In Chapter 1, we peered into the vehicle E/E architecture layer by layer to understand its layout, interfaces, networks, and various electronic components. While doing so, we got a glimpse of the objects of value that needed protection and some of the adverse consequences of successful attacks. In this chapter, we will review some fundamental security concepts, methods, and principles that are especially applicable to automotive use cases. Building this foundation is a prerequisite for the later chapters, where we will explore vehicle threats, the methodology for treating them, and the technical cybersecurity controls to mitigate them.

If you are skilled in the art of general cybersecurity, this chapter will give you an automotive perspective on how to apply the security fundamentals to automotive use cases. If you’re not, this chapter should be treated as a crash course in cybersecurity to enable future learning. Rather than...

In the context of automotive systems, an attack is an action that’s performed by an adversary that aims to either compromise the vehicle information or the vehicle’s ability to carry out its operational, security, or safety objectives. Perhaps you are wondering why someone would want to attack a vehicle in the first place. As we have seen from famous hacks of enterprise and IT systems, one main motivation for attackers is financial gain. A classic attack example is to roll back the vehicle odometer to cheat the leasing company from mileage overage charges. A more recent type of attack on vehicles is bypassing electronic security systems to facilitate vehicle theft. Another financially motivated attack is modifying vehicle features to gain better performance or unlock features that the original equipment manufacturer (OEM) hides behind a paywall. But not all attackers are financially motivated as some organized crime or even nation states may...

A common way to analyze the security of a system is to evaluate if it has achieved its security objectives. These objectives can be grouped into five classes: integrity, authenticity, confidentiality, accountability, and availability. A typical automotive system will aim to achieve a subset of these objective classes. In the following subsections, we will explore each class of security objectives and give examples of how they apply to automotive systems.

Integrity

If you have worked in functional safety, then integrity is a familiar concept that ensures data is protected from corruption due to random or systematic faults in a system. In the context of cybersecurity, integrity has a more general meaning as it is concerned with protecting data not only from accidental corruption but also from malicious tampering. At a high level, a vehicle aims to protect the integrity of its data and safeguard its ability to correctly control its functions within...

The study of mathematical procedures that process or alter data to conceal and authenticate information and its sources is known as cryptography. The field has had a fascinating past with a decisive influence in protecting national secrets during critical periods of world history. The great advances in Information Technology (IT) called for stronger cryptographic methods as an enabling technology for greater connectivity and information sharing. More recently, cryptography has gained an added sense of allure due to the rise of cryptocurrency, which has garnered the attention of millions of people from all walks of life. In this section, we will try to demystify some of the basic concepts of cryptography and show how to apply them to common automotive use cases to achieve some of the security objectives presented earlier in this chapter. This section is meant to give you an introduction to important concepts that should make it easier for...

As we saw in the previous section, cryptography provides a foundation for achieving our security objectives. But besides security through cryptography, several equally important security principles ensure that the established trust provided through cryptography is sustained throughout the life of the product. In this section, we’ll explore a subset of NIST-recommended security principles that we deem most relevant to automotive systems. You are encouraged to read the full list [23] and find additional principles that may apply to your system.

Defense in depth

Building automotive systems that are resilient to cyberattacks requires a multi-layered approach to security that holistically secures the vehicle, starting with external supporting systems such as the cloud and backend infrastructure, down to securing the smallest hardware and software components that are relevant to cybersecurity within the vehicle. Relying on a single security protocol or control...

In this chapter, we started by defining the different attack types that must be considered when building secure automotive systems. These attack types form a reference for future attacks that we will explore during the threat analysis phase. We then introduced the five main security objectives that any automotive system aims to achieve. These objectives will serve as parent objectives for our vehicle-level security goals. Next, we provided a crash course on cryptography and showed how to use its mechanisms to satisfy several of our security objectives. To complement these cryptographic mechanisms, we sampled the most common security principles that should influence the design of automotive systems. By covering these topics, we have established a good base for understanding security fundamentals and how they relate to automotive use cases.

While this chapter is by no means a comprehensive resource on all these topics, it should serve as an enabler to help you explore each...

To learn more about the topics that were covered in this chapter, take a look at the following:

• [1] https://csrc.nist.gov/Projects/cryptographic-standards-and-guidelines.
• [2] The Codebreakers, by Kahn.
• [3] Handbook of Applied Cryptography, Discrete Mathematics and Its Applications, by Alfred J. Menezes (Author).
• [4] Cryptography and Network Security, Principles and Practice, by William Stallings.
• [5] https://github.com/robertdavidgraham/ecb-penguin.
• [6] NIST SP800-90A: Recommendation for Random Number Generation Using Deterministic Random Bit Generators: https://csrc.nist.gov/publications/detail/sp/800-90a/rev-1/final.
• [7] NIST SP800-90B: Recommendation for the Entropy Sources Used for Random Bit Generation: https://csrc.nist.gov/pubs/sp/800/90/b/final.
• [8] National Institute of Standards and Technology (2008) The Keyed-Hash Message Authentication Code (HMAC). US Department of Commerce, Washington, DC, Federal Information Processing...