure in-vehicle communication. SpringerGoogle Scholar
  78. 78.
    Woollaston V Forget carjacking, the next big threat is car-hacking: thousands of vehicles are being stolen using cheap gadgets bought online. http://www.dailymail.co.uk/sciencetech/article-2623275/Forget-carjacking-big-threat-car-HACKING-Thousands-vehicles-stolen-using-cheap-gadgets-bought-online.html (2014)
  79. 79.
    Yang Z, Yang K, Lei L, Zheng K, Leung VCM (2018) Blockchain-based decentralized trust management in vehicular networks. IEEE Internet of Things JournalGoogle Scholar
  80. 80.
    Zhang T, Antunes H, Aggarwal S (2014) Defending connected vehicles against malware: challenges and a solution framework. Internet f Things J IEEE 1(1):10–21CrossRefGoogle Scholar
  81. 81.
    Zhang X, Li R, Cui B (2019) A security architecture of vanet based on blockchain and mobile edge computing, 258–259Google Scholar
  82. 82.
    Zhao LJ, Fan S, Yan J (2016) Overview of business innovations and research opportunities in blockchain and introduction to the special issue. Financ Innov 2(1):28CrossRefGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.Department of InformaticsUniversity PiraeusPiraeusGreece
  2. 2.University Carlos III of MadridLeganesSpain
  3. 3.Smart Health Research Group, Department of Computer Engineering and MathematicsRovira i Virgili UniversityCataloniaSpain

Personalised recommendations