Towards a distributed secure in-vehicle communication architecture for modern vehicles

Modem automotive vehicles are becoming a collection of interconnected embedded subsystems, where the mechanical parts are controlled by electronic ones and the vehicle is transformed into a mobile information system. However, the industry standards for in-vehicle communication are not following long-established computer security policies. This trend not only makes vehicles prone to thefts and automated attacks, but also endangers passengers safety. This paper analyzes current practices and standards of the automotive industry, highlighting several vulnerabilities that stress the need to change the way that in-vehicle communication is handled. To this end, we present a novel vehicle security architecture that supports two new features; users with different access rights and roles, and mutual authentication of ECUs. These features can enable a more distributed security architecture and prevent many attacks, or at least trigger adequate alarms to detect and mitigate them, or allow backtracking. (C) 2013 Elsevier Ltd. All rights reserved.