Creating a Secure Infrastructure for Wireless Diagnostics and Software Updates in Vehicles

  • Dennis K. Nilsson
  • Ulf E. Larson
  • Erland Jonsson
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5219)


A set of guidelines for creating a secure infrastructure for wireless diagnostics and software updates in vehicles is presented. The guidelines are derived from a risk assessment for a wireless infrastructure. From the outcome of the risk assessment, a set of security requirements to counter the identified security risks were developed. The security requirements can be viewed as guidelines to support a secure implementation of the wireless infrastructure. Moreover, we discuss the importance of defining security policies.


Infrastructure vehicle wireless security guidelines policies 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    See, W.-B.: Vehicle ECU Classification and Software Architectural Implications. Technical report, Feng Chia University, Taiwan (2006)Google Scholar
  2. 2.
    Miucic, R., Mahmud, S.M.: An In-Vehicle Distributed Technique for Remote Programming of Vehicles’ Embedded Software. Technical report, Electrical and Computer Engineering Department, Wayne State University, Detroit, MI 48202 USA (2005)Google Scholar
  3. 3.
    Nilsson, D.K., Larson, U.E., Jonsson, E.: Creating a Secure Infrastructure for Wireless Diagnostics and Software Updates in Vehicles. Technical report, Chalmers University of Technology, 2008:02 (2008)Google Scholar
  4. 4.
    Mahmud, S.M., Shanker, S., Hossain, I.: Secure Software Upload in an Intelligent Vehicle via Wireless Communication Links. In: Proceedings of IEEE Intelligent Vehicles Symposium, pp. 587–592 (2005)Google Scholar
  5. 5.
    Raya, M., Papadimitratos, P., Hubaux, J.-P.: Securing Vehicular Communications. IEEE Wireless Communications 13(5), 8–15 (2006)CrossRefGoogle Scholar
  6. 6.
    Shavit, M., Gryc, A., Miucic, R.: Firmware Update over the Air (FOTA) for Automotive Industry. Technical Report 2007-01-3523, SAE (2007)Google Scholar
  7. 7.
    Miucic, R., Mahmud, S.M.: Wireless Multicasting for Remote Software Upload in Vehicles with Realistic Vehicle Movement. Technical report, Electrical and Computer Engineering Department, Wayne State University, Detroit, MI 48202 USA (2005)Google Scholar
  8. 8.
    Parrillo, L.C.: Wireless motor vehicle diagnostic and software upgrade system. U.S. patent 5442553 (1995)Google Scholar
  9. 9.
    Lightner, B., Botrego, D., Myers, C., Lowrey, L.H.: Wireless diagnostic system and method for monitoring vehicles. U.S. patent 6636790 (2003)Google Scholar
  10. 10.
    Suman, M.J., Zeinstra, M.L.: Remote vehicle programming system. U.S. patent 5479157 (1995)Google Scholar
  11. 11.
    Chen, C.-H.: Vehicle security system having wireless function-programming capability. U.S. patent 6184779 (2001)Google Scholar
  12. 12.
    Wolf, M., Weimerskirch, A., Paar, C.: Security in Automotive Bus Systems. In: Workshop on Embedded IT-Security in Cars, Bochum, Germany (November 2004)Google Scholar
  13. 13.
    Raya, M., Hubaux, J.-P.: The Security of Vehicular Ad Hoc Networks. In: Proceedings of the 3rd ACM Workshop on Security of Ad Hoc and Sensor Networks, pp. 11–21. ACM Press, New York (2005)CrossRefGoogle Scholar
  14. 14.
    Dolev, D., Yao, A.C.: On the Security of Public Key Protocols. IEEE Transactions on Information Theory 29(2), 198–208 (1983)zbMATHCrossRefMathSciNetGoogle Scholar
  15. 15.
    Howard, J.D., Longstaff, T.A.: A Common Language for Computer Security Incidents (SAND98-8667) (1998),
  16. 16.
    Hui, J.: Deluge 2.0 - TinyOS Network Programming Manual (2005),
  17. 17.
    IEEE. 1609.2. Standard for Wireless Access in Vehicular Networks (2004)Google Scholar
  18. 18.
    Raya, M., Jungels, D., Papadimitratos, P., Aad, I., Hubaux, J.-P.: Certificate Revocation in Vehicular Networks. Technical report, Laboratory for computer Communications and Applications (LCA), EPFL, Switzerland, 2006. LCA-Report-2006-006.Google Scholar
  19. 19.
    US-CERT. Current Malware Threats and Mitigation Strategies (2005),
  20. 20.
    Nilsson, D.K., Larson, U.E.: Secure Firmware Updates over the Air in Intelligent Vehicles. In: Proceedings of the First IEEE Vehicular Networking & Applications Workshop (Vehi-Mobi), pp. 380–384 (2008)Google Scholar
  21. 21.
    Levi, A., Savas, E.: Performance Evaluation of Public-Key Cryptosystem Operations in WTLS Protocol. In: Proceedings of the Eighth IEEE International Symposium on Computers and Communications, pp. 1245–1250 (2003)Google Scholar
  22. 22.
    Network Working Group. The TLS Protocol Version 1.0 (1999)Google Scholar
  23. 23.
    Nilsson, D.K., Larson, U.E.: Conducting Forensic Investigations of Cyber Attacks on Automobile In-Vehicle Networks. In: Proceedings of the First ACM International Conference on Forensic Applications and Techniques in Telecommunications, Information and Multimedia (e-Forensics). ACM Press, New York (2008)Google Scholar
  24. 24.
    Jovanovic, N., Kruegel, C., Kirda, E.: Pixy: A static analysis tool for detecting web application vulnerabilities. In: Proceedings of the 2006 IEEE Symposium on Security and Privacy (S&P), pp. 258–263 (2006)Google Scholar
  25. 25.
    Trusted Computing Group. Trusted Platform Module Specification (2003),
  26. 26.
    Nilsson, D.K., Larson, U.E., Jonsson, E.: Efficient In-Vehicle Delayed Data Authentication based on Compound Message Authentication Codes. In: Proceedings of the IEEE 68th Vehicular Technology Conference (VTC2008-Fall) (2008)Google Scholar
  27. 27.
    Deal, R.: Cisco Router Firewall Security. Cisco Press (2004)Google Scholar
  28. 28.
    Network Working Group. Stream Control Transmission Protocol (SCTP) Specification (2006)Google Scholar
  29. 29.
    Nilsson, D.K., Phung, P.H., Larson, U.E.: Vehicle ECU Classification Based on Safety-Security Characteristics. In: Proceedings of the 13th International Conference on Road Transport and Information Control (RTIC) (2008)Google Scholar
  30. 30.
    Hoppe, T., Dittman, J.: Sniffing/Replay Attacks on CAN Buses: A simulated attack on the electric window lift classified using an adapted CERT taxonomy. In: Proceedings of the 2nd Workshop on Embedded Systems Security (WESS), Salzburg, Austria (2007)Google Scholar
  31. 31.
    Nilsson, D.K., Larson, U.E.: Simulated Attacks on CAN Buses: Vehicle virus. In: Proceedings of the Fifth IASTED Asian Conference on Communication Systems and Networks (ASIACSN). ACTA Press (2008)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Dennis K. Nilsson
    • 1
  • Ulf E. Larson
    • 1
  • Erland Jonsson
    • 1
  1. 1.Department of Computer Science and EngineeringChalmers University of TechnologyGothenburgSweden

Personalised recommendations