Abstract
Vehicles are experiencing a rapid evolution: mechanical systems are rapidly extended, or even replaced, with electrical systems, leading to highly computerized vehicles. Wireless connectivity, such as telematics and vehicle to everything (V2X), is being introduced to help connect vehicles with the world around them. The information exchanged via these interfaces is used to improve, among others, safety, convenience, comfort, and efficiency.
However, adding connectivity is at the same time opening the Connected Car to a multitude of security problems. Modern vehicles are highly complex cyber-physical systems with a high degree of automation and loads of (valuable) data. As such, they are an attractive target for hackers. But until recently, it was not possible for hackers to attack vehicles remotely, at large scale. The wireless connections are changing the gameāas they form new entry points for hackers into the vehicle networks and systems. Most vehicles that are currently on the road were not designed with security in mind. And consequently, there were a few big-impact vehicle hacks last year that made headlines in the mainstream media.
To properly prepare vehicles for their connected future, concepts such as security by design, privacy by design, defense in depth, and life-cycle management must be applied. In this chapter, we will present a structural approach to applying these principles to in-vehicle networks.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Comprehensive experimental analyses of automotive attack surfaces. CAESS, August 2011. http://www.autosec.org/publications.html
Hackers remotely kill a jeep on the highway ā with me in it. WIRED. http://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/
Remote exploitation of an unaltered passenger vehicle. Dr. Charlie Miller and Chris Valasek. http://illmatics.com/Remote%20Car%20Hacking.pdf
Sens. Markey, blumenthal introduce legislation to protect drivers from auto security, privacy risks with standards & ācyber dashboardā rating system. http://www.markey.senate.gov/news/press-releases/sens-markey-blumenthal-introduce-legislation-to-protect-drivers-from-auto-security-privacy-risks-with-standards-and-cyber-dashboard-rating-system
Tracking & hacking: security & privacy gaps put American drivers at risk. Ed Markey, United States Senator for Massachusetts; February 2015. http://www.markey.senate.gov/imo/media/doc/2015-02-06_MarkeyReport-Tracking_Hacking_CarSecurity%202.pdf
The STRIDE threat model. https://msdn.microsoft.com/en-us/library/ee823878(v=cs.20).aspx
Hacking a Tesla model S: what we found and what we learned. Lookout Blog. https://blog.lookout.com/blog/2015/08/07/hacking-a-tesla/
Consolidation in vehicle electronic architectures. Roland Berger Strategy Consultants. http://www.rolandberger.com/media/publications/2015-07-23-rbsc-pub-consolidation_in_vehicle_electronics_architecture.html
The āHeartbleedā security flaw that affects most of the Internet. CNN.com. http://edition.cnn.com/2014/04/08/tech/web/heartbleed-openssl/
How the poodle computer bug impacts business. Fortune.com. http://fortune.com/2014/11/12/poodle-bug/
FREAKing hell: all windows versions vulnerable to SSL snoop. The Register. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204
Vehicle electrical system security committee. http://www.sae.org/works/committeeHome. do?comtID=TEVEES18
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
Ā© 2019 Springer Nature Switzerland AG
About this chapter
Cite this chapter
van Roermund, T. (2019). In-Vehicle Networks and Security. In: Dajsuren, Y., van den Brand, M. (eds) Automotive Systems and Software Engineering. Springer, Cham. https://doi.org/10.1007/978-3-030-12157-0_12
Download citation
DOI: https://doi.org/10.1007/978-3-030-12157-0_12
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-12156-3
Online ISBN: 978-3-030-12157-0
eBook Packages: Computer ScienceComputer Science (R0)