Automotive IT-Security as a Challenge: Basic Attacks from the Black Box Perspective on the Example of Privacy Threats

  • Tobias Hoppe
  • Stefan Kiltz
  • Jana Dittmann
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5775)

Abstract

Since automotive IT is becoming more and more powerful, the IT-security in this domain is an evolving area of research. In this paper we focus on the relevance of the black box perspective in the context of threat analyses for automotive IT systems and discuss typical starting points and implications of respective attacks. We put a special focus on potential privacy issues, which we expect to be of increasing relevance in future automotive systems. To motivate appropriate provision for privacy protection in future cars we discuss potential scenarios of privacy violations. To underline the relevance even today, we further present a novel attack on a recent gateway ECU enabling an attacker to sniff arbitrary internal communication even beyond subnetwork borders.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Wolf, M., Weimerskirch, A., Wollinger, T.: State of the Art: Embedding Security in Vehicles. EURASIP Journal on Embedded Systems 2007, Article ID 74706, 16 (2007)CrossRefGoogle Scholar
  2. 2.
    Büker, U., Schmidt, R., Fahreridentifikation, B.: Automotive Security, VDI-Berichte Nr. 2016. In: Proceedings of the 23. VDI/VW Gemeinschaftstagung Automotive Security, Wolfsburg, Germany, November 27-28. VDI-Verlag (2007)Google Scholar
  3. 3.
    Hoppe, T., Dittmann, J.: Vortäuschen von Komponentenfunktionalität im Automobil: Safety- und Komfort-Implikationen durch Security-Verletzungen am Beispiel des Airbags. In: Sicherheit 2008; Sicherheit - Schutz und Zuverlässigkeit, Saarbrücken, Germany (2008)Google Scholar
  4. 4.
    VUFO-Verkehrsunfallforschung an der TU Dresden GmbH(January 2009), http://www.verkehrsunfallforschung.de/
  5. 5.
    BOSCH CAN (January 2009), http://www.can.bosch.com/
  6. 6.
    Vector Informatik CANoe (January 2009), http://www.vector.com/vi_canoe_de.html
  7. 7.
    Hoppe, T., Kiltz, S., Dittmann, J.: IDS als zukünftige Ergänzung automotiver IT-Sicherheit. In: Horster, P. (ed.) DACH Security 2008; Bestandsaufnahme, Konzepte, Anwendungen, Perspektiven; Syssec (2008)Google Scholar
  8. 8.
    Weyl, B.: Secure and Privacy-Preserving Car-to-X Applications: C2C-CC Baseline Concepts, escar – Embedded Security In Cars, Munich, Germany, November 6-7 (2007)Google Scholar
  9. 9.
    Wolf, M., Weimerskirch, A., Paar, C.: Sicherheit in automobilen Bussystemen, Automotive - Safety & Security 2004, Oktober 6-7. Universität Stuttgart (2004)Google Scholar
  10. 10.
    BMW Teleservice Diagnosis and Help (Teleservice of the BMW Connected Drive system) (January 2009), http://www.bmw.com/com/en/insights/technology/connecteddrive/bmw_teleservices_2.html

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Tobias Hoppe
    • 1
  • Stefan Kiltz
    • 1
  • Jana Dittmann
    • 1
  1. 1.Research Group on Multimedia and SecurityOtto-von-Guericke University of MagdeburgMagdeburgGermany

Personalised recommendations