Designing Security for In-vehicle Networks: A Body Control Module (BCM) Centered Viewpoint

Abstract

The overabundance of attacks reported on in-vehicle networks triggered reactions from both the academic research communities and industry professionals. However, designing security for in-vehicle networks is a challenging task and it is yet unclear to what extent current proposals are suitable for real world vehicles. In this work, we advocate the use of a top-down approach in which we analyze the functionalities along with reported attacks. Due to the abundance of in-vehicle services and the associated large number of Electronic Control Units (ECUs), we center our analysis on a key subsystem from the car: the Body Control Module (BCM). The rationale behind choosing this particular module comes from at least three key factors: i) a large number of components that aredirectly linked to the BCM were target of previously reported attacks (e.g., keys and electronic immobilizes, tire sensors, diagnostic ports, etc.), ii) by design, body components are generally exposed to the outside and it is reasonable to assumethat adversaries will frequently have access to peripherals controlled by the BCM, iii) the BCM controls subsystems thatare both attractive from an economic perspective (e.g., accessto the car), or from a safety perspective (e.g., seat-belts, lights, etc.). Our discussion is entailed by a concrete analysis of therisks of reported attacks and preferable security designs.