Abstract
The automotive industry has seen remarkable growth in the use of network and communication technology. These technologies can be vulnerable to attacks. Several examples of confirmed attacks have been documented in academic studies, and many vehicular communications systems have been designed without security aspects in mind. Furthermore, all the security implications mentioned here would affect the functionality of decision support systems (DSS) of IoT and vehicular networks. This chapter focuses on in-vehicle security and aims to categorize some attacks in this field according to the exploited vulnerability by showing common patterns. The conclusion suggests that an ethernet-based architecture could be a good architecture for future vehicular systems; it enables them to meet future security needs while still allowing network communication with outside systems.
TopBackground
Connected vehicles are essentially IoT devices. Thus, to understand automotive security more broadly, IoT security must be considered. The security implications of IoT were introduced in Butun et. al (2019). Most of the research conducted in the area is focused on software-related security principles but Butun et al. (2020) showed the importance of hardware-assisted security. These points apply equally to automotive security as well.
Vehicle communications can be categorized into two parts, which are inter-vehicle communications and in-vehicle communications. Inter-vehicle communications transfer information between vehicles and other objects including pedestrians and infrastructure, while in-vehicle communications provide communication channels inside of a vehicle.
Key Terms in this Chapter
Controller Area Network (CAN): A networking technology used for in-vehicle communication. It is currently the most common bus used in the network of a vehicle. Messages being sent on the CAN bus are referred to as CAN frames.
On-Board Diagnostics 2 (OBD2): A diagnostics system used in vehicles to monitor the other systems of the vehicle. The system is connected to the CAN bus.
X-by-Wire: A term used to describe that the automotive functionality X (which might be steering, braking, etc.) is achieved through an electrical system, instead of a mechanical one. The signals necessary for the functionality thus travel by wire.
Local Interconnect Network (LIN): A networking technology used for in-vehicle communication. Compared to other technologies, LIN is relatively cheap and is mostly used in less time-crucial parts in the network of a vehicle.
Decision Support System (DSS): A subsystem responsible for aiding decision-making by compiling and presenting data to the decision-maker.
Intrusion Detection System (IDS): A system that detects intrusions in a network by inspecting the traffic, trying to identify malicious packets.
Electronic Control Unit (ECU): An embedded system used to control the electric subsystems in vehicles.
FlexRay: A networking technology used for in-vehicle communication. Compared to CAN, it is faster and more reliable. However, it’s also more expensive.
Internet of Things (IoT): Small electronic systems connected to the internet, usually with limited computational resources.
In-Vehicle Communication: The communication used internally within the vehicle, between different sub-systems. For example, the signals that release the airbag are an example of in-vehicle communication.
IT Security: The security of an IT system, meaning its resilience of cyber-attacks targeting assets. It maintains the confidentiality and integrity of sensitive information and guarantees that the system is not made unavailable because of a cyber-attack.
Automotive Ethernet: Ethernet technology used in a vehicle that has the functionality necessary to replace other in-vehicle networking technologies.
Automotive Security: The IT security of an automotive vehicle system.