Experimental Security Analysis of a Modern Automobile

San Diego, May 14, 2010  --  Computer scientists led by professor Stefan Savage from UC San Diego Jacobs School of Engineering and professor Tadayoshi Kohno, a UCSD alumnus now at the University of Washington, will present the peer-reviewed paper “Experimental Security Analysis of a Modern Automobile” at the IEEE Symposium on Security and Privacy in Oakland, CA on May 19, 2010.

Center for Automotive Embedded Systems Security website

The computer science professors, students and staff who performed this research are part of the Center for Automotive Embedded Systems Security (CAESS), a collaboration between researchers at the two universities. CAESS faculty affiliated with Calit2 at UC San Diego include paper co-authors Stefan Savage and Hovan Shacham, as well as Ingolf Krueger, a computer science professor who also runs Calit2's Software & Systems Architecture & Integration Team (SAINT) lab.

Below are excerpts from Frequently Asked Questions (FAQ) that the researchers put together for the CAESS website. (Read the entire FAQ here.)

There are over 250 million registered passenger automobiles in the United States. The vast majority of these are computer controlled to a significant degree and virtually all new cars are now pervasively computerized. Computers (in the form of self-contained embedded systems) have been integrated into virtually every aspect of a car's functioning and diagnostics, including the throttle, transmission, brakes, speedometer, climate and lighting controls, external lights, and entertainment.

Many components [are] controlled partially or entirely by computers and networked both internally and externally. This architecture is indeed the basis for significant advances in safety (e.g., anti-lock brakes), fuel efficiency, and convenience. However, increasing computerization also creates new risks that must be addressed as well. Our research mission is to help ensure that these future automotive systems can enjoy the benefits of a computerized architecture while providing strong assurances of safety, security, and privacy.

What is this paper about?

The paper "Experimental Security Analysis of a Modern Automobile" is an example of our experimental research theme. Our research was aimed at comprehensively assessing — and learning from — how much resilience a conventional automobile has against a digital attack mounted against its internal components by an attacker with access to the car's internal network. To help answer this question, we experimentally analyzed and evaluated the computers coordinated within the internal networks of a modern car and described the range of security issues we discovered in the process.

This paper appears at the 2010 IEEE Symposium on Security and Privacy, a peer-reviewed academic conference in the computer security research field.

Should car owners be concerned?

We believe that car owners today should not be overly concerned at this time. It requires significant sophistication to develop the capabilities described in our paper and we are unaware of any attackers who are even targeting automobiles at this time.

However, we do believe that our work should be read as a wake-up call. While today's car owners should not be alarmed, we believe that it is time to focus squarely on addressing potential automotive security issues to ensure that future cars — with ever more sophisticated computer control and broader wireless connectivity — will be able to offer commensurately strong security guarantees as well.

Read the entire FAQ at: http://www.autosec.org/faq.html.

Media Contacts

 Daniel Kane, Jacobs School of Engineering, 858-534-3262, dbkane@ucsd.edu

Related Links

Center for Automotive Embedded Systems Security
Download the paper
Computer Science and Engineering