A Hardware-based Secure Communication Module to Protect Internet Connected Vehicles

Information technology has not only been a driving force of the car industries within the last couple of years but it even seems to be of growing importance for the unforeseeable future. The inclusion of information technology is accompanied with the promise of increased comfort and the prospect that future autonomous and connected cars will become a place to spend our time while being on the road. Thus, car manufacturers strive to equip their next-generation cars with wireless network interfaces (e.g. WiFi, BlueTooth and 3G/4G) and to provide various services based on that. The availability of a wireless interface enables, on the one hand remote maintenance services (such as Over-the-Air (OTA) software updates and OTA calibration) at the passengers convenience and a whole eco-system of smart services based on access to the Internet and car-to-car/infrastructure/road/smartphone communication. On the other hand, the availability of telemetry data is a big chance for the manufacturers to obtain data on the performance of their fleet under real-life conditions. However, at the same time, a bi-directional interface that is always connected to the Internet opens up the threat of adversarial intrusion and hacked vehicles, which are, in the worst case, remote-controlled by hackers, or even malware - transforming hacked cars into driving botnets. Therefore, the need arises to implement security features to guarantee the passengers safety while maintaining functionality and comfort. In 2015 two security researchers demonstrated their attack on an unmodified Jeep Cherokee, allowing them to remotely control critical components like the steering or even the breaks of the vehicle. Also other research groups have implemented remote attacks showing the weaknesses of today’s internet connected cars. To increase security of the communication link of such vehicles, this thesis focuses on the development of a hardware-based Secure Communication Module (SCM). Such a module should provide a secure way for communication over the Internet. As the vehicle’s first layer of defense it should work as a firewall as well as a gateway to the inner-vehicle network. Being exposed to the Internet, the operation system of the SCM also needs to be hardened. Additionally, the SCM should isolate the internal car network, preventing malicious control of in-vehicle components. After designing a security concept based on well-known security techniques an ARM Cortex-A9 board i ii running an adopted Linux was used as prototype of an vehicular SCM. A penetration test was performed by an external company, specialized in security audits. The prototype was rated to provide adequate security for connected cars against external attacks. Beside the security, also the functionality was evaluated. Therefore the newly developed SCM was integrated into a car and an OTA firmware update of an internal car component was successfully performed. In contrast to an equivalent update without the security module, the main difference was an increased latency because of the additional device. This cost of a bit slower connection for increased security was accepted for an prototype. Because security is a rather new topic in the automotive industry the main goal of this thesis is to show one approach how a secure communication link can be implemented for connected cars. This can be used as basis for further research and my contribute to more security in a highly connected world. Even though this work is written with the aspect of automotive security, many concepts can be also used in the rapidly growing Internet of Things (IoT) field.