Experimental Security Analysis of a Modern Automobile
San Diego, CA, May 14, 2010 -- Computer scientists led by professor Stefan Savage from UC San Diego Jacobs School of Engineering and professor Tadayoshi Kohno from the University of Washington will present the peer-reviewed paper “Experimental Security Analysis of a Modern Automobile” at the IEEE Symposium on Security and Privacy in Oakland, CA on May 19, 2010.
Below are the first three questions and answers from an FAQ that the researchers put together. Read the entire FAQ at: http://www.autosec.org/faq.html
The computer science professors, students and staff who performed this research are part of the Center for Automotive Embedded Systems Security (CAESS), a collaboration between researchers at the University of California San Diego and the University of Washington.
Who are you and what is your research about?
Our group is a collaboration between researchers at the University of California San Diego and the University of Washington. Our efforts are supported by grants from the U.S. National Science Foundation.
Modern automobiles are becoming increasingly computerized — with many components controlled partially or entirely by computers and networked both internally and externally. This architecture is indeed the basis for significant advances in safety (e.g., anti-lock brakes), fuel efficiency, and convenience. However, increasing computerization also creates new risks that must be addressed as well. Our research mission is to help ensure that these future automotive systems can enjoy the benefits of a computerized architecture while providing strong assurances of safety, security, and privacy.
Our research consists of three complementary strands: conceptual, experimental, and developmental. We conceptually evaluate the computer security landscape for potential future automobiles in order to guide our experimental and developmental research. We experimentally evaluate real examples of today's technologies to create informed understandings of potential computer security risks with future automobiles, as well as understandings of the challenges for overcoming those risks. We then develop new security technologies to overcome those challenges and mitigate the associated risks.
What is this paper about?
The paper "Experimental Security Analysis of a Modern Automobile" is an example of our experimental research theme. Our research was aimed at comprehensively assessing — and learning from — how much resilience a conventional automobile has against a digital attack mounted against its internal components by an attacker with access to the car's internal network. To help answer this question, we experimentally analyzed and evaluated the computers coordinated within the internal networks of a modern car and described the range of security issues we discovered in the process.
This paper appears at the 2010 IEEE Symposium on Security and Privacy, a peer-reviewed academic conference in the computer security research field.
Should car owners be concerned?
We believe that car owners today should not be overly concerned at this time. It requires significant sophistication to develop the capabilities described in our paper and we are unaware of any attackers who are even targeting automobiles at this time.
However, we do believe that our work should be read as a wake-up call. While today's car owners should not be alarmed, we believe that it is time to focus squarely on addressing potential automotive security issues to ensure that future cars — with ever more sophisticated computer control and broader wireless connectivity — will be able to offer commensurately strong security guarantees as well.
Read the entire FAQ at: http://www.autosec.org/faq.html