Open Access

State of the Art: Embedding Security in Vehicles

EURASIP Journal on Embedded Systems20072007:074706

DOI: 10.1155/2007/74706

Received: 19 October 2006

Accepted: 13 April 2007

Published: 19 June 2007

Abstract

For new automotive applications and services, information technology (IT) has gained central importance. IT-related costs in car manufacturing are already high and they will increase dramatically in the future. Yet whereas safety and reliability have become a relatively well-established field, the protection of vehicular IT systems against systematic manipulation or intrusion has only recently started to emerge. Nevertheless, IT security is already the base of some vehicular applications such as immobilizers or digital tachographs. To securely enable future automotive applications and business models, IT security will be one of the central technologies for the next generation of vehicles. After a state-of-the-art overview of IT security in vehicles, we give a short introduction into cryptographic terminology and functionality. This contribution will then identify the need for automotive IT security while presenting typical attacks, resulting security objectives, and characteristic constraints within the automotive area. We will introduce core security technologies and relevant security mechanisms followed by a detailed description of critical vehicular applications, business models, and components relying on IT security. We conclude our contribution with a detailed statement about challenges and opportunities for the automotive IT community for embedding IT security in vehicles.

[1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40]

Authors’ Affiliations

(1)
Horst-Görtz-Institute for IT Security, Ruhr-University Bochum, Universitätsstraße
(2)
escrypt-Embedded Security GmbH

References

  1. Saad A, Weinmann U: Automotive software engineering and concepts. GI Jahrestagung, September-October 2003, Frankfurt, Germany 318-319.Google Scholar
  2. Nickel E: IBM automotive software foundry. In Press Conference on Computer Science in Automotive Industry, September 2003, Frankfurt, Germany. Frankfurt University;Google Scholar
  3. ISO/IEC : Information technology—guidelines for the management of IT security—part 1: concepts and models for IT security. In Tech. Rep. TR 13335-1. ISO/IEC, Genf, Switzerland; 1996.Google Scholar
  4. Shirley R: Internet security glossary. In Tech. Rep. RFC 2828. GTE/BBN Technologies, Cambridge, Mass, USA; 2000. http://www.rfc-editor.org/rfc/rfc2828.txt Google Scholar
  5. Bishop M: Computer Security: Art and Science. Addison-Wesley, Reading, Mass, USA; 2003.Google Scholar
  6. Stallings W: Cryptography and Network Security. 4th edition. Prentice-Hall, Englewood Cliffs, NJ, USA; 2005.Google Scholar
  7. National Institute of Standards & Technology : FIPS-46-3: Data Encryption Standard (DES). 1977.Google Scholar
  8. National Institute of Standards & Technology : FIPS-197: Specification for the Advanced Encryption Standard (AES). 2001.Google Scholar
  9. Daemen J, Rijmen V: AES proposal: rijndael. Proceedings of the 1st Advanced Encryption Standard (AES) Candidate Conference, August 1998, Ventura, Calif, USA Google Scholar
  10. Vernam GS: Cipher printing telegraph systems for secret wire and radio telegraphic communications. Journal of the American Institute of Electrical Engineers 1926, 55: 109-115.Google Scholar
  11. Shannon C: Communication theory of secrecy systems. The Bell System Technical Journal 1949,28(4):656-715.MATHMathSciNetView ArticleGoogle Scholar
  12. Diffie W, Hellman ME: New directions in cryptography. IEEE Transactions on Information Theory 1976,22(6):644-654. 10.1109/TIT.1976.1055638MATHMathSciNetView ArticleGoogle Scholar
  13. Rivest RL, Shamir A, Adleman L: A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM 1978,21(2):120-126. 10.1145/359340.359342MATHMathSciNetView ArticleGoogle Scholar
  14. Koblitz N: Elliptic curve cryptosystems. Mathematics of Computation 1987,48(177):203-209. 10.1090/S0025-5718-1987-0866109-5MATHMathSciNetView ArticleGoogle Scholar
  15. Miller V: Uses of elliptic curves in cryptography. In Advances in Cryptology (Crypto '85), Lecture Notes in Computer Scienc. Volume 218. Edited by: Williams HC. Springer, Berlin, Germany; 1986:417-426.Google Scholar
  16. IEEE P1363-2000 : Standard Specifications for Public Key Cryptography. http://standards.ieee.org/catalog/olis/busarch.html
  17. Miehling T, Kuhls B, Kober H, Chodura H, Heitmann M: Security module specification. HIS-Herstellerinitiative Software, Bochum, Germany; 2006.Google Scholar
  18. IEEE 1609.2-2006 : Trial-Use Standard for Wireless Access in Vehicular Environments—Security Services for Applications and Management Messages. http://ieeexplore.ieee.org/servlet/opac?punumber=11000
  19. Rivest R: RFC 1321: the MD5 message-digest algorithm. 1992.http://www.ietf.org/rfc/rfc1321.txt Google Scholar
  20. National Institute of Standards & Technology : FIPS-180-2: secure hash standard (SHS). 2002.Google Scholar
  21. U.S. Department of State International traffic in arms regulations (ITAR), code of federal regulations, title 22, parts 120–130Google Scholar
  22. van Oorschot P: Revisiting software protection. Proceedings of the 6th International Conference on Information Security (ISC '03), October 2003, Bristol, UK, Lecture Notes in Computer Science 2851: 1-13.Google Scholar
  23. Amendola S: Improving automotive security by evaluation—from security health check to common criteria. Security Research & Consulting GmbH, Bochum, Germany; 2004.Google Scholar
  24. Weimerskirch A, Paar C, Wolf M: Cryptographic component identification: enabler for secure vehicles. Proceedings of the 62nd IEEE Vehicular Technology Conference (VTC '05), September 2005, Dallas, Tex, USA 1227-1231.Google Scholar
  25. Linn C, Debray S: Obfuscation of executable code to improve resistance to static disassembly. Proceedings of the 10th ACM Conference on Computer and Communications Security (CCS '03), October 2003, Washington, DC, USA 290-299.Google Scholar
  26. Collberg CS, Thomborson C: Watermarking, tamper-proofing, and obfuscation—tools for software protection. IEEE Transactions on Software Engineering 2002,28(8):735-746. 10.1109/TSE.2002.1027797View ArticleGoogle Scholar
  27. Hubaux J-P, Čapkun S, Luo J: The security and privacy of smart vehicles. IEEE Security & Privacy Magazine 2004,2(3):49-55.View ArticleGoogle Scholar
  28. Wolf M, Weimerskirch A, Paar C: Security in automotive bus systems. Proceedings of Embedded Security in Cars Workshop (ESCAR '04), November 2004, Bochum, Germany Google Scholar
  29. Car-2-Car Communication Consortium. http://www.car-2-car.org/
  30. Network on Wheels http://www.network-on-wheels.de/
  31. CVIS—Cooperative Vehicle-Infrastructure Systems. http://www.cvisproject.org/
  32. Safespot Cooperative vehicles and road infrastructure for road safety, http://www.safespot-eu.org/
  33. Lemke K, Sadeghi A-R, Stüble C: An open approach for designing secure electronic immobilizers. Proceedings of the 1st International Conference on Information Security Practice and Experience (ISPEC '05), April 2005, Singapore 230-242.View ArticleGoogle Scholar
  34. Čapkun S, Hubaux J-P: Secure positioning of wireless devices with application to sensor networks. Proceedings of the 24th Annual Joint Conference of the IEEE Computer and Communications Societies (INFOCOM '05), March 2005, Miami, Fla, USA 3: 1917-1928.View ArticleGoogle Scholar
  35. European Commission. EU NO 1360/2002 2002.Google Scholar
  36. Gieschen Consultancy Report: IP theft up 22%, massive $3 trillion counterfeits, May 2005, http://www.bascap.com/
  37. Anderson RJ: On the security of digital tachographs. In Proceedings of the 5th European Symposium on Research in Computer Security (ESORICS '98), September 1998, Louvain-la-Neuve, Belgium. Springer; 111-125.View ArticleGoogle Scholar
  38. Ross S: Parts counterfeiting. 2004.http://www.aftermarketbusiness.com/aftermarketbusiness/article/articleDetail.jsp?id=125346 Google Scholar
  39. eCall Driving Group http://ec.europa.eu/information_society/activities/esafety/forum/ecall/index_en.htm
  40. Siemens VDO Traffic sign recognition. http://www.siemensvdo.com/products_solutions/cars/propilot/

Copyright

© Wolf et al. 2007

This article is published under license to BioMed Central Ltd. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.