Comprehensive experimental analyses of automotive attack surfaces

Proceedings of the 20th USENIX Security Symposium

Volumn , Issue , 2011, Pages 77-92

  Checkoway, Stephen ^a   McCoy, Damon ^a   Kantor, Brian ^a   Anderson, Danny ^a   Shacham, Hovav ^a   Savage, Stefan ^a   Koscher, Karl ^b   Czeskis, Alexei ^b   Roesner, Franziska ^b   Kohno, Tadayoshi ^b  

^a UNIVERSITY OF CALIFORNIA   (United States)

^b UNIVERSITY OF WASHINGTON   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

CONTROL SYSTEM SYNTHESIS;

AUTOMOTIVE ECOSYSTEMS; CELLULAR RADIOS; EXPERIMENTAL ANALYSIS; INTERNAL NETWORK; STRUCTURAL CHARACTERISTICS; THREAT MODELING; VEHICLE CONTROL; WIRELESS COMMUNICATIONS;

AUTOMOBILES;

EID: 85061034567     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (28)

1. BBC. Hack attacks mounted on car control systems. BBC News, May 17, 2010. Online: Http://www.bbc.co. uk/news/10119492.
2. S. Bono, M. Green, A. Stubblefield, A. Juels, A. D. Rubin, and M. Szydlo. Security analysis of a cryptographicallyenabled RFID device. In P. McDaniel, editor, USENIX Security 2005, pages 1-16. USENIX Association, July 2005.
3. R. Boyle. Proof-of-concept CarShark software hacks car computers, shutting down brakes, engines, and more. Popular Science, May 14, 2010. Online: Http: //www.popsci.com/cars/article/2010-05/researchers-hack-car-computersshutting-down-brakes-engine-and-more.
4. CAMP Vehicle Safety Communications Consortium. Vehicle safety communications project task 3 final report, Mar. 2005. Online: Http://www.intellidriveusa. org/documents/vehicle-safety.pdf.
5. R. Charette. This car runs on code. Online: Http: //www.spectrum.ieee.org/feb09/7649, Feb. 2009.
6. T. Eisenbarth, T. Kasper, A. Moradi, C. Paar, M. Salmasizadeh, and M. Manzuri Shalmani. On the power of power analysis in the real world: A complete break of the KeeLoq code hopping scheme. In D. Wagner, editor, Crypto '08, volume 5157 of LNCS, pages 203-20. Springer-Verlag, Aug. 2008.
7. N. Falliere, L. O Murchu, and E. Chien. W32.Stuxnet dossier version 1.3, Nov. 2010. Online: Http://www.symantec.com/content/en/ us/enterprise/media/security_response/ whitepapers/w32_stuxnet_dossier.pdf.
8. FlexRay Consortium. FlexRay communications system protocol specification version 2.1 revision A, Dec. 2005. Online: Http://www.flexray.com/index. php?pid=47.
9. A. Francillon, B. Danev, and S. Capkun. Relay attacks on passive keyless entry and start systems in modern cars. In A. Perrig, editor, NDSS 2011. ISOC, Feb. 2011.
10. T. Hoppe, S. Kiltz, and J. Dittmann. Security threats to automotive CAN networks - practical examples and selected short-term countermeasures. In M. D. Harrison and M.-A. Sujan, editors, SAFECOMP 2008, volume 5219 of LNCS, pages 235-248. Springer-Verlag, Sept. 2008.
11. S. Indesteege, N. Keller, O. Dunkelman, E. Biham, and B. Preneel. A practical attack on KeeLoq. In N. Smart, editor, Eurocrypt '08, volume 4965 of LNCS, pages 1-18. Springer-Verlag, Apr. 2008.
12. ISO. ISO 11898-1:2003 - Road vehicles - Controller area network. International Organization for Standardization, 2003.
13. F. Kargl, P. Papadimitratos, L. Buttyan, M. Müter, E. Schoch, B. Wiedersheim, T.-V. Thong, G. Calandriello, A. Held, A. Kung, and J.-P. Hubaux. Secure vehicular communication systems: Implementation, performance, and research challenges. IEEE CommunicationsMagazine, 46(11):110-118, 2008.
14. K. Koscher, A. Czeskis, F. Roesner, S. Patel, T. Kohno, S. Checkoway, D. McCoy, B. Kantor, D. Anderson, H. Shacham, and S. Savage. Experimental security analysis of a modern automobile. In D. Evans and G. Vigna, editors, IEEE Symposium on Security and Privacy. IEEE Computer Society, May 2010.
15. U. E. Larson and D. K. Nilsson. Securing vehicles against cyber attacks. In A. Mili and A. Krings, editors, CSIIRW '08, pages 30:1-30:3. ACM Press, May 2008.
16. J. Leyden. Boffins warn on car computer security risk. The Register, May 14, 2010. Online: Http://www.theregister.co.uk/2010/05/ 14/car_security_risks/.
17. P. Magney. iPod connections expected in more than half of U.S. car models in 2009. Online: Http://www. isuppli.com/Automotive-Infotainmentand-Telematics/MarketWatch/Pages/iPod-Connections-Expected-in-More-than-Half-of-U-S-Car-Models-in-2009.aspx, Oct. 2008.
18. J. Markoff. Stung by security flaws, Microsoft makes software safety a top goal. The New York Times, Jan. 2002.
19. C. Mundie. Trustworthy computing. Online: Http: //download.microsoft.com/download/ a/f/2/af22fd56-7f19-47aa-8167-4b1d73cd3c57/twc_mundie.doc, Oct. 2002.
20. NPR. 'Rifle' sniffs out vulnerability in bluetooth devices. All Things Considered, Apr 13, 2005.
21. M. Raya and J.-P. Hubaux. Securing vehicular ad hoc networks. Journal of Computer Security, 15(1):39-68, 2007.
22. I. Rouf, R. Miller, H. Mustafa, T. Taylor, S. Oh, W. Xu, M. Gruteser, W. Trappe, and I. Seskar. Security and privacy vulnerabilities of in-car wireless networks: A tire pressure monitoring system case study. In I. Goldberg, editor, USENIX Security 2010, pages 323-338. USENIX Association, Aug. 2010.
23. D. Spill and A. Bittau. Bluesniff: Eve meets alice and bluetooth. In D. Boneh, T. Garfinkel, and D. Song, editors, WOOT 2007, pages 1-10. USENIX Association, 2007.
24. P. R. Thorn and C. A. MacCarley. A spy under the hood: Controlling risk and automotive EDR. Risk Management, Feb. 2008.
25. J. Vijayan. Update: Android gaming app hides Trojan, security vendors warn. Computerworld, Aug. 17, 2010. Online: Http://www.computerworld.com/s/ article/9180844/Update_Android_gaming_ app_hides_Trojan_security_vendors_ warn.
26. M. Wolf, A. Weimerskirch, and C. Paar. Security in automotive bus systems. In C. Paar, editor, ESCAR 2004, Nov. 2004.
27. M. Wolf, A. Weimerskirch, and T. Wollinger. State of the art: Embedding security in vehicles. EURASIP Journal on Embedded Systems, 2007.
28. Y. Zhao. Telematics: Safe and fun driving. Intelligent Systems, IEEE, 17(1):10-14, Jan./Feb. 2002.