- Research Article
- Open Access
State of the Art: Embedding Security in Vehicles
EURASIP Journal on Embedded Systems volume 2007, Article number: 074706 (2007)
For new automotive applications and services, information technology (IT) has gained central importance. IT-related costs in car manufacturing are already high and they will increase dramatically in the future. Yet whereas safety and reliability have become a relatively well-established field, the protection of vehicular IT systems against systematic manipulation or intrusion has only recently started to emerge. Nevertheless, IT security is already the base of some vehicular applications such as immobilizers or digital tachographs. To securely enable future automotive applications and business models, IT security will be one of the central technologies for the next generation of vehicles. After a state-of-the-art overview of IT security in vehicles, we give a short introduction into cryptographic terminology and functionality. This contribution will then identify the need for automotive IT security while presenting typical attacks, resulting security objectives, and characteristic constraints within the automotive area. We will introduce core security technologies and relevant security mechanisms followed by a detailed description of critical vehicular applications, business models, and components relying on IT security. We conclude our contribution with a detailed statement about challenges and opportunities for the automotive IT community for embedding IT security in vehicles.
Saad A, Weinmann U: Automotive software engineering and concepts. GI Jahrestagung, September-October 2003, Frankfurt, Germany 318-319.
Nickel E: IBM automotive software foundry. In Press Conference on Computer Science in Automotive Industry, September 2003, Frankfurt, Germany. Frankfurt University;
ISO/IEC : Information technology—guidelines for the management of IT security—part 1: concepts and models for IT security. In Tech. Rep. TR 13335-1. ISO/IEC, Genf, Switzerland; 1996.
Shirley R: Internet security glossary. In Tech. Rep. RFC 2828. GTE/BBN Technologies, Cambridge, Mass, USA; 2000. http://www.rfc-editor.org/rfc/rfc2828.txt
Bishop M: Computer Security: Art and Science. Addison-Wesley, Reading, Mass, USA; 2003.
Stallings W: Cryptography and Network Security. 4th edition. Prentice-Hall, Englewood Cliffs, NJ, USA; 2005.
National Institute of Standards & Technology : FIPS-46-3: Data Encryption Standard (DES). 1977.
National Institute of Standards & Technology : FIPS-197: Specification for the Advanced Encryption Standard (AES). 2001.
Daemen J, Rijmen V: AES proposal: rijndael. Proceedings of the 1st Advanced Encryption Standard (AES) Candidate Conference, August 1998, Ventura, Calif, USA
Vernam GS: Cipher printing telegraph systems for secret wire and radio telegraphic communications. Journal of the American Institute of Electrical Engineers 1926, 55: 109-115.
Shannon C: Communication theory of secrecy systems. The Bell System Technical Journal 1949,28(4):656-715.
Diffie W, Hellman ME: New directions in cryptography. IEEE Transactions on Information Theory 1976,22(6):644-654. 10.1109/TIT.1976.1055638
Rivest RL, Shamir A, Adleman L: A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM 1978,21(2):120-126. 10.1145/359340.359342
Koblitz N: Elliptic curve cryptosystems. Mathematics of Computation 1987,48(177):203-209. 10.1090/S0025-5718-1987-0866109-5
Miller V: Uses of elliptic curves in cryptography. In Advances in Cryptology (Crypto '85), Lecture Notes in Computer Scienc. Volume 218. Edited by: Williams HC. Springer, Berlin, Germany; 1986:417-426.
IEEE P1363-2000 : Standard Specifications for Public Key Cryptography. http://standards.ieee.org/catalog/olis/busarch.html
Miehling T, Kuhls B, Kober H, Chodura H, Heitmann M: Security module specification. HIS-Herstellerinitiative Software, Bochum, Germany; 2006.
IEEE 1609.2-2006 : Trial-Use Standard for Wireless Access in Vehicular Environments—Security Services for Applications and Management Messages. http://ieeexplore.ieee.org/servlet/opac?punumber=11000
Rivest R: RFC 1321: the MD5 message-digest algorithm. 1992.http://www.ietf.org/rfc/rfc1321.txt
National Institute of Standards & Technology : FIPS-180-2: secure hash standard (SHS). 2002.
U.S. Department of State International traffic in arms regulations (ITAR), code of federal regulations, title 22, parts 120–130
van Oorschot P: Revisiting software protection. Proceedings of the 6th International Conference on Information Security (ISC '03), October 2003, Bristol, UK, Lecture Notes in Computer Science 2851: 1-13.
Amendola S: Improving automotive security by evaluation—from security health check to common criteria. Security Research & Consulting GmbH, Bochum, Germany; 2004.
Weimerskirch A, Paar C, Wolf M: Cryptographic component identification: enabler for secure vehicles. Proceedings of the 62nd IEEE Vehicular Technology Conference (VTC '05), September 2005, Dallas, Tex, USA 1227-1231.
Linn C, Debray S: Obfuscation of executable code to improve resistance to static disassembly. Proceedings of the 10th ACM Conference on Computer and Communications Security (CCS '03), October 2003, Washington, DC, USA 290-299.
Collberg CS, Thomborson C: Watermarking, tamper-proofing, and obfuscation—tools for software protection. IEEE Transactions on Software Engineering 2002,28(8):735-746. 10.1109/TSE.2002.1027797
Hubaux J-P, Čapkun S, Luo J: The security and privacy of smart vehicles. IEEE Security & Privacy Magazine 2004,2(3):49-55.
Wolf M, Weimerskirch A, Paar C: Security in automotive bus systems. Proceedings of Embedded Security in Cars Workshop (ESCAR '04), November 2004, Bochum, Germany
Car-2-Car Communication Consortium. http://www.car-2-car.org/
Network on Wheels http://www.network-on-wheels.de/
CVIS—Cooperative Vehicle-Infrastructure Systems. http://www.cvisproject.org/
Safespot Cooperative vehicles and road infrastructure for road safety, http://www.safespot-eu.org/
Lemke K, Sadeghi A-R, Stüble C: An open approach for designing secure electronic immobilizers. Proceedings of the 1st International Conference on Information Security Practice and Experience (ISPEC '05), April 2005, Singapore 230-242.
Čapkun S, Hubaux J-P: Secure positioning of wireless devices with application to sensor networks. Proceedings of the 24th Annual Joint Conference of the IEEE Computer and Communications Societies (INFOCOM '05), March 2005, Miami, Fla, USA 3: 1917-1928.
European Commission. EU NO 1360/2002 2002.
Gieschen Consultancy Report: IP theft up 22%, massive $3 trillion counterfeits, May 2005, http://www.bascap.com/
Anderson RJ: On the security of digital tachographs. In Proceedings of the 5th European Symposium on Research in Computer Security (ESORICS '98), September 1998, Louvain-la-Neuve, Belgium. Springer; 111-125.
Ross S: Parts counterfeiting. 2004.http://www.aftermarketbusiness.com/aftermarketbusiness/article/articleDetail.jsp?id=125346
Siemens VDO Traffic sign recognition. http://www.siemensvdo.com/products_solutions/cars/propilot/
About this article
Cite this article
Wolf, M., Weimerskirch, A. & Wollinger, T. State of the Art: Embedding Security in Vehicles. J Embedded Systems 2007, 074706 (2007). https://doi.org/10.1155/2007/74706
- Information Technology
- Business Model
- Electronic Circuit
- Automotive Application
- Security Mechanism