Analysis of Protection Mechanisms for Cybersecurity in Automotive Systems

Today's vehicles are increasingly dependent on software to control their functions. Updating and maintaining software in vehicles has therefore become a costly process for the automotive industry. The introduction of wireless communication in vehicles can greatly improve vehicle maintenance and also bring many other new applications to vehicles. However, safety was not considered during the development of the vehicle. As it is a safety-critical vehicle, it is crucial that such new remote services do not violate the vehicle's safety requirements. Thus, this thesis outlines the status of cybersecurity in the automotive sector by identifying the common vulnerabilities and threats arising from current network topologies and communication interfaces. This thesis was written as a company thesis at 4S, a consulting company active in the automotive industry, which is highly qualified in the development of electronic control systems for the aspects of functional safety and cybersecurity. In addition, I performed a security protocol verification for a security mechanism to prevent cyber-attacks in vehicles with a Controller Area Network (CAN) based architecture. The proposed protocol was developed by Fiat Powertrain Technologies (FPT) Industrial, and the current state of this innovation idea is patent pending. FPT Industrial focuses on CAN, as it is a technology that will also be used in future vehicle architectures. The CAN protocol does not provide direct support for secure communication. Retrofitting the protocol with security mechanisms is a challenge given the limited data rates, as the bus load can increase significantly. I worked on a security mechanism that keeps the bus load as low as possible, and I explain how I perform a security protocol verification using the Proverif automatic cryptographic protocol verifier. Based on my studies, I show that the security mechanism can achieve a high level of security while keeping the communication overhead (e.g., bus load and message latency) at a reasonable level.