Idea: Security Engineering Principles for Day Two Car2X Applications

• Published in: Engineering Secure Software and Systems pp. 213 - 221
• Main Authors: Fröschle, Sibylle, Stühring, Alexander
• Format: Book Chapter
• Language: English
• Published: Cham Springer International Publishing 2014
• Series: Lecture Notes in Computer Science
• Subjects: Head Unit; Road Side Unit; Security Architecture; User Credential; Vehicular Communication
• ISBN: 3319048961; 9783319048963
• ISSN: 0302-9743; 1611-3349
• DOI: 10.1007/978-3-319-04897-0_14

Car2X communication based on IEEE 802.11p has been prepared over the last years by a tremendous collaborative effort of the automotive industry, researchers, and standardization bodies. At the European level ETSI has released a first set of standards for interoperability and initial deployment in February this year. The “day one” Car2X applications, which will be implemented soon, do not automatically intervene into the driving behaviour of a car, but such “day two” applications will be the next step. In this idea paper we highlight some principle differences between Car2X and traditional security-relevant systems such as banking. We show how this might lead to a more straightforward escalation of attacks, which should be kept in mind in view of the safety-relevant “day two” applications. We also propose a principle of how to avoid this. In current work we test the feasibility of the attacks.