User: Password:
Subscribe / Log in / New account

Linux and automotive computing security

Linux and automotive computing security

Posted Oct 12, 2012 22:06 UTC (Fri) by Cyberax (✭ supporter ✭, #52523)
In reply to: Linux and automotive computing security by rgmoore
Parent article: Linux and automotive computing security

So how is it going to be better if tire sensors now have TCP/IP stack with OpenSSL for PKI implementation?

The car-local network is a postcard example for a local airgapped network. It makes no sense to try to make every component secure, it's much better to have a secure perimeter where any external data input is treated as potentially malicious.

(Log in to post comments)

Tire-sensors and the law

Posted Oct 13, 2012 2:29 UTC (Sat) by Max.Hyre (guest, #1054) [Link]

My understanding (i.e., I'm too lazy to look it up right now) is that the law mandates these radio transmitters for tire sensors, and actually prohibits doing it by comparing wheel rotation rates. Of course, using sensors already in place (for ABS &c.) would markedly reduce the attack surface. I've always wondered whether this was done so that all new cars are now trackable remotely for some small-ish value of remote.

Now who would want that?
(/me puts on tinfoil hat back on)

Linux and automotive computing security

Posted Oct 14, 2012 21:57 UTC (Sun) by rgmoore (✭ supporter ✭, #75) [Link]

I think I've actually described it wrong; the problem is not with the tire pressure sensors, per se, but with the receiver. The designers seem to have treated the pressure sensor and receiver as a unit that was entirely inside the car, rather than treating the signal from the pressure sensors as an untrusted input. Researchers were able to crack the receiver by sending a spoof signal.

I think this is a good example of the drawback of relying on perimeter security; it's brittle. If you fail to consider one source of potentially malicious data (or consider it but fail to secure it adequately), the whole system falls apart. I think you'd be much better off with some kind of defense in depth so that a single security failure doesn't bring down the whole system. Otherwise, you're left with a car that can be hacked because the designers didn't think that somebody might spoof the signals from the wireless tire pressure sensors.

Maybe a full encrypted and authenticated TCP/IP stack is overkill, and a better CAN implementation can provide an adequate level of protection. But basing everything, including the internal message bus, on a standardized platform that's known to have good security seems like a big step forward.

Linux and automotive computing security

Posted Oct 15, 2012 1:36 UTC (Mon) by Cyberax (✭ supporter ✭, #52523) [Link]

What kind of security can a bus provide? CAN is as simple as it gets for its purposes - it's a very simple broadcast-only shared-media bus with prioritized messages.

If you try to replace it with Ethernet then you'll get loads of problems, starting with a requirement to have point-to-point connections between endpoints and switches and then moving on to DoS protection and priority-based transmission.

And security guarantees won't get any better - Ethernet does not guarantee anything.

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds