DeepSec 2011: patching vehicle insecurities
This entry was posted in security, talks and tagged DeepSec2011, vehicle security.
In this talk from the DeepSec 2011 conference Constantinos Patsakis and Kleanthis Dellios discuss their theory for developing more effective automotive security anti-theft systems.
They explain: “In order to patch known security breaches and create a more extensible in-vehicle computer system, we propose the use of a TTP (Time-Triggered Protocol) entity inside the vehicle, which sends the ignite signal to the engine only if the main parts of the vehicle have properly been authenticated. The vehicle’s MCU takes the role of the TTP, therefore applying a ‘Deny all’ policy towards any possible malicious hardware injection. In order to secure the MCU from software attacks, the MCU resides inside an application firewall which filters incoming traffic.”