The modern car consists of interconnected electronic components that control various aspects of the vehicle. With security researchers revealing a series of vulnerabilities, it has become evident that car manufacturers need more security in their design and development. The controller area network bus is one of the standard buses used in the modern automobile. However, it is not safe and secure and poses a potential threat to car manufacturers, dealers, suppliers, owners, and users. Automobile manufacturers can employ various security measure such as encryption, device authentication, network segmentation, access controls and credential management among others to ensure protection and security of car users. Though automobile security is a relatively recent development, with increased computerization and connectivity of vehicular components, manufacturers need to ensure safety, protection, and security of the various systems on the vehicle.
Keywords: car hacking, automotive security, vehicle computerization, CAN bus, electronic control unit
S more cars become increasingly computerized, they become more susceptible to hackers. Researchers have shown that hackers can use a vulnerability in a cars system to have control of the various aspects of the vehicle and cause all sorts of troubles. The vulnerabilities in the automobile securities range from ordinary attacks such as flashing the lights of the vehicle to terrifying stuff such as the attacker remotely gaining access to the whole vehicle. A hacker has the possibility of compromising some of the electronic components of a vehicle and cause it to behave erratically. Despite car makers stepping up their efforts to improve the security of their cars, more needs to be done. So far, there have been few cases of car hacking except for the demonstrations by researchers on certain vulnerabilities. However, in the coming days, car security would become an important issue for car users. This reaffirms the need for automobile manufacturers to improve the security on their system. In this paper, I will be educating you on the current state of automotive security and potential solutions to the problems.
SECURITY VULNERABILITIES IN AUTOMOBILES
The modern automotive consists of interconnected components managed by the onboard computer systems on the vehicle. The interconnected components in a vehicle include brake controller, the engine management system, door locks, sound systems, set controls, communication systems and much more. Because of the interconnectivity of the various components in the vehicle, an attacker could enter one system before turning to exploit another system . A weakness in any component in a vehicle is a possible point that an attacker could use to get access to the other systems of the vehicle. At the core of the interconnected system of a modern vehicle, there is the controller area network bus (CAN bus). The CAN bus architecture was developed to be lightweight and robust and allow communication between various vehicular components . However, the CAN design is a low-level protocol that is unable to implement any security features and hence contains numerous vulnerabilities. The architecture lacks segmentation and boundary defense, device authentication and encryption.
Network segmentation is important in preventing attackers from getting access to sensitive parts once they have gained access to a network. By using proper segmentation, designers can minimize the level of access to unauthorized people or applications while at the same time enabling access to the authorized ones . While the CAN bus architecture uses various electronic control units to manage the different functions of the vehicle, all sections of the bus have a common connection at some point. This means that if an attackers have access to one system, they can have control of the other system as a result of the common connection points . Another vulnerability in the CAN bus architecture is the absence of device authentication on the system. The network consists of different controllers performing different functions. When a controller broadcasts data onto the bus, the data becomes to all other components of the vehicle regardless of whether they require the data or not . Under normal circumstances, such a system works well. However, it does not prevent unauthorized devices from broadcasting or listening for information. Finally, lack of encryption can be a possible entry point for hackers. Unencrypted messages can result in the traffic being sniffed by appropriate hardware. Such hardware is available at low-cost prices and enables an attacker to snip CAN data in transit . Also, lack of encryption implies that there is no way for the system to guarantee message authenticity. The vulnerabilities of the CAN bus architecture reaffirm the need for manufacturers to produce more secure products.
MOTIVATIONS FOR AUTOMOTIVE SECURITY ATTACKS
One of the most crucial requirements for improving the security of a system is understanding the objectives, motivations, and actions of the attackers. There are many motivations for hacking a vehicle. They include theft, espionage, research and owner needs. Among these motivations, theft ranks the highest. Thieves have long targeted vehicles due to them being high valued assets. With the recent increase in automobile computerization and the inclusion of features such as keyless entry, stealing has become less physical and inconspicuous . Other than stealing the vehicle and commodities inside it, thieves may start targeting the increasing volume of sensitive and private information stored in vehicles. Another motivation for automotive security attack is espionage. The infotainment system in modern vehicles tracks and record confidential information such as call history, contacts, and location history. With the increasing popularity of such systems, attackers can exploit them to track and eavesdrop on people . Apart from attackers with ill motives, car owners may hack their vehicles with the aim of improving performance, carrying out maintenance and repairs or remove certain restrictions imposed by car manufacturers. Finally, researchers may hack automobiles to highlight vulnerabilities before the bad guys can use them to carry out attacks for selfish gains . A Proper understanding of the motivations for hacking automobiles allows security designers to improve and strengthen the systems in a vehicle.
SECURING THE AUTOMOBILE
The potential threats and vulnerabilities call for designing secure automotive systems. Though automotive security is relatively recent, strong technologies and expertise in other industries can be adapted to improve security. Developers can incorporate secure development processes as used in other fields to ensure the security of their new vehicles by design . The principles that lead to safe cars also apply to security. In general, reliability, safety, privacy, and security must all begin at the groundworks during the design phase. To ensure that the design of the systems is secure, the vehicles threat model should anticipate different types of threats and strive to alleviate them. The security designer should develop layers of protection that can isolate threats before they can affect the operations of the vehicle . There are a set of security tools ranging from data encryption to isolation of software elements by function available to the vehicle security architect. Also, a combination of software and hardware functions based on specific requirements can assist in reducing costs while improving performance goals.
The security of the computerized systems in automotive is a collaborative approach that should aim to detect and correct threats that are identifiable and avoidable and protect from previously unknown threats. There are four levels of security that designers need to consider. These are hardware security, software security, network security, and cloud-based security services. Hardware security systems protect the operational vehicular components from deliberate and accidental damage . The various hardware security building blocks include secure boot, trusted execution technology, tamper protection, cryptographic acceleration, active memory protection and device identity on every device. Software security, on the other hand, protects the components from non-physical attacks. Software technologies that can be used to protect the vehicle include secure boot, partitioned operating systems, authentication and enforcement of appropriate behavior . Apart from hardware and software securities, designers also have to ensure network security. With the modern vehicle carrying operational and personal identifiable information, message and data protection over the communication bus are crucial for privacy, security, and consumer trust . Hardware assisted technologies that can assist in securing networks without affecting performance include message and device authentication and access controls. Finally, the vehicle would require cloud-based security services to protect against real-time security threats. Real-time protection involves using secure authenticated channels when connecting to the cloud, remote monitoring of activities, credential management, and over-the-air updates . Other than the security levels, users must also be educated about the various security aspects of the vehicle as well as potential threats so as to minimize or eliminate the vulnerabilities.
Computerization of vehicles has resulted in increased safety, functionality and value for vehicles. The modern car is a complex system that consists of numerous electronic control units that control various functions of the vehicles. The components communicate with each other via the controller area network bus which is inherently vulnerable to attacks. With recent security research revealing these vulnerabilities, it has become important for car manufacturers to ensure protection and safety of their vehicles by employing strict security measures. Some of the methods that can ensure the security of vehicular components include secure boot, trusted execution technology, tamper protection, cryptographic acceleration, active memory protection, device identity and authentication, access controls, using partitioned operating systems, remote monitoring of activities, credential management, and over-the-air updates. The time has come for vehicle manufacturers to stop simply fixing security flaws, but start designing and building systems that are secure from the ground up.
T. Ring, Connected cars the next target for hackers, Network Security, no. 11, pp.11-16, Nov. 2015.
P. Borrows, Car hacking, New Scientist, vol. 217, no. 2901, p. 33, 2013.
Car Hacking: You Cannot Have Safety without Security, Resources.infosecinstitute.com, 2016. [Online]. Available: http://resources.infosecinstitute.com/car-hacking-safety-without-security/Diagram of electronic components in a car CHM Revolution, Computerhistory.org, 2016. [Online]. Available: http://www.computerhistory.org/revolution/real-time-computing/6/134/548 [Accessed: 06- Oct- 2016].
C. Baraniuk, Forget carjacking, car hacking is the future, New Scientist, vol. 227, no. 3033, p. 19, 2015.
M. Schellekens, Car hacking: Navigating the regulatory landscape, Computer Law & Security Review, vol. 32, no. 2, pp. 307-315, Apr. 2016.
Car Hacking | Argus Cyber Security, Argus-sec.com, 2016. [Online]. Available: https://argus-sec.com/car-hacking. [Accessed: 06- Oct- 2016]
If you are the original author of this essay and no longer wish to have it published on the midtermguru.com website, please click below to request its removal:
- Essay on Social Media and Technology Impacts in Our Lives
- Essay on Air Transport: Does More Speed Matter?
- Technology and Social Change - Essay Sample
- Essay on Ring Modulator
- Significance of Drones in Disaster Management and Commerce
- The Importance of Turkey in Energy Hubs and Renewable Energy
- Essay Example on UK Energy Industry