Skip to main content

State of the Art: Embedding Security in Vehicles


For new automotive applications and services, information technology (IT) has gained central importance. IT-related costs in car manufacturing are already high and they will increase dramatically in the future. Yet whereas safety and reliability have become a relatively well-established field, the protection of vehicular IT systems against systematic manipulation or intrusion has only recently started to emerge. Nevertheless, IT security is already the base of some vehicular applications such as immobilizers or digital tachographs. To securely enable future automotive applications and business models, IT security will be one of the central technologies for the next generation of vehicles. After a state-of-the-art overview of IT security in vehicles, we give a short introduction into cryptographic terminology and functionality. This contribution will then identify the need for automotive IT security while presenting typical attacks, resulting security objectives, and characteristic constraints within the automotive area. We will introduce core security technologies and relevant security mechanisms followed by a detailed description of critical vehicular applications, business models, and components relying on IT security. We conclude our contribution with a detailed statement about challenges and opportunities for the automotive IT community for embedding IT security in vehicles.

[1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40]


  1. 1.

    Saad A, Weinmann U: Automotive software engineering and concepts. GI Jahrestagung, September-October 2003, Frankfurt, Germany 318-319.

    Google Scholar 

  2. 2.

    Nickel E: IBM automotive software foundry. In Press Conference on Computer Science in Automotive Industry, September 2003, Frankfurt, Germany. Frankfurt University;

    Google Scholar 

  3. 3.

    ISO/IEC : Information technology—guidelines for the management of IT security—part 1: concepts and models for IT security. In Tech. Rep. TR 13335-1. ISO/IEC, Genf, Switzerland; 1996.

    Google Scholar 

  4. 4.

    Shirley R: Internet security glossary. In Tech. Rep. RFC 2828. GTE/BBN Technologies, Cambridge, Mass, USA; 2000.

    Google Scholar 

  5. 5.

    Bishop M: Computer Security: Art and Science. Addison-Wesley, Reading, Mass, USA; 2003.

    Google Scholar 

  6. 6.

    Stallings W: Cryptography and Network Security. 4th edition. Prentice-Hall, Englewood Cliffs, NJ, USA; 2005.

    Google Scholar 

  7. 7.

    National Institute of Standards & Technology : FIPS-46-3: Data Encryption Standard (DES). 1977.

    Google Scholar 

  8. 8.

    National Institute of Standards & Technology : FIPS-197: Specification for the Advanced Encryption Standard (AES). 2001.

    Google Scholar 

  9. 9.

    Daemen J, Rijmen V: AES proposal: rijndael. Proceedings of the 1st Advanced Encryption Standard (AES) Candidate Conference, August 1998, Ventura, Calif, USA

    Google Scholar 

  10. 10.

    Vernam GS: Cipher printing telegraph systems for secret wire and radio telegraphic communications. Journal of the American Institute of Electrical Engineers 1926, 55: 109-115.

    Google Scholar 

  11. 11.

    Shannon C: Communication theory of secrecy systems. The Bell System Technical Journal 1949,28(4):656-715.

    MATH  MathSciNet  Article  Google Scholar 

  12. 12.

    Diffie W, Hellman ME: New directions in cryptography. IEEE Transactions on Information Theory 1976,22(6):644-654. 10.1109/TIT.1976.1055638

    MATH  MathSciNet  Article  Google Scholar 

  13. 13.

    Rivest RL, Shamir A, Adleman L: A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM 1978,21(2):120-126. 10.1145/359340.359342

    MATH  MathSciNet  Article  Google Scholar 

  14. 14.

    Koblitz N: Elliptic curve cryptosystems. Mathematics of Computation 1987,48(177):203-209. 10.1090/S0025-5718-1987-0866109-5

    MATH  MathSciNet  Article  Google Scholar 

  15. 15.

    Miller V: Uses of elliptic curves in cryptography. In Advances in Cryptology (Crypto '85), Lecture Notes in Computer Scienc. Volume 218. Edited by: Williams HC. Springer, Berlin, Germany; 1986:417-426.

    Google Scholar 

  16. 16.

    IEEE P1363-2000 : Standard Specifications for Public Key Cryptography.

  17. 17.

    Miehling T, Kuhls B, Kober H, Chodura H, Heitmann M: Security module specification. HIS-Herstellerinitiative Software, Bochum, Germany; 2006.

    Google Scholar 

  18. 18.

    IEEE 1609.2-2006 : Trial-Use Standard for Wireless Access in Vehicular Environments—Security Services for Applications and Management Messages.

  19. 19.

    Rivest R: RFC 1321: the MD5 message-digest algorithm. 1992.

    Google Scholar 

  20. 20.

    National Institute of Standards & Technology : FIPS-180-2: secure hash standard (SHS). 2002.

    Google Scholar 

  21. 21.

    U.S. Department of State International traffic in arms regulations (ITAR), code of federal regulations, title 22, parts 120–130

  22. 22.

    van Oorschot P: Revisiting software protection. Proceedings of the 6th International Conference on Information Security (ISC '03), October 2003, Bristol, UK, Lecture Notes in Computer Science 2851: 1-13.

    Google Scholar 

  23. 23.

    Amendola S: Improving automotive security by evaluation—from security health check to common criteria. Security Research & Consulting GmbH, Bochum, Germany; 2004.

    Google Scholar 

  24. 24.

    Weimerskirch A, Paar C, Wolf M: Cryptographic component identification: enabler for secure vehicles. Proceedings of the 62nd IEEE Vehicular Technology Conference (VTC '05), September 2005, Dallas, Tex, USA 1227-1231.

    Google Scholar 

  25. 25.

    Linn C, Debray S: Obfuscation of executable code to improve resistance to static disassembly. Proceedings of the 10th ACM Conference on Computer and Communications Security (CCS '03), October 2003, Washington, DC, USA 290-299.

    Google Scholar 

  26. 26.

    Collberg CS, Thomborson C: Watermarking, tamper-proofing, and obfuscation—tools for software protection. IEEE Transactions on Software Engineering 2002,28(8):735-746. 10.1109/TSE.2002.1027797

    Article  Google Scholar 

  27. 27.

    Hubaux J-P, Čapkun S, Luo J: The security and privacy of smart vehicles. IEEE Security & Privacy Magazine 2004,2(3):49-55.

    Article  Google Scholar 

  28. 28.

    Wolf M, Weimerskirch A, Paar C: Security in automotive bus systems. Proceedings of Embedded Security in Cars Workshop (ESCAR '04), November 2004, Bochum, Germany

    Google Scholar 

  29. 29.

    Car-2-Car Communication Consortium.

  30. 30.

    Network on Wheels

  31. 31.

    CVIS—Cooperative Vehicle-Infrastructure Systems.

  32. 32.

    Safespot Cooperative vehicles and road infrastructure for road safety,

  33. 33.

    Lemke K, Sadeghi A-R, Stüble C: An open approach for designing secure electronic immobilizers. Proceedings of the 1st International Conference on Information Security Practice and Experience (ISPEC '05), April 2005, Singapore 230-242.

    Google Scholar 

  34. 34.

    Čapkun S, Hubaux J-P: Secure positioning of wireless devices with application to sensor networks. Proceedings of the 24th Annual Joint Conference of the IEEE Computer and Communications Societies (INFOCOM '05), March 2005, Miami, Fla, USA 3: 1917-1928.

    Article  Google Scholar 

  35. 35.

    European Commission. EU NO 1360/2002 2002.

  36. 36.

    Gieschen Consultancy Report: IP theft up 22%, massive $3 trillion counterfeits, May 2005,

  37. 37.

    Anderson RJ: On the security of digital tachographs. In Proceedings of the 5th European Symposium on Research in Computer Security (ESORICS '98), September 1998, Louvain-la-Neuve, Belgium. Springer; 111-125.

    Google Scholar 

  38. 38.

    Ross S: Parts counterfeiting. 2004.

    Google Scholar 

  39. 39.

    eCall Driving Group

  40. 40.

    Siemens VDO Traffic sign recognition.

Download references

Author information



Corresponding author

Correspondence to Marko Wolf.

Rights and permissions

Open Access This article is distributed under the terms of the Creative Commons Attribution 2.0 International License (, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

Reprints and Permissions

About this article

Cite this article

Wolf, M., Weimerskirch, A. & Wollinger, T. State of the Art: Embedding Security in Vehicles. J Embedded Systems 2007, 074706 (2007).

Download citation


  • Information Technology
  • Business Model
  • Electronic Circuit
  • Automotive Application
  • Security Mechanism