PRESENCE

PRESENCE

PRivacy-Enabled, SEcured iNteractions between vehiCles and smart Electronic devices

PRESENCE

PRESENCE (PRivacy-Enabled, SEcured iNteractions between vehiCles and smart Electronic devices) is a two year research project funded by the Romanian National Authority for Scientific Research and Innovation (CNCS-UEFISCDI) for the establishment of young reasearch teams (project no. PN-III-P1-1.1-TE-2016-1317 , 2018-2020)


Abstract: PRESENCE addresses the security of the newly emerged ecosystem of modern vehicles that interact with intelligent mobile devices, e.g., smart-phones, over wireless interfaces also involving cloud-based support. The generous interface of modern smartphones paves way for adding access control functions to various car components (doors, engine, lights, etc.) and the cloud-based support offers room for remote configuration and rights delegation. Replacing traditional keys with smartphones appears like a natural step for achieving increased usability and an improved user experience. But this comes with new security risks since wireless interfaces are more vulnerable and may open door for adversaries to the in-vehicle buses, e.g., CAN or FlexRay, which are intrinsically insecure. The main target of the project is the design, analysis and implementation of security and privacy mechanisms for mediating access to in-vehicle functionalities by using intelligent mobile devices instead of classical RF and/or mechanical vehicle keys that are rigid and are lacking in terms of configurability and functionalities. The design of such security solutions is challenged by limitations on computational capabilities of existing components, e.g., in-vehicle controllers, as well as by the potential insecurity of smartphones. Our project calls for the use of security enforcing technologies (e.g., NFC security cards) and modern device pairing techniques by harvesting environmental data (e.g., accelerometer data) to provide a secure and usable solution. Privacy enhancing technologies also need to be put in place in order to protect the users in front of corrupted cloud owners. As deployment platform we target Android, the mobile OS with the largest installed base. We also test the computational feasibility of the proposed solutions on a commonly employed controller for car BCMs (Body Control Module) in a proof-of-concept laboratory setup.


Expected results (24 months):
  • flexible access control policy for vehicle functionalities from smartphones, e.g., [pdf]

  • remote access to vehicle functionalities from smartphones via the internet/cloud

  • embedding security enforcing technologies, e.g., TPM [pdf]

  • embedding cryptographic technologies on in-vehicle electronic control units and buses

  • environment-based device association, e.g., by accelerometer data

  • submissions to relevant journals and conferences, publication list here
setup

setup