How to Secure the Connected Car

Sammanfattning: In recent years, information technology has entered the automobile domain. Most of the functionality in a car is now controlled by electronics and software. There is a trend among automobile manufacturers to perform administrative procedures such as diagnostics and firmware updates over a wireless communication channel and to provide various services that allow hand-held devices such as cell phones and PDAs to interact with the vehicle. Thus emerges the notion of the connected car. As external wireless communication is allowed to interact with the vehicle, a number of security risks are introduced. Achieving proper authentication and secure communication thus becomes a critical issue. The vehicle domain has traditionally only dealt with safety concerns; however, the security risks create a need to consider an intelligent attacker and appropriate security solutions in this domain.This thesis focuses on how to secure the connected car. A defense-in-depth perspective is employed to do this by means of different approaches. Various measures for prevention including authentication and integrity principles for vehicle-to-infrastructure and device-to-vehicle communication are applied. In addition, measures for prevention, detection and deflection of attacks targeting the in-vehicle network are developed. After an attack has occurred, forensics is performed to reconstruct the event and aid in locating the cyber criminals responsible. Achieving a proper level of security in the car is a challenge, given the environment, the usage scenarios and the safety concerns. Thus, while security solutions must be adapted to support the specific characteristics of the connected car, applying only one security solution for a safety-critical system such as a car may not be sufficient. Several protection mechanisms based on different approaches should be incorporated to secure the connected car and to ensure the safety of its driver and passengers.