Abstract
Smartphones are quickly moving toward complementing or even replacing traditional car keys. We advocate a role-based access control policy mixed with attributes that facilitates access to various functionalities of vehicular on-board units from smartphones. We use a rights-based access control policy for in-vehicle functionalities similar to the case of a file allocation table of a contemporary OS, in which read, write or execute operations can be performed over various vehicle functions. Further, to assure the appropriate security, we develop a protocol suite using identity-based cryptography and we rely on group signatures that preserve the anonymity of group members for assuring privacy and traceability. To prove the feasibility of our approach, we develop a proof-of-concept implementation with modern smartphones, aftermarket Android head-units and test computational feasibility on a real-world in-vehicle controller. Our implementation relies on state-of-the-art cryptography, including traditional building blocks and more modern pairing-friendly curves, that facilitate the adoption of group signatures and identity-based cryptography in automotive-based scenarios.
Highlights
AND MOTIVATIONThe generous interface of modern smartphones and their ubiquitousness opens road for adding access control to various car functionalities as well as for remote configuration and rights delegation
The access control procedure is based on role-based access control (RBAC) to which we add some attributes that are needed for the roles
The increased computational power of modern smartphones and their generous user-interface facilitates the implementation of various car access control functionalities and more exquisite protocols with advanced functionalities
Summary
AND MOTIVATIONThe generous interface of modern smartphones and their ubiquitousness opens road for adding access control to various car functionalities as well as for remote configuration and rights delegation. Classical radio-frequency (RF) and/or mechanical vehicle keys are rigid and lack in terms of flexibility and functionalities Perhaps surprising, despite their simplicity, classical RF keys have shown numerous flaws that led to a plethora of reported attacks targeting weaknesses in regular RF keys [59], [63], open-source immobilizer specifications [53], or passive keyless entry systems [24], [26], [64]. Despite their simplicity, classical RF keys have shown numerous flaws that led to a plethora of reported attacks targeting weaknesses in regular RF keys [59], [63], open-source immobilizer specifications [53], or passive keyless entry systems [24], [26], [64] It seems that the security of traditional car keys is lacking in many respects. This merely complements a landscape which became familiar to us in the recent years
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
