On authentication in a connected vehicle: Secure integration of mobile devices with vehicular networks

Recent advances in in-vehicle technologies have paved way to a new era of connectivity. Vehicle manufacturers have already deployed various technologies for driving assistance, anti-theft, and infotainment. They are now developing ways to interface mobile devices with vehicles and provide the customer´s smart phone or tablet the ability to send/receive information to/from the car. However, such an integration introduces severe security risks to the vehicle. The in-vehicle network was originally designed to operate in a closed environment and thus, security was not of concern. It has now become an important issue due to an increasing number of external interfaces to the in-vehicle network. Several studies have already shown that an in-vehicle network can be easily compromised just by connecting cheap commercial devices and doing reverse engineering. Although research efforts have been made to secure in-vehicle networks, most of them focused on defining security requirements, or presenting attack scenarios without providing any feasible solution. Also, to the best of our knowledge, there hasn´t been any study with a specific focus on understanding and analyzing the security aspects of integrating mobile devices with cars. In this paper, we define the integration model, present the attack scenarios, define the security objectives, and then propose a 3-step verification mechanism that meets our objectives.