0% found this document useful (0 votes)

32 views

IoT Security Connected Car

Uploaded by

rojakiran43

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

32 views

IoT Security Connected Car

Uploaded by

rojakiran43

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 31

BIRLA INSTITUTE OF TECHNOLOGY & SCIENCE, PILANI

WORK-INTEGRATED LEARNING PROGRAMMES DIVISION

IOT SECURITY IN CONNECTED VEHICLES

Cloud, IOT and Enterprise Security

SSZG570

Submitted by:
1. 2023MT12086 – RAVI KUMAR POGIRI
2. 2023MT12099 – B RAMESH BABU
3. 2023MT12120 – KIRAN KUMAR KASIREDDY

1|Page
2023MT12086/2023MT12099/2023MT12120
BIRLA INSTITUTE OF TECHNOLOGY & SCIENCE, PILANI
WORK-INTEGRATED LEARNING PROGRAMMES DIVISION

Contents
Introduction:........................................................................................................................................... 4
Connected Car Architecture: .................................................................................................................. 6
In-Vehicle Network: ........................................................................................................................... 6
Communication Systems: ................................................................................................................... 8
Backend Services ................................................................................................................................ 9
User Interfaces ................................................................................................................................... 9
Security Principles and Techniques ..................................................................................................... 10
Assumptions for connected car ........................................................................................................... 10
Threat Landscape for Connected Vehicles .......................................................................................... 11
In-Vehicle Network Threats ............................................................................................................. 11
Communication Systems (V2V, V2I, and V2X) Threats ................................................................... 12
Backend Services Threats ................................................................................................................. 12
User Interfaces Threats .................................................................................................................... 13
Overall Impact and Potential Risks .................................................................................................. 14
Business Requirements and Risk Assessment for Connected Vehicles .............................................. 15
Business Requirements .................................................................................................................... 15
Risk Assessment ............................................................................................................................... 16
Use Cases and Business Processes for Connected Vehicles ................................................................ 18
Use Case 1: Vehicle Health Monitoring and Diagnostics ................................................................ 18
Use Case 2: Over-the-Air (OTA) Updates ......................................................................................... 18
Use Case 3: Emergency Assistance and Collision Avoidance .......................................................... 19
Use Case 4: Smart Parking Management ........................................................................................ 20
Use Case 5: Enhanced Navigation and Traffic Management .......................................................... 20
High-Level Security Architecture for Connected Vehicles .................................................................. 22
In-Vehicle Security ............................................................................................................................ 23
Components .................................................................................................................................. 23
Security Principles ......................................................................................................................... 23
Techniques .................................................................................................................................... 23
Communication Security .................................................................................................................. 24
Components .................................................................................................................................. 24
Security Principles ......................................................................................................................... 24
Techniques .................................................................................................................................... 24
Backend Security .............................................................................................................................. 24
Components .................................................................................................................................. 24
Security Principles ......................................................................................................................... 24
2|Page
2023MT12086/2023MT12099/2023MT12120
BIRLA INSTITUTE OF TECHNOLOGY & SCIENCE, PILANI
WORK-INTEGRATED LEARNING PROGRAMMES DIVISION

Techniques .................................................................................................................................... 25
User Interface Security ..................................................................................................................... 25
Components .................................................................................................................................. 25
Security Principles ......................................................................................................................... 25
Techniques .................................................................................................................................... 25
Compliance and Governance ........................................................................................................... 25
Components .................................................................................................................................. 25
Security Principles ......................................................................................................................... 25
Techniques .................................................................................................................................... 26
Security Best Practices for Connected Vehicles .................................................................................. 27
Secure Software Development Lifecycle (SDLC) ............................................................................. 27
Network Security Measures ............................................................................................................. 27
Secure Communication Protocols .................................................................................................... 27
Data Protection and Privacy ............................................................................................................ 28
Regular Software Updates and Patching ......................................................................................... 28
Incident Response and Recovery ..................................................................................................... 28
Supply Chain Security ....................................................................................................................... 29
User Education and Awareness ....................................................................................................... 29
Conclusion ............................................................................................................................................ 30
References. ........................................................................................................................................... 31

3|Page
2023MT12086/2023MT12099/2023MT12120
BIRLA INSTITUTE OF TECHNOLOGY & SCIENCE, PILANI
WORK-INTEGRATED LEARNING PROGRAMMES DIVISION

Introduction:
Connected vehicles are a next-generation technology in vehicles and in infrastructure that will make travel
safer, cleaner, and more efficient. The advanced wireless technology enables vehicles to share and
communicate information with each other and their surroundings in real time, which will help to reduce
crashes, congestion, and greenhouse gas emissions. However, as our cars become more connected (to the
Internet, to wireless networks, with each other, and with our infrastructure), the risk of cyber-attacks is a
growing concern.

Connected vehicles use secure wireless technology to communicate with other vehicles, our roads, and our
personal mobile devices, sharing information about their position, speed, brake status, and more and providing
warnings and recommendations to drivers accordingly. These vehicle-to-vehicle (V2V) and vehicle-to-
infrastructure (V2I) communications will enable safety, mobility, and environmental advancements that current
technologies are unable to provide. The technology is expected to reduce unimpaired vehicle crashes by 80
percent.
Unlike the classic cars, the modern vehicles are software-intensive, more complex, and highly connected
systems. They can have about 70-100 embedded microcontrollers onboard running millions of lines of code
within them. These ECU’s control almost every function of the car including safety-critical vehicle applications
such as braking, engine control, steering, airbag functions, navigation systems etc. Now as cars became more
and more interactive, they get connected to the Internet, with each other (V2V), and with the infrastructure
(V2X) they become more vulnerable than ever to attackers and hackers. Thus, a modern car architecture
provides a broad internal attack surface with each component having at least implicit access to every other
component on the bus. A compromised infotainment system can offer an effective vector for attacking safety
critical ECU’s connected to the In-vehicle network. Once a hacker gains access to the in-vehicle network of the
car, they could control everything; from controlling the acceleration, to applying or releasing brakes, locking or
unlocking the doors. Therefore, security attacks are not just limited to theft or disclosure of information, but
also affect safety of the passengers seated inside the car. Recent studies and Experiments conducted by
Independent research organizations from EUROPE/US (Stephen Checkoway et. al] have demonstrated that once
a hacker gain access to the in-vehicle network of the car, could control everything; from controlling the
acceleration, to applying and releasing brakes, locking/unlocking the doors. These experiments demonstrate the
importance of security in automotive systems.

4|Page
2023MT12086/2023MT12099/2023MT12120
BIRLA INSTITUTE OF TECHNOLOGY & SCIENCE, PILANI
WORK-INTEGRATED LEARNING PROGRAMMES DIVISION

Securing IoT-based systems in connected vehicles is of paramount importance due to the critical nature of the
data and functions involved. Unlike traditional IT systems, connected vehicles manage data that is directly tied
to safety and physical security. For example, a compromised V2V communication system could result in false
data being transmitted between vehicles, leading to accidents. Similarly, unauthorized access to the in-vehicle
network could allow attackers to manipulate critical functions, such as braking or steering, creating significant
safety hazards. Therefore, cybersecurity in connected vehicles is not just about protecting data but also about
ensuring the physical safety of vehicle occupants and other road users. Another crucial aspect of IoT security in
connected vehicles is the protection of user privacy. Connected vehicles collect and transmit a vast amount of
data, including location information, driving behavior, and personal preferences. This data is often shared with
backend services for processing and analysis, making it a potential target for attackers. A breach of user privacy
could not only lead to identity theft and financial loss but also undermine user trust in connected vehicle
technologies. Thus, implementing robust security measures to protect both user data and system integrity is
essential for maintaining user confidence and ensuring widespread adoption of connected vehicles.

Given the complexity and interconnected nature of connected vehicles, a comprehensive and multi-layered
security architecture is essential for safeguarding these systems against potential threats. Such an architecture
must encompass all components of the connected vehicle environment—ranging from the in-vehicle network
to communication systems, backend services, and user interfaces—and provide a unified approach to securing
each element. The architecture should include security measures such as encryption, secure communication
protocols, access control, and intrusion detection systems to protect data and ensure system integrity.

Additionally, the security architecture must be designed to be adaptive and resilient, capable of responding to
emerging threats and vulnerabilities. As connected vehicle technology evolves, so too do the tactics and
techniques used by attackers. Therefore, the architecture should incorporate mechanisms for regular software
updates, threat monitoring, and automated response systems to maintain security over the vehicle’s lifecycle.
Compliance with industry standards and best practices, such as ISO/SAE 21434 (road vehicle cybersecurity
engineering) and UNECE WP.29 regulations, is also vital to ensure that the architecture meets established
guidelines for automotive cybersecurity.

5|Page
2023MT12086/2023MT12099/2023MT12120
BIRLA INSTITUTE OF TECHNOLOGY & SCIENCE, PILANI
WORK-INTEGRATED LEARNING PROGRAMMES DIVISION

Connected Car Architecture:

The connected car architecture signifies a major advancement in automotive technology. By effectively merging
diverse in-vehicle systems, communication networks, and backend services, these vehicles are revolutionizing
the driving experience.
This architecture allows cars to interact with one another, infrastructure, and the broader digital landscape. Such
connectivity facilitates a range of innovative features, including advanced driver-assistance systems, remote
diagnostics, and tailored user experiences.

The key components and their interactions that enable this architecture are classified below in a connected car.

In-vehicle network: The systems inside the vehicle, including sensors, controllers, and communication
modules.
Communication systems: Between vehicles (V2V), vehicle to infrastructure (V2I), and vehicle to
everything (V2X).
Backend services: Remote servers for data processing, updates, and system monitoring.
User interfaces: Applications or systems that interact with users or vehicle owners.

In-Vehicle Network:

The in-vehicle network encompasses all systems and components within the vehicle that oversee its operations.
This includes sensors, Vehicle Control Units (VCUs), communication modules, and actuators. The VCUs are
tasked with managing various vehicle functions such as engine operation, braking, infotainment, and climate
control. The architecture of the In-Vehicle Network (IVN) is designed to separate critical systems (like braking
and steering) from non-critical systems (such as infotainment). This segmentation reduces the risk of attackers
accessing vital systems through vulnerabilities in less critical ones. The architecture employs a bus system, such
as the Controller Area Network (CAN) bus, to facilitate communication among ECUs.

6|Page
2023MT12086/2023MT12099/2023MT12120
BIRLA INSTITUTE OF TECHNOLOGY & SCIENCE, PILANI
WORK-INTEGRATED LEARNING PROGRAMMES DIVISION

 Vehicle Control Units (VCUs): Examples of VCUs include the Engine Control Unit, Transmission Control
Unit, Body Control Unit, and Airbag Control Unit.

 Engine Control Unit (ECU): Optimizes engine performance and fuel efficiency.
 Transmission Control Unit (TCU): Manages gear shifts and transmission functions for smooth
driving.
 Body Control Unit (BCU): Controls comfort and convenience features such as power windows,
locks, and climate settings.
 Airbag Control Unit (ACU): Detects potential accidents and triggers airbag deployment to
safeguard occupants.
 Heating, Ventilation, and Air Conditioning (HVAC) System: Regulates the vehicle's interior
climate.
 Keyless Entry System: Facilitates access to the vehicle without a traditional key.

 Sensors: A variety of sensors are integrated into the connected vehicle, including those for Tire Pressure
Monitoring Systems (TPMS), Anti-lock Braking Systems (ABS), anti-theft systems, GPS, Light Detection
and Ranging (LIDAR), cameras, ultrasonic sensors, a central computer, radar sensors, and Dedicated
Short-Range Communications (DSRC) receivers.

 Anti-lock Braking System (ABS): Prevents wheel lockup during braking, enhancing vehicle
control.
 Tire Pressure Monitoring System (TPMS): Alerts the driver when tire pressure is low.
 Anti-theft System: Implements various measures to deter theft.
 GPS: Uses satellites to triangulate the vehicle's position, with ongoing advancements in
technology.
 LIDAR: Creates a 3D map of the area by emitting pulsed laser light and measuring reflected
signals.
 Cameras: Enable real-time obstacle detection, aiding lane departure and tracking roadway
information (like traffic signs).
 Ultrasonic Sensors: Utilize high-frequency sound waves to measure distance, particularly
effective at close range.
 RADAR: Employs radio waves to detect distances at both short and long ranges.
 DSRC Receiver: Allows the vehicle to communicate with other vehicles (V2V) using DSRC, a
standard for reliable data transmission in active safety applications.

7|Page
2023MT12086/2023MT12099/2023MT12120
BIRLA INSTITUTE OF TECHNOLOGY & SCIENCE, PILANI
WORK-INTEGRATED LEARNING PROGRAMMES DIVISION

 Communication Modules: CAN and LIN buses are the primary communication protocols within the
vehicle.

 CAN Bus: A high-speed, robust network used for communication between different ECUs
within the car.
 LIN Bus: A low-speed bus used for communication with less critical systems like door locks and
windows.
 Wi-Fi: Used for connecting to external networks for software updates and data transfer.
 Bluetooth: Used for connecting to mobile devices for hands-free calling and music streaming.
 Cellular Networks: Used for telematics services and remote diagnostics.

Typical in-vehicle network architecture in a modern car.

Communication Systems:

Communication systems enable the vehicle to interact with other vehicles (V2V), infrastructure components
(V2I), and other entities in the environment (V2X). These systems are vital for functions like collision avoidance,
automated driving assistance, and traffic management. The communication systems use dedicated short-range
communication (DSRC), cellular networks (e.g., 5G), and satellite communication to facilitate the exchange of
data. The architecture includes an onboard unit (OBU)
that acts as the vehicle’s gateway for external
communication, managing incoming and outgoing data
flows.

 V2V Communication: Not explicitly shown in

the picture, but it would involve wireless
communication between vehicles, enabling
features like collision avoidance and
cooperative adaptive cruise control.
 V2I Communication: The Telematics Control
Unit facilitates communication with
infrastructure, like traffic lights and roadside
units.
 V2X Communication: This encompasses other
entities in the environment other than V2V
and V2I communication.

8|Page
2023MT12086/2023MT12099/2023MT12120
BIRLA INSTITUTE OF TECHNOLOGY & SCIENCE, PILANI
WORK-INTEGRATED LEARNING PROGRAMMES DIVISION

Backend Services

Backend services include remote servers and cloud platforms that support vehicle operations by providing real-
time data processing, updates, and monitoring. These services manage functionalities such as software updates,
traffic analysis, and remote diagnostics. The telematics in connected car encompasses various technologies that
enable communication between the car, the driver, and the outside world. It includes features like remote
diagnostics, emergency assistance, and over-the-air updates using the following.

 Remote Servers: These would be hosted by

the automaker or a third-party provider
and would handle tasks like data storage,
analysis, and over-the-air updates.
 Cloud Storage: Data from the vehicle, such
as diagnostic logs and user preferences,
can be stored in the cloud.
 Data Analytics: Advanced analytics can be
performed on the collected data to identify
trends, optimize vehicle performance, and
improve user experience.
 OTA Updates: The telematics unit can
receive software updates over the air.

The backend services are hosted on secure cloud platforms that communicate with the vehicle’s onboard
systems via secure API interfaces. These services manage data collection, processing, and storage, and they
provide necessary updates to vehicles in the field. The architecture ensures that these services are scalable to
handle large volumes of data from numerous connected vehicles simultaneously.

User Interfaces

User interfaces include all applications and systems that allow users to interact with the vehicle, such as mobile
apps, infotainment systems, and in-vehicle dashboards. These interfaces provide users with control over various
functions, including vehicle diagnostics, navigation, and remote control features like locking/unlocking.The user
interface architecture is designed to be user-friendly while maintaining security. The interfaces connect with the
backend services and the in-vehicle network through secure communication channels. The infotainment system
is separated from critical vehicle systems to minimize the risk of lateral attacks from compromised interfaces.

 In-Vehicle Displays: The picture shows various

displays, including the infotainment system and
the instrument cluster.
 Mobile Apps: The automaker's app can provide
remote access to the vehicle, such as
locking/unlocking doors and checking vehicle
status.
 Voice Assistants: Voice commands can be used to
control various vehicle functions.
 Web Portals: A web-based portal can provide
access to vehicle information and services.

9|Page
2023MT12086/2023MT12099/2023MT12120
BIRLA INSTITUTE OF TECHNOLOGY & SCIENCE, PILANI
WORK-INTEGRATED LEARNING PROGRAMMES DIVISION

Security Principles and Techniques

To address the diverse range of threats faced by connected vehicles, the architecture incorporates several key
security principles and techniques:

1. Defense in Depth: The architecture applies multiple layers of security controls across different
components and systems to create a comprehensive defense strategy. This approach ensures that even
if one layer is breached, other layers continue to protect the system.
2. Zero Trust Architecture: The architecture follows a zero trust model, where all entities—whether
internal or external—are verified and authenticated before access is granted. This reduces the risk of
insider threats and ensures that even compromised systems within the vehicle or network cannot be
exploited to access other components.
3. Least Privilege: Access controls are implemented based on the principle of least privilege, ensuring that
each component and user only has the minimum level of access necessary to perform their functions.
This minimizes the potential damage from any compromised systems or users.
4. Regular Updates and Patch Management: The architecture supports a robust update mechanism that
allows for regular software patches and updates. This capability is crucial for addressing new
vulnerabilities and ensuring that all components remain secure over time.
5. Encryption and Secure Communication Protocols: The architecture heavily relies on encryption for
data protection and secure communication protocols (e.g., TLS, HTTPS) to safeguard information as it
is transmitted between the vehicle, backend services, and user interfaces.

Assumptions for connected car

To design a practical and effective architecture, several assumptions are made about the vehicle’s functions,
interfaces, and user behaviours:

1. Vehicle Functions and Interfaces:

It is assumed that the connected vehicle will have an onboard diagnostic system capable of
transmitting and receiving data from external servers for updates and maintenance.
The vehicle’s communication systems are assumed to support multiple technologies, including
DSRC, cellular networks (4G/5G), and satellite communication for seamless V2V, V2I, and V2X
interactions.
User interfaces are assumed to include mobile applications, infotainment systems, and other in-
vehicle control systems that provide users access to various vehicle features and data.

2. User Behaviour:

It is assumed that users (vehicle owners) will use mobile applications and other interfaces
responsibly and will secure their credentials using biometric or MFA options.
It is also assumed that users will keep their mobile applications updated, following manufacturer
guidelines to reduce the risk of exploiting outdated software.

3. Infrastructure and Backend Services:

The architecture assumes that backend services will be hosted on secure cloud platforms capable
of supporting scalable and secure vehicle-to-cloud communication.
The infrastructure components such as traffic signals, road signs, and other V2I elements are
assumed to have secure communication capabilities, integrating with the PKI system to
authenticate and encrypt data exchanges.

10 | P a g e
2023MT12086/2023MT12099/2023MT12120
BIRLA INSTITUTE OF TECHNOLOGY & SCIENCE, PILANI
WORK-INTEGRATED LEARNING PROGRAMMES DIVISION

Threat Landscape for Connected Vehicles

The threat landscape for connected vehicles is intricate and involves a wide range of attack methods,
vulnerabilities, and security challenges that permeate the connected vehicle ecosystem. As IoT technologies are
increasingly integrated, these vehicles become more susceptible to cyber-attacks that can compromise safety,
privacy, and functionality. The architecture of connected vehicles—including in-vehicle networks,
communication systems, backend services, and user interfaces—presents multiple points of exploitation. This
section delves into the threats associated with each component, identifies key vulnerabilities and attack vectors,
and outlines the potential consequences of successful attacks on safety, privacy, and overall system integrity.

In-Vehicle Network Threats

The in-vehicle network is a critical component of connected vehicles, encompassing various sensors and
Electronic Control Units (ECUs) that manage vital functions such as braking, steering, and acceleration. The
increasing interconnectivity of these systems elevates the risk of cyber-attacks.

a. Potential Vulnerabilities

 ECU Manipulation: Vulnerabilities in ECUs can be exploited to interfere with essential vehicle
functions. Attackers can gain unauthorized access and alter operations, jeopardizing vehicle
control.
 Unprotected Communication Interfaces: Inadequately secured interfaces such as Bluetooth, Wi-
Fi, and cellular connections can be exploited, allowing attackers to gain unauthorized access to the
vehicle's internal systems.
 Software Vulnerabilities: Outdated or poorly designed firmware may contain flaws that attackers
can exploit to seize control of ECUs or introduce malware, further compromising vehicle safety.

b. Attack Vectors

 Man-in-the-Middle (MITM) Attacks: Cybercriminals can intercept and manipulate

communications between ECUs, altering the data and commands exchanged.

11 | P a g e
2023MT12086/2023MT12099/2023MT12120
BIRLA INSTITUTE OF TECHNOLOGY & SCIENCE, PILANI
WORK-INTEGRATED LEARNING PROGRAMMES DIVISION

 Malware Injection: Attackers can introduce malicious software through insecure connections or
compromised software updates, potentially taking control of critical vehicle systems.
 Physical Access: Gaining access to diagnostic ports like OBD-II allows attackers to connect
unauthorized devices that can manipulate the in-vehicle network.

c. Consequences of Attacks

 A loss of control over critical functions such as braking or steering could lead to catastrophic
accidents, posing severe risks to driver and passenger safety.
 Disruption of sensor data may impair the vehicle's ability to respond effectively to environmental
conditions, significantly compromising operational safety.

Communication Systems (V2V, V2I, and V2X) Threats

Communication systems facilitate crucial interactions between vehicles and infrastructure, enhancing traffic
safety and efficiency. However, their complexity and openness introduce several cybersecurity vulnerabilities.

a. Potential Vulnerabilities

 Lack of Authentication: Weak or absent authentication mechanisms can enable attackers to

impersonate legitimate vehicles or infrastructure, allowing them to send misleading commands or data.
 Data Interception: Sensitive data, such as vehicle speed and location, transmitted over communication
channels can be intercepted and manipulated if not adequately encrypted.
 Spoofing Attacks: Attackers can create fake signals to mislead vehicles or infrastructure, potentially
causing dangerous situations.

b. Attack Vectors

 Signal Jamming: Attackers can disrupt communication channels, preventing vehicles from receiving
essential safety information and causing communication blackouts.
 Relay Attacks: By extending the range of communication signals, attackers can deceive vehicle systems
into thinking they are communicating with a legitimate source.
 Replay Attacks: Captured legitimate messages can be reused to trick vehicles into executing
unintended actions.

c. Consequences of Attacks

 Disrupted V2V or V2I communications can lead to traffic chaos, collisions, or the malfunctioning of
autonomous driving systems, endangering lives.
 Attackers controlling traffic infrastructure could create hazardous driving conditions, increasing the
likelihood of accidents.

Backend Services Threats

Backend services, which provide cloud-based support for connected vehicles through data processing, software
updates, and diagnostics, are critical yet vulnerable targets due to the sensitive information they manage.

a. Potential Vulnerabilities

 API Vulnerabilities: Insecure APIs can be exploited, allowing unauthorized access to backend systems
and enabling attackers to inject malicious code.
 Data Breaches: Weak security protocols may lead to unauthorized access to sensitive data stored in
the cloud, including user information and vehicle telemetry.

12 | P a g e
2023MT12086/2023MT12099/2023MT12120
BIRLA INSTITUTE OF TECHNOLOGY & SCIENCE, PILANI
WORK-INTEGRATED LEARNING PROGRAMMES DIVISION

 Inadequate Authentication: Insufficient authentication mechanisms can allow attackers to

compromise user accounts or backend services, gaining access to vehicle data and functionality.

b. Attack Vectors

 Denial-of-Service (DoS) Attacks: Attackers can overwhelm backend servers with excessive traffic,
rendering essential services unavailable to legitimate users.
 Ransomware Attacks: Cybercriminals may encrypt vital data and demand ransom, potentially halting
essential vehicle updates or operations.
 Data Exfiltration: Sensitive information, such as driving habits and location data, can be stolen, leading
to privacy violations.

c. Consequences of Attacks

 Compromised backend services can disrupt operations across an entire fleet of connected vehicles,
raising significant safety and operational concerns.
 Data breaches can result in identity theft, financial loss, and a substantial loss of trust in connected
vehicle services.

User Interfaces Threats

User interfaces, including mobile applications and in-vehicle infotainment systems, allow for user interaction
with vehicles but also present significant security risks if not properly secured.

a. Potential Vulnerabilities

 Insecure Mobile Applications: Weakly secured applications can be targeted by attackers to gain
unauthorized control over vehicle functions, potentially leading to misuse.
 Unpatched Infotainment Systems: Outdated systems may contain exploitable vulnerabilities, serving
as entry points for cybercriminals.
 Lack of Encryption: Sensitive user data transmitted through user interfaces may be intercepted,
compromising user privacy.

b. Attack Vectors

 Phishing Attacks: Users may be tricked into providing sensitive information or downloading malicious
applications, compromising vehicle security.
 Exploiting Outdated Software: Attackers can exploit known vulnerabilities in unpatched infotainment
systems or applications, gaining access to critical vehicle systems.
 Privilege Escalation: Once attackers gain access to user interfaces, they may escalate their privileges to
control more critical vehicle functions.

c. Consequences of Attacks

 Compromised user interfaces may allow unauthorized individuals to control functions such as unlocking
doors, starting engines, or accessing personal data stored within the vehicle.
 Phishing attacks could lead to the theft of user credentials, allowing attackers to access both vehicle
systems and backend services.

13 | P a g e
2023MT12086/2023MT12099/2023MT12120
BIRLA INSTITUTE OF TECHNOLOGY & SCIENCE, PILANI
WORK-INTEGRATED LEARNING PROGRAMMES DIVISION

Overall Impact and Potential Risks

The integration of IoT technologies in connected vehicles introduces several significant risks:

 Safety Risks: Attacks that compromise critical vehicle systems can lead to life-threatening situations,
such as loss of control over steering or braking functions, potentially resulting in severe accidents.
 Privacy Risks: Unauthorized access to sensitive user data poses serious privacy threats. Data such as
location history, driving patterns, and personal preferences can be exploited for malicious purposes,
including stalking or identity theft.
 Operational Risks: Disruptions to backend services or communication systems can render vehicles
inoperative, disable essential features, or prevent them from receiving necessary software updates,
compromising functionality and reliability.

By understanding the threat landscape and identifying specific vulnerabilities within each component of the
connected vehicle ecosystem, we can develop appropriate security measures and strategies to mitigate these
risks.

14 | P a g e
2023MT12086/2023MT12099/2023MT12120
BIRLA INSTITUTE OF TECHNOLOGY & SCIENCE, PILANI
WORK-INTEGRATED LEARNING PROGRAMMES DIVISION

Business Requirements and Risk Assessment for Connected Vehicles

Connected vehicles represent a transformative advancement in the automotive industry, offering enhanced
safety, convenience, and efficiency through the integration of IoT technology, vehicle-to-everything (V2X)
communication, and advanced data analytics. However, these capabilities also introduce a range of risks and
challenges that must be managed to ensure the security and reliability of connected vehicle systems. The
following section outlines the key business requirements for developing a secure connected vehicle ecosystem,
followed by a comprehensive risk assessment that highlights the potential threats and their impact.
Business Requirements

To build a secure and reliable connected vehicle ecosystem, the following business requirements must be met:

a. Safety and Reliability of Operations

 Requirement: Ensure that the connected vehicle system is designed to maintain the highest levels
of operational safety and reliability. This includes maintaining control over critical vehicle functions
(e.g., steering, braking, and acceleration) and ensuring that these functions are not susceptible to
external tampering or malicious interference.
 Rationale: Safety is paramount in the automotive industry, and any compromise in the operation
of critical systems could lead to accidents, injuries, or fatalities.

b. Data Privacy and Protection

 Requirement: Implement strong data protection measures to safeguard the privacy of user
information and vehicle data. This includes encryption of data transmitted between vehicles,
infrastructure, and backend services, as well as secure storage of sensitive information on the
cloud.
 Rationale: As vehicles collect and transmit large amounts of data, including personal information,
location history, and driving patterns, protecting this data from unauthorized access is essential to
maintain user trust and comply with privacy regulations.

c. Secure Communication Channels

 Requirement: Establish secure communication protocols for all types of vehicle communications,
including V2V (vehicle-to-vehicle), V2I (vehicle-to-infrastructure), and V2X (vehicle-to-everything).
This involves using robust encryption, authentication, and validation mechanisms to ensure that
only authorized entities can access the communication channels.
 Rationale: Connected vehicles rely heavily on real-time communication with other vehicles,
infrastructure, and backend services. Any compromise in these communication channels could lead
to safety incidents or unauthorized access to vehicle systems.

d. Authentication and Access Control

 Requirement: Implement strong authentication and access control mechanisms for all interfaces
that interact with the connected vehicle system, including mobile applications, in-vehicle user
interfaces, and backend services. Multi-Factor Authentication (MFA) and Role-Based Access
Control (RBAC) are recommended to ensure that only authorized users can access critical vehicle
functions or sensitive data.
 Rationale: Unauthorized access to vehicle systems can lead to malicious attacks, such as remote
vehicle control, data theft, or system sabotage. Strong authentication measures reduce the risk of
such attacks by verifying the identity of users and entities interacting with the vehicle system.

15 | P a g e
2023MT12086/2023MT12099/2023MT12120
BIRLA INSTITUTE OF TECHNOLOGY & SCIENCE, PILANI
WORK-INTEGRATED LEARNING PROGRAMMES DIVISION

e. Over-the-Air (OTA) Update Security

 Requirement: Develop secure mechanisms for OTA updates, ensuring that software and firmware
updates delivered to vehicles are authentic and free from tampering. This includes using digital
signatures and verification protocols to confirm the integrity of updates before installation.
 Rationale: OTA updates are essential for maintaining and improving vehicle functionality, but they
also present a potential attack vector. Malicious updates could compromise vehicle safety and user
data. Secure update mechanisms are necessary to mitigate this risk.
Risk Assessment

To address the risks associated with connected vehicles, it is essential to perform a risk assessment that identifies
potential threats, evaluates their likelihood, and assesses their impact. The following is a risk assessment for key
areas within the connected vehicle ecosystem:

a. In-Vehicle Network Risks

 Threats: ECU manipulation, physical access attacks, and malware injections.

 Likelihood: Moderate to high, as in-vehicle networks often rely on legacy communication protocols
like CAN, which lack encryption and authentication features.
 Impact: High, as compromised ECUs can lead to loss of control over critical vehicle functions,
causing accidents and safety incidents.
 Mitigation: Implementing encryption, segmentation of critical systems, and regular security
updates for ECUs.

b. Communication Systems Risks (V2V, V2I, and V2X)

 Threats: Signal jamming, spoofing attacks, and interception of unencrypted data.

 Likelihood: Moderate, due to the reliance on wireless communication channels that can be
intercepted or disrupted by malicious actors.
 Impact: High, as disrupted communication systems can compromise the safety and efficiency of
autonomous driving features, potentially leading to accidents or traffic congestion.
 Mitigation: Using strong encryption, secure protocols, and validation mechanisms to authenticate
vehicles and infrastructure before communication.

c. Backend Services Risks

 Threats: API exploitation, data breaches, and denial-of-service (DoS) attacks.

 Likelihood: High, as backend systems store sensitive data and interact with a vast number of
vehicles, making them attractive targets for attackers.
 Impact: High, as breaches can result in data theft, loss of vehicle control, or denial of critical
services (e.g., diagnostics and updates).
 Mitigation: Implementing secure APIs, enforcing MFA, encrypting data at rest and in transit, and
using intrusion detection systems to monitor suspicious activity.

d. User Interface Risks

 Threats: Phishing attacks, exploitation of unpatched software, and mobile application

vulnerabilities.
 Likelihood: High, as mobile applications and user interfaces are often targeted through social
engineering and unpatched vulnerabilities.

16 | P a g e
2023MT12086/2023MT12099/2023MT12120
BIRLA INSTITUTE OF TECHNOLOGY & SCIENCE, PILANI
WORK-INTEGRATED LEARNING PROGRAMMES DIVISION

 Impact: Medium to high, as compromised interfaces can lead to unauthorized access to vehicle
systems or user data.
 Mitigation: Secure development practices for mobile apps, regular software updates, and user
education on identifying phishing attempts.

The business requirements and risk assessment highlight the need for a comprehensive security architecture
that addresses the safety, privacy, and reliability concerns inherent in connected vehicle ecosystems. By
understanding the threats and assessing their impact and likelihood, appropriate security measures can be
developed to mitigate risks and ensure that connected vehicles operate safely and securely in an increasingly
connected environment.

17 | P a g e
2023MT12086/2023MT12099/2023MT12120
BIRLA INSTITUTE OF TECHNOLOGY & SCIENCE, PILANI
WORK-INTEGRATED LEARNING PROGRAMMES DIVISION

Use Cases and Business Processes for Connected Vehicles

Connected vehicles leverage advanced technology to enhance the driving experience, improve safety, and
optimize traffic management. To effectively understand the functionalities and interactions among various
stakeholders in the connected vehicle ecosystem, it's essential to outline specific use cases and associated
business processes. This section presents key use cases that highlight the interactions between vehicle owners,
car vendors, service providers, and infrastructure entities, focusing on how these use cases facilitate seamless
operations while addressing potential security challenges.

Use Case 1: Vehicle Health Monitoring and Diagnostics

Description

Connected vehicles are equipped with onboard diagnostics that monitor the health of various systems in real-
time. These vehicles can communicate diagnostic information to backend services, enabling proactive
maintenance alerts and minimizing the risk of breakdowns.

Actors

 Vehicle Owner: The user who owns the vehicle and receives alerts.
 Car Vendor: The manufacturer that provides maintenance services and software updates.
 Backend Service Provider: The entity that processes diagnostic data and sends alerts.

Business Process

1. Data Collection: The vehicle’s onboard diagnostics system continuously monitors various components
(engine performance, tire pressure, etc.) and collects relevant data.
2. Data Transmission: Diagnostic data is transmitted to the backend service provider via secure
communication channels using V2X technology.
3. Data Analysis: The backend service analyzes the data for anomalies or potential issues (e.g., unusual
engine temperature).
4. Alert Generation: If a problem is detected, the system generates an alert and notifies the vehicle owner
through a mobile application.
5. Maintenance Scheduling: The vehicle owner can schedule maintenance or repairs through the
application, which communicates with the car vendor's scheduling system.

Security Considerations

 Data Integrity: Ensuring the integrity of diagnostic data during transmission to prevent tampering or
false alerts.
 User Privacy: Protecting user data, including driving patterns and personal information, from
unauthorized access.

Use Case 2: Over-the-Air (OTA) Updates

Description

OTA updates allow manufacturers to remotely deliver software updates and patches to vehicles, improving
performance, security, and adding new features.

Actors
18 | P a g e
2023MT12086/2023MT12099/2023MT12120
BIRLA INSTITUTE OF TECHNOLOGY & SCIENCE, PILANI
WORK-INTEGRATED LEARNING PROGRAMMES DIVISION

 Vehicle Owner: The user who receives updates.

 Car Vendor: The manufacturer that develops and deploys updates.
 Backend Service Provider: The platform facilitating the update distribution.

Business Process

1. Update Development: The car vendor develops software updates to enhance vehicle functionality or
address security vulnerabilities.
2. Update Notification: The vehicle owner receives a notification about available updates via the mobile
app or in-vehicle infotainment system.
3. Download and Verification: The vehicle initiates the download of the update from the backend service.
The system verifies the authenticity of the update using digital signatures.
4. Installation: Once verified, the update is installed during a pre-defined time (e.g., overnight) to
minimize disruption.
5. Confirmation: The vehicle owner receives confirmation that the update has been successfully installed.

Security Considerations

 Update Authentication: Implementing robust authentication mechanisms to ensure only legitimate

updates are installed.
 Rollback Mechanism: Providing a way to revert to previous software versions in case of update failures.

Use Case 3: Emergency Assistance and Collision Avoidance

Description

Connected vehicles can automatically notify emergency services in the event of a collision and provide critical
information about the incident.

Actors

 Vehicle Owner: The driver involved in the collision.

 Emergency Services: The responders dispatched to the accident scene.
 Backend Service Provider: The system that processes collision data and notifies emergency services.

Business Process

1. Incident Detection: The vehicle’s sensors detect a collision through sudden deceleration or airbag
deployment.
2. Data Transmission: Relevant data (vehicle location, impact severity, and passenger information) is
transmitted to the backend service provider.
3. Emergency Notification: The backend service automatically notifies emergency services with real-time
information about the incident.
4. Response Coordination: Emergency services use the provided data to determine the appropriate
response, including location and potential injuries.
5. Follow-Up: After the incident, the vehicle owner may receive support from the car vendor for vehicle
repairs and insurance claims.

19 | P a g e
2023MT12086/2023MT12099/2023MT12120
BIRLA INSTITUTE OF TECHNOLOGY & SCIENCE, PILANI
WORK-INTEGRATED LEARNING PROGRAMMES DIVISION

Security Considerations

 Data Privacy: Ensuring that sensitive information related to the accident is protected and only
accessible to authorized emergency personnel.
 System Integrity: Preventing unauthorized access to collision detection systems to avoid false alerts.

Use Case 4: Smart Parking Management

Description

Connected vehicles can locate available parking spaces in real-time and interact with parking infrastructure to
streamline the parking process.

Actors

 Vehicle Owner: The driver looking for parking.

 Parking Infrastructure Provider: The entity managing parking spaces.
 Backend Service Provider: The platform that aggregates parking information.

Business Process

1. Parking Space Availability: Sensors in parking lots detect available spaces and relay this information to
the backend service provider.
2. Real-Time Updates: The backend service aggregates data and provides real-time parking availability to
connected vehicles.
3. Navigation to Parking: The vehicle owner uses the navigation system to receive directions to the
nearest available parking space.
4. Reservation and Payment: The vehicle owner can reserve a parking spot and process payment through
the mobile application.
5. Confirmation: Upon arriving, the vehicle owner receives a confirmation of the parking reservation and
is guided to the designated space.

Security Considerations

 Data Protection: Safeguarding parking reservation and payment data to prevent fraud or unauthorized
transactions.
 Secure Communication: Ensuring that communications between vehicles and parking infrastructure
are encrypted to prevent interception.

Use Case 5: Enhanced Navigation and Traffic Management

Description

Connected vehicles can share real-time traffic data, enabling optimized routing and reducing congestion on
roads.

Actors

 Vehicle Owner: The driver using navigation services.

 Traffic Management Authority: The entity overseeing traffic flow and infrastructure.
 Backend Service Provider: The system that processes and analyzes traffic data.

20 | P a g e
2023MT12086/2023MT12099/2023MT12120
BIRLA INSTITUTE OF TECHNOLOGY & SCIENCE, PILANI
WORK-INTEGRATED LEARNING PROGRAMMES DIVISION

Business Process

1. Data Collection: Vehicles collect and share real-time data regarding speed, location, and road
conditions with backend services.
2. Traffic Analysis: The backend service analyzes the data to identify traffic patterns and congestion.
3. Route Optimization: The system recommends alternative routes to the vehicle owner based on the
analysis to avoid congested areas.
4. Driver Notification: The vehicle owner receives alerts about traffic conditions, accidents, or road
closures.
5. Continuous Updates: As traffic conditions change, the system continually updates the suggested route
for optimal navigation.

Security Considerations

 Data Security: Protecting traffic data to prevent manipulation or misuse by malicious actors.
 Integrity of Recommendations: Ensuring that route recommendations are based on accurate and
trustworthy data.

The outlined use cases demonstrate the diverse functionalities and interactions within the connected vehicle
ecosystem, showcasing how various stakeholders collaborate to enhance safety, convenience, and operational
efficiency. However, the implementation of these use cases also highlights the importance of addressing security
challenges to protect user data, maintain system integrity, and ensure safe operations. As the connected vehicle
landscape continues to evolve, it will be crucial to implement robust security measures alongside these business
processes to create a secure and reliable ecosystem for all stakeholders involved.

21 | P a g e
2023MT12086/2023MT12099/2023MT12120
BIRLA INSTITUTE OF TECHNOLOGY & SCIENCE, PILANI
WORK-INTEGRATED LEARNING PROGRAMMES DIVISION

High-Level Security Architecture for Connected Vehicles

The rapid evolution of connected vehicles has ushered in a new era of mobility, with the integration of advanced
technologies providing unprecedented convenience and efficiency. However, with these advancements come
significant security challenges that must be addressed to protect users, data, and vehicle systems from various
threats. This section presents a high-level security architecture designed to mitigate the vulnerabilities and risks
identified in the previous sections, detailing the key components, principles, and techniques employed to create
a secure connected vehicle ecosystem.

The high-level security architecture for connected vehicles consists of multiple layers, each addressing specific
security requirements and threats. The architecture can be visualized as a layered model, encompassing the
following components:

1. In-Vehicle Security
2. Communication Security
3. Backend Security
4. User Interface Security
5. Compliance and Governance

These layers interact to form a cohesive security strategy, ensuring comprehensive protection across the entire
connected vehicle ecosystem.

22 | P a g e
2023MT12086/2023MT12099/2023MT12120
BIRLA INSTITUTE OF TECHNOLOGY & SCIENCE, PILANI
WORK-INTEGRATED LEARNING PROGRAMMES DIVISION

In-Vehicle Security

Components

 Electronic Control Units (ECUs): These are the embedded systems that control various vehicle
functions. Each ECU must be secured to prevent unauthorized access and manipulation.
 Onboard Diagnostics (OBD): The OBD system monitors vehicle performance and communicates with
external devices. Ensuring its security is crucial to protect sensitive data.
 In-Vehicle Networks: The communication channels within the vehicle, such as Controller Area Network
(CAN), must be protected against attacks.

Security Principles

 Defense in Depth: Implement multiple layers of security controls within the vehicle, ensuring that even
if one layer is compromised, additional layers can provide protection.
 Secure Boot: Ensure that all ECUs are initialized with verified and authenticated firmware, preventing
the execution of unauthorized software during startup.
 Intrusion Detection Systems (IDS): Deploy IDS within the vehicle to monitor for anomalous behavior
and potential threats to in-vehicle networks.

Techniques

 Access Control: Implement strict access controls for ECUs and the OBD system, ensuring that only
authorized users and devices can interact with critical systems.
 Encryption: Use strong encryption protocols to protect data stored on ECUs and transmitted within the
in-vehicle network.
 Regular Updates: Establish processes for regularly updating ECU software to patch vulnerabilities and
enhance security.

23 | P a g e
2023MT12086/2023MT12099/2023MT12120
BIRLA INSTITUTE OF TECHNOLOGY & SCIENCE, PILANI
WORK-INTEGRATED LEARNING PROGRAMMES DIVISION

Communication Security

Components

 Vehicle-to-Vehicle (V2V) Communication: Enables vehicles to exchange information about traffic

conditions, hazards, and other relevant data.
 Vehicle-to-Infrastructure (V2I) Communication: Facilitates interaction between vehicles and roadside
infrastructure (e.g., traffic lights, signs).
 Vehicle-to-Everything (V2X) Communication: Integrates V2V and V2I communications, allowing
vehicles to interact with various entities in the ecosystem.

Security Principles

 Confidentiality: Ensure that sensitive data exchanged between vehicles and infrastructure is protected
from eavesdropping.
 Integrity: Verify that data received from other vehicles or infrastructure is authentic and has not been
tampered with.
 Availability: Ensure that communication channels are robust and resilient to attacks, maintaining
continuous connectivity.

Techniques

 Public Key Infrastructure (PKI): Implement PKI to enable secure key exchange and digital signatures,
ensuring the authenticity and integrity of communication.
 Secure Communication Protocols: Utilize protocols such as Transport Layer Security (TLS) for secure
data transmission between vehicles and infrastructure.
 Anomaly Detection: Employ anomaly detection mechanisms to identify and mitigate unusual
communication patterns that may indicate attacks, such as spoofing or jamming.

Backend Security

Components

 Cloud Infrastructure: The backend services that store and process data collected from connected
vehicles.
 Application Programming Interfaces (APIs): Interfaces that allow communication between vehicles,
mobile applications, and backend services.
 Data Storage: Databases and data repositories that manage sensitive user and vehicle data.

Security Principles

 Least Privilege: Grant access to backend services and data based on the principle of least privilege,
ensuring that users and applications only have the necessary permissions.
 Data Protection: Ensure that sensitive data is encrypted both at rest and in transit, protecting it from
unauthorized access and breaches.
 Resilience: Design backend systems to be resilient against attacks, with redundancy and failover
mechanisms in place.

24 | P a g e
2023MT12086/2023MT12099/2023MT12120
BIRLA INSTITUTE OF TECHNOLOGY & SCIENCE, PILANI
WORK-INTEGRATED LEARNING PROGRAMMES DIVISION

Techniques

 Secure APIs: Implement security measures for APIs, including authentication, authorization, and input
validation to prevent exploitation.
 Intrusion Prevention Systems (IPS): Deploy IPS to monitor and block malicious activities targeting
backend services.
 Regular Security Audits: Conduct regular security audits and vulnerability assessments to identify and
address potential weaknesses in the backend infrastructure.

User Interface Security

Components

 Mobile Applications: Applications used by vehicle owners to interact with vehicle systems, receive
updates, and manage settings.
 In-Vehicle Infotainment Systems: Interfaces within the vehicle that provide navigation, entertainment,
and communication services.

Security Principles

 User Authentication: Implement strong user authentication mechanisms to prevent unauthorized

access to mobile applications and in-vehicle systems.
 User Privacy: Prioritize user privacy by minimizing data collection and ensuring transparent data usage
policies.
 User Education: Educate users about potential threats, such as phishing attacks and social engineering,
to enhance their security awareness.

Techniques

 Multi-Factor Authentication (MFA): Require users to provide multiple forms of verification (e.g.,
password and biometric authentication) to access sensitive features.
 Data Minimization: Limit data collection to only what is necessary for the application's functionality,
reducing the risk of data breaches.
 Secure Software Development Lifecycle (SDLC): Follow secure coding practices during application
development to mitigate vulnerabilities and ensure the security of mobile and infotainment
applications.
Compliance and Governance

Components

 Regulatory Compliance: Adhere to relevant industry regulations and standards (e.g., GDPR, ISO/IEC
27001) to ensure the protection of user data and privacy.
 Security Policies: Establish clear security policies and procedures governing the development and
operation of connected vehicle systems.

Security Principles

 Risk Management: Implement a risk management framework to assess and prioritize security risks
associated with connected vehicle systems.

25 | P a g e
2023MT12086/2023MT12099/2023MT12120
BIRLA INSTITUTE OF TECHNOLOGY & SCIENCE, PILANI
WORK-INTEGRATED LEARNING PROGRAMMES DIVISION

 Incident Response: Develop a comprehensive incident response plan to address security breaches and
minimize their impact on users and systems.
 Continuous Monitoring: Employ continuous monitoring of security controls and systems to detect and
respond to threats in real time.

Techniques

 Auditing and Reporting: Conduct regular audits to ensure compliance with security policies and
regulations, generating reports to assess the effectiveness of security measures.
 Training and Awareness Programs: Provide ongoing training and awareness programs for employees
and stakeholders to reinforce the importance of security in connected vehicle systems.
 Collaboration with Regulatory Bodies: Work closely with regulatory bodies and industry groups to stay
informed about emerging threats, best practices, and regulatory changes.

26 | P a g e
2023MT12086/2023MT12099/2023MT12120
BIRLA INSTITUTE OF TECHNOLOGY & SCIENCE, PILANI
WORK-INTEGRATED LEARNING PROGRAMMES DIVISION

Security Best Practices for Connected Vehicles

As connected vehicles continue to advance and integrate more technology, implementing robust security
measures is crucial to protect against potential threats and vulnerabilities. Below are key best practices to
enhance the security of connected vehicles across various layers of the architecture, including in-vehicle
networks, communication systems, backend services, and user interfaces.

Secure Software Development Lifecycle (SDLC)

Adopting a Secure Software Development Lifecycle is essential for creating secure applications and systems for
connected vehicles. This involves integrating security at every stage of the development process, including:

 Requirements Gathering: Identify security requirements alongside functional requirements to ensure

they are addressed from the beginning.
 Design: Implement security by design principles, such as least privilege, defense in depth, and fail-safe
defaults.
 Coding: Utilize secure coding practices to prevent common vulnerabilities such as SQL injection, cross-
site scripting (XSS), and buffer overflow attacks.
 Testing: Conduct regular security testing, including static and dynamic analysis, penetration testing,
and vulnerability assessments to identify and mitigate potential issues before deployment.
 Deployment: Implement secure deployment practices, such as verifying the integrity of software
packages and using secure channels for updates.

Network Security Measures

The in-vehicle network is a critical component of connected vehicles, and its security is paramount to prevent
unauthorized access and attacks. Implement the following measures:

 Network Segmentation: Isolate critical systems (e.g., braking and steering) from non-critical systems
(e.g., infotainment) using firewalls and VLANs to minimize the risk of cross-contamination during an
attack.
 Intrusion Detection and Prevention Systems (IDPS): Deploy IDPS to monitor network traffic for
suspicious activities and automatically take action to mitigate threats.
 Encryption: Use strong encryption standards (e.g., AES) to protect data transmitted within the vehicle
and between components, preventing unauthorized interception and tampering.
 Access Control: Implement strict access control policies for in-vehicle networks, ensuring that only
authorized components can communicate with each other.

Secure Communication Protocols

Connected vehicles rely on communication between vehicles, infrastructure, and backend services. Securing
these communication channels is critical:

 TLS/SSL: Utilize Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols to encrypt data
transmitted over the network, ensuring confidentiality and integrity.

27 | P a g e
2023MT12086/2023MT12099/2023MT12120
BIRLA INSTITUTE OF TECHNOLOGY & SCIENCE, PILANI
WORK-INTEGRATED LEARNING PROGRAMMES DIVISION

 Public Key Infrastructure (PKI): Establish a PKI for authentication and encryption, allowing vehicles and
infrastructure to verify each other's identities before exchanging sensitive information.
 Message Signing: Implement digital signatures for messages transmitted between vehicles and
backend services to ensure message integrity and authenticity.
 Dynamic Key Management: Use dynamic key management systems to regularly update encryption
keys, reducing the risk of key compromise.

Data Protection and Privacy

Protecting user data and maintaining privacy is essential in the connected vehicle ecosystem. Adopt the
following practices:

 Data Minimization: Collect only the data necessary for functionality, reducing the risk associated with
storing excessive personal information.
 Data Encryption: Encrypt sensitive data both at rest and in transit to protect it from unauthorized
access, even if data storage systems are compromised.
 Access Controls: Implement role-based access controls to restrict access to sensitive data based on user
roles, ensuring that only authorized personnel can access specific information.
 Anonymization Techniques: Use data anonymization and pseudonymization techniques to protect user
identities and personal information, particularly for analytics and research purposes.

Regular Software Updates and Patching

Ensuring that vehicle software is regularly updated is crucial for maintaining security:

 Over-the-Air (OTA) Updates: Implement secure OTA update mechanisms that verify the integrity and
authenticity of updates before installation. This includes using cryptographic signatures and checksums.
 Update Notifications: Notify users about available updates and provide clear instructions for applying
them, ensuring that they understand the importance of keeping their systems up to date.
 Rollback Mechanisms: Establish rollback procedures to revert to previous versions in case of update
failures or unforeseen issues.

Incident Response and Recovery

Having a well-defined incident response plan is critical for effectively managing security breaches:

 Incident Response Plan: Develop a comprehensive incident response plan that outlines procedures for
detecting, responding to, and recovering from security incidents. Regularly test and update the plan to
ensure its effectiveness.
 Forensic Analysis: Implement logging and monitoring systems to collect data during incidents, allowing
for thorough forensic analysis and identification of the root cause.
 Post-Incident Review: Conduct post-incident reviews to evaluate the response to security events and
identify areas for improvement in security practices.

28 | P a g e
2023MT12086/2023MT12099/2023MT12120
BIRLA INSTITUTE OF TECHNOLOGY & SCIENCE, PILANI
WORK-INTEGRATED LEARNING PROGRAMMES DIVISION

Supply Chain Security

 Vendor Management:
o Conduct thorough security assessments of all suppliers and third-party vendors.
o Require compliance with established security standards from all component suppliers.
 Component Validation:
o Implement strict validation procedures for third-party components and software.
o Regularly audit supplier security practices to ensure adherence to security requirements.

User Education and Awareness

Educating users about security risks and best practices is essential for protecting connected vehicles:

 User Training: Provide training sessions for vehicle owners on recognizing phishing attacks, securing
personal information, and safely using connected vehicle features.
 Awareness Campaigns: Launch awareness campaigns that highlight the importance of vehicle security
and encourage users to report suspicious activities.
 Clear Communication: Clearly communicate security features and practices within the user interfaces
of mobile applications and in-vehicle systems, helping users understand how to protect their vehicles
and data.

The security of connected vehicles is a multifaceted challenge that requires a comprehensive approach to
address vulnerabilities across all layers of the architecture. By implementing the best practices outlined above,
stakeholders can significantly enhance the security of connected vehicles, protecting both users and their data
from potential threats. Continuous improvement, regular assessments, and user education are essential to stay
ahead of evolving security challenges in the connected vehicle ecosystem.

29 | P a g e
2023MT12086/2023MT12099/2023MT12120
BIRLA INSTITUTE OF TECHNOLOGY & SCIENCE, PILANI
WORK-INTEGRATED LEARNING PROGRAMMES DIVISION

Conclusion
The rise of connected vehicles represents a significant evolution in the automotive industry, integrating
advanced technologies and connectivity features that enhance user experience, improve safety, and promote
efficiency. However, this increased interconnectivity also brings with it a complex landscape of security
challenges and vulnerabilities. As connected vehicles become more prevalent, the need for robust security
measures to protect these systems and their users is more critical than ever.

In this report, we have examined various aspects of security within the context of connected vehicles, including
the identification of potential vulnerabilities and the implementation of security best practices. We discussed
the high-level architecture of connected vehicle systems, detailing the essential components such as in-vehicle
networks, communication systems, backend services, and user interfaces. Each layer presents unique security
challenges that necessitate tailored solutions to ensure the integrity, confidentiality, and availability of data.

One of the core themes throughout the discussion is the importance of a comprehensive security strategy that
encompasses all layers of the connected vehicle ecosystem. From secure software development practices to
robust network security measures, organizations must adopt a proactive approach to identify and mitigate risks.
Utilizing encryption, access controls, and intrusion detection systems are essential practices that enhance
security at various touchpoints, making it more difficult for attackers to compromise vehicle systems.

Moreover, the importance of regular software updates cannot be overstated. As vulnerabilities are discovered,
timely updates can prevent potential exploits. The implementation of secure over-the-air (OTA) updates ensures
that vehicles remain protected against emerging threats, thereby enhancing overall system security.
Additionally, the integration of incident response plans and forensic analysis capabilities allows organizations to
respond effectively to security breaches, ensuring quick recovery and learning from incidents.

Equally crucial is the role of user education and awareness. As vehicle owners interact with connected services,
they must understand the importance of maintaining security practices in their daily usage. Empowering users
through training and awareness campaigns can significantly reduce the likelihood of security incidents stemming
from user negligence or lack of knowledge.

In conclusion, securing connected vehicles is a multifaceted challenge that requires a holistic approach,
encompassing technical, organizational, and user-centered strategies. The best practices outlined in this report
provide a foundation for establishing a secure environment for connected vehicles, enabling the automotive
industry to harness the benefits of connectivity while minimizing the risks. As technology continues to evolve
and new threats emerge, ongoing vigilance and adaptation will be essential to ensure the safety and security of
connected vehicles and their occupants. By prioritizing security in every aspect of vehicle design and operation,
we can create a safer and more resilient automotive ecosystem that benefits all stakeholders involved.

30 | P a g e
2023MT12086/2023MT12099/2023MT12120
BIRLA INSTITUTE OF TECHNOLOGY & SCIENCE, PILANI
WORK-INTEGRATED LEARNING PROGRAMMES DIVISION

References.
1. https://www.sciencedirect.com
2. https://www.infineon.com/cms/en/about-infineon/make-iot-work/smart-car/
3. https://www.researchgate.net
4. https://www.kpit.com/insights/securing-a-connected-car/
5. https://www.hitachiastemo.com/en/products/connected/vsoc.html
6. Google
7. WIKIPEDIA

31 | P a g e
2023MT12086/2023MT12099/2023MT12120

IoT Auditing ISACA Version 1
100% (1)
IoT Auditing ISACA Version 1
61 pages
CAN Bus for Beginners: A Practical Guide to Automotive Networking
From Everand
CAN Bus for Beginners: A Practical Guide to Automotive Networking
Mohamad Charara
No ratings yet
Automotive Security: Best Practices
No ratings yet
Automotive Security: Best Practices
17 pages
Iic Pub G4 V1.00 PB-3
No ratings yet
Iic Pub G4 V1.00 PB-3
173 pages
CloudIOTsecurityCrsHandout
No ratings yet
CloudIOTsecurityCrsHandout
7 pages
Content Creation Revolution with chatGPT
From Everand
Content Creation Revolution with chatGPT
Maria Cowen
No ratings yet
Cybersecurity for Executives: A Guide to Protecting Your Business
From Everand
Cybersecurity for Executives: A Guide to Protecting Your Business
Matthew C. Smith
No ratings yet
IOT Tasks
No ratings yet
IOT Tasks
9 pages
Internet of Things (IoT) - Lecture 8
No ratings yet
Internet of Things (IoT) - Lecture 8
27 pages
Whitepaper Internet of Things 2017 DH v1
No ratings yet
Whitepaper Internet of Things 2017 DH v1
17 pages
Assignment 1 Cloud IoT Enterprise Security
No ratings yet
Assignment 1 Cloud IoT Enterprise Security
19 pages
IoT_Sec_lecture 8_unlocked
No ratings yet
IoT_Sec_lecture 8_unlocked
25 pages
Securing ChatGPT: Best Practices for Protecting Sensitive Data in AI Language Models
From Everand
Securing ChatGPT: Best Practices for Protecting Sensitive Data in AI Language Models
Matthew C. Smith
No ratings yet
266365-Enhancing Inte PDF
No ratings yet
266365-Enhancing Inte PDF
6 pages
WP2018 O-1-1-1 1 Good Practices For Security of IoT
No ratings yet
WP2018 O-1-1-1 1 Good Practices For Security of IoT
118 pages
Next Generation Internet of Things Distributed Intelligence at The Edge IERC 2018 Cluster Ebook 978-87-7022-007-1 P Web
100% (2)
Next Generation Internet of Things Distributed Intelligence at The Edge IERC 2018 Cluster Ebook 978-87-7022-007-1 P Web
352 pages
Windows IoT Security
No ratings yet
Windows IoT Security
13 pages
iot case study 02
No ratings yet
iot case study 02
8 pages
NXP Automotive Cyber Security
No ratings yet
NXP Automotive Cyber Security
49 pages
Understanding Iot Security Ecosystem PDF 6 W 3834
No ratings yet
Understanding Iot Security Ecosystem PDF 6 W 3834
19 pages
PSIOT UNIT 1
No ratings yet
PSIOT UNIT 1
19 pages
Iot Fundamentals:: Security & Privacy
No ratings yet
Iot Fundamentals:: Security & Privacy
21 pages
Internet_of_Things_Security_Principles_Application
No ratings yet
Internet_of_Things_Security_Principles_Application
44 pages
A I - C C A V: Rtificial Ntelligence Based Ybersecurity For Onnected and Utomated Ehicles
No ratings yet
A I - C C A V: Rtificial Ntelligence Based Ybersecurity For Onnected and Utomated Ehicles
158 pages
Internet of Things: Uditha Dharmakeerthi
No ratings yet
Internet of Things: Uditha Dharmakeerthi
36 pages
TE-20 Synopsis Final
No ratings yet
TE-20 Synopsis Final
8 pages
Unit-7: Iot Security
No ratings yet
Unit-7: Iot Security
21 pages
Iotsm: An End-To-End Security Model For Iot Ecosystems: Submitted By: Anubha Kabra (2K16/Co/51)
No ratings yet
Iotsm: An End-To-End Security Model For Iot Ecosystems: Submitted By: Anubha Kabra (2K16/Co/51)
3 pages
WP Iiot and 5g With Purdue Model
No ratings yet
WP Iiot and 5g With Purdue Model
16 pages
Get IoT security issues Gilchrist free all chapters
100% (2)
Get IoT security issues Gilchrist free all chapters
65 pages
IoT GTU Study Material Presentations Unit-7 07062021082654AM
No ratings yet
IoT GTU Study Material Presentations Unit-7 07062021082654AM
21 pages
ACN Review - Study of Security Issues and Solutions in Internet of Things (IoT)
No ratings yet
ACN Review - Study of Security Issues and Solutions in Internet of Things (IoT)
3 pages
IOT SECURITY 1-5 UNITS
No ratings yet
IOT SECURITY 1-5 UNITS
124 pages
Introduction To Iot and Its Security: Mr. Avinash Kumar
No ratings yet
Introduction To Iot and Its Security: Mr. Avinash Kumar
42 pages
Jan Meier MA PDF
No ratings yet
Jan Meier MA PDF
92 pages
CSD4011_IOT-SECURITY_LT_1.0_1_CSD4011-IoT Security
No ratings yet
CSD4011_IOT-SECURITY_LT_1.0_1_CSD4011-IoT Security
2 pages
IoT Security Guide
75% (4)
IoT Security Guide
145 pages
-IoT-Security-Best-Practices-Document
No ratings yet
-IoT-Security-Best-Practices-Document
17 pages
Bcaaiml405 Unit 4 Ppt
No ratings yet
Bcaaiml405 Unit 4 Ppt
28 pages
seminar ppt akz
No ratings yet
seminar ppt akz
14 pages
Chapter 6 Security and Governance
No ratings yet
Chapter 6 Security and Governance
31 pages
Security and Privacy in The Internet of Things Current Status and Open Issues
No ratings yet
Security and Privacy in The Internet of Things Current Status and Open Issues
8 pages
ot-and-Iot-device-security-in-industrial-control-systems (4)
No ratings yet
ot-and-Iot-device-security-in-industrial-control-systems (4)
10 pages
IISF-Industry Internet of Things Security Framework v2 (Ebook)
No ratings yet
IISF-Industry Internet of Things Security Framework v2 (Ebook)
191 pages
A Lightweight Authentication and Key Management for Intelligent Transport Systems
No ratings yet
A Lightweight Authentication and Key Management for Intelligent Transport Systems
139 pages
Cybersecurity for Industrial Internet of Things: Architecture, Models and Lessons Learned
No ratings yet
Cybersecurity for Industrial Internet of Things: Architecture, Models and Lessons Learned
20 pages
Security Goals in IoT
No ratings yet
Security Goals in IoT
7 pages
IoT GTU Study Material Presentations Unit-7 07062021082654AM
No ratings yet
IoT GTU Study Material Presentations Unit-7 07062021082654AM
21 pages
Iot WP Iot Security 1
No ratings yet
Iot WP Iot Security 1
12 pages
Anis Arafa M 201803 MSC
No ratings yet
Anis Arafa M 201803 MSC
89 pages
API Security by Joe
No ratings yet
API Security by Joe
23 pages
The Future of Learning: Revolutionizing Education Through Generative AI: AI Books, #11
From Everand
The Future of Learning: Revolutionizing Education Through Generative AI: AI Books, #11
Mohammad
No ratings yet
no.ntnu_inspera_111604085_111608655
No ratings yet
no.ntnu_inspera_111604085_111608655
132 pages
Iot CH4
No ratings yet
Iot CH4
14 pages
Presentation 4.1 Cloud & IoT Security
No ratings yet
Presentation 4.1 Cloud & IoT Security
2 pages
IOT Security
100% (2)
IOT Security
22 pages
Cybersecurity Issues in Emerging Technologies 1st Edition Leandros Maglaras (Editor) instant download
No ratings yet
Cybersecurity Issues in Emerging Technologies 1st Edition Leandros Maglaras (Editor) instant download
50 pages
Cybersecurity Issues in Emerging Technologies 1st Edition Leandros Maglaras (Editor) pdf download
100% (2)
Cybersecurity Issues in Emerging Technologies 1st Edition Leandros Maglaras (Editor) pdf download
70 pages
Security in IoT
100% (1)
Security in IoT
8 pages
IOT Security Unit 1 Notes
No ratings yet
IOT Security Unit 1 Notes
10 pages
Unethical Practices On The Internet
100% (1)
Unethical Practices On The Internet
12 pages
RESEARCH PROJECT ON ESTATE MANAGEMENT
No ratings yet
RESEARCH PROJECT ON ESTATE MANAGEMENT
55 pages
Society 5.0
No ratings yet
Society 5.0
14 pages
Smart Light Using Arduino
No ratings yet
Smart Light Using Arduino
45 pages
Sr AWS Cloud Development Engineer IoT Toolkit (1)
No ratings yet
Sr AWS Cloud Development Engineer IoT Toolkit (1)
3 pages
Home Access Control and Alarm System Using Labview
No ratings yet
Home Access Control and Alarm System Using Labview
3 pages
Past Questions of Ioe Information Systems
No ratings yet
Past Questions of Ioe Information Systems
75 pages
Precision Farming Using Diy - Kit: Mamoonariaz
No ratings yet
Precision Farming Using Diy - Kit: Mamoonariaz
6 pages
Internet of Things Course Outline
No ratings yet
Internet of Things Course Outline
3 pages
IJERT-Smart LPG Monitoring and Automatic Booking System Using IOT
No ratings yet
IJERT-Smart LPG Monitoring and Automatic Booking System Using IOT
5 pages
The HORSE Project The Application of Business
No ratings yet
The HORSE Project The Application of Business
29 pages
(Ebook) Data Center Handbook: Plan, Design, Build, and Operations of a Smart Data Center by Hwaiyu Geng ISBN 9781119597506, 1119597501 - Experience the full ebook by downloading it now
100% (2)
(Ebook) Data Center Handbook: Plan, Design, Build, and Operations of a Smart Data Center by Hwaiyu Geng ISBN 9781119597506, 1119597501 - Experience the full ebook by downloading it now
83 pages
DENSO Opens Technical Training Academy
No ratings yet
DENSO Opens Technical Training Academy
2 pages
1 - 43-IoT - Assignment Brief 1 2022
No ratings yet
1 - 43-IoT - Assignment Brief 1 2022
42 pages
01ce0806 Internet of Things 2
No ratings yet
01ce0806 Internet of Things 2
5 pages
5 Unique IOT Business Opportunities in Philippines
No ratings yet
5 Unique IOT Business Opportunities in Philippines
10 pages
Mining 4.0 Roadmap For The Future
No ratings yet
Mining 4.0 Roadmap For The Future
13 pages
Thesis Adjusment
No ratings yet
Thesis Adjusment
64 pages
iot black chain
No ratings yet
iot black chain
6 pages
SE AIDS - Internet of Things
No ratings yet
SE AIDS - Internet of Things
2 pages
CCE and IoT Publications (Source - RMS) Jan-Dec 2024 Checked
No ratings yet
CCE and IoT Publications (Source - RMS) Jan-Dec 2024 Checked
70 pages
Kreya Solutions
No ratings yet
Kreya Solutions
13 pages
Navigating The Digital Landscape Understanding and Managing Your Digital Footprint
No ratings yet
Navigating The Digital Landscape Understanding and Managing Your Digital Footprint
3 pages
[Ebooks PDF] download 5g Networks 1st Edition Atahar Khan full chapters
100% (2)
[Ebooks PDF] download 5g Networks 1st Edition Atahar Khan full chapters
81 pages
Shortlisted FYPs of NGIRI 2023 24
No ratings yet
Shortlisted FYPs of NGIRI 2023 24
43 pages
Reviewer Ict
No ratings yet
Reviewer Ict
35 pages
Severstal Annual Report ENG 2019
No ratings yet
Severstal Annual Report ENG 2019
100 pages
IOT & Smart Application Disruptions
No ratings yet
IOT & Smart Application Disruptions
15 pages
CP UVR 0801E1 IC User Manual
No ratings yet
CP UVR 0801E1 IC User Manual
284 pages
Zodiac RTLS Device (DT-W02100A) - Wi-Fi
No ratings yet
Zodiac RTLS Device (DT-W02100A) - Wi-Fi
3 pages