View article

Modern automotive vehicles are becoming a collection of interconnected embedded subsystems, where the mechanical parts are controlled by electronic ones and the vehicle is transformed into a mobile information system. However, the industry standards for in-vehicle communication are not following long-established computer security policies. This trend not only makes vehicles prone to thefts and automated attacks, but also endangers passengers safety.

This paper analyzes current practices and standards of the automotive industry, highlighting several vulnerabilities that stress the need to change the way that in-vehicle communication is handled. To this end, we present a novel vehicle security architecture that supports two new features; users with different access rights and roles, and mutual authentication of ECUs. These features can enable a more distributed security architecture and prevent many attacks …