Designing Security for In-vehicle Networks: A Body Control Module (BCM) Centered Viewpoint

Bogdan Groza, Horatiu-Eugen Gurban, Pal-Stefan Murvay
2016 2016 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshop (DSN-W)  
The overabundance of attacks reported on in-vehicle networks triggered reactions from both the academic research communities and industry professionals. However, designing security for in-vehicle networks is a challenging task and it is yet unclear to what extent current proposals are suitable for real world vehicles. In this work, we advocate the use of a top-down approach in which we analyze the functionalities along with reported attacks. Due to the abundance of in-vehicle services and the
more » ... sociated large number of Electronic Control Units (ECUs), we center our analysis on a key subsystem from the car: the Body Control Module (BCM). The rationale behind choosing this particular module comes from at least three key factors: i) a large number of components that are directly linked to the BCM were target of previously reported attacks (e.g., keys and electronic immobilizes, tire sensors, diagnostic ports, etc.), ii) by design, body components are generally exposed to the outside and it is reasonable to assume that adversaries will frequently have access to peripherals controlled by the BCM, iii) the BCM controls subsystems that are both attractive from an economic perspective (e.g., access to the car), or from a safety perspective (e.g., seat-belts, lights, etc.). Our discussion is entailed by a concrete analysis of the risks of reported attacks and preferable security designs.
doi:10.1109/dsn-w.2016.26 dblp:conf/dsn/GrozaGM16 fatcat:wx53tqt4nng4tpvbbrx2xmp66q