Related papers: Building Automotive Security on Internet Standards: An Integration of DNSSEC, DANE, and DANCE to Authenticate and Authorize In-Car Services

Building Automotive Security on Internet Standards: An Integration of DNSSEC, DANE, and DANCE to Authenticate and Authorize In-Car Services

URL: http://arxiv.org/abs/2506.13261v1
Date: Mon, 16 Jun 2025 09:02:32 GMT
Title: Building Automotive Security on Internet Standards: An Integration of DNSSEC, DANE, and DANCE to Authenticate and Authorize In-Car Services
Authors: Timo Salomon, Mehmet Mueller, Philipp Meyer, Thomas C. Schmidt,
Abstract summary: We propose to authenticate and authorize in-vehicle services by integrating DNSSEC, DANE, and DANCE with automotive.<n>Our approach decouples the cryptographic authentication of the service from that of the service deployment with the help of DNSSEC.<n>We propose to authenticate in-vehicle services by certificates that are solely generated by the service suppliers but published on deployment via DNSSEC TLSA records solely signed by the OEM.
Score: 0.4374837991804086
License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
Abstract: The automotive industry is undergoing a software-as-a-service transformation that enables software-defined functions and post-sale updates via cloud and vehicle-to-everything communication. Connectivity in cars introduces significant security challenges, as remote attacks on vehicles have become increasingly prevalent. Current automotive designs call for security solutions that address the entire lifetime of a vehicle. In this paper, we propose to authenticate and authorize in-vehicle services by integrating DNSSEC, DANE, and DANCE with automotive middleware. Our approach decouples the cryptographic authentication of the service from that of the service deployment with the help of DNSSEC and thereby largely simplifies key management. We propose to authenticate in-vehicle services by certificates that are solely generated by the service suppliers but published on deployment via DNSSEC TLSA records solely signed by the OEM. Building on well-established Internet standards ensures interoperability with various current and future protocols, scalable management of credentials for millions of connected vehicles at well-established security levels. We back our design proposal by a security analysis using the STRIDE threat model and by evaluations in a realistic in-vehicle setup that demonstrate its effectiveness.

Related papers

Automating Safety Enhancement for LLM-based Agents with Synthetic Risk Scenarios [77.86600052899156]
Large Language Model (LLM)-based agents are increasingly deployed in real-world applications.<n>We propose AutoSafe, the first framework that systematically enhances agent safety through fully automated synthetic data generation.<n>We show that AutoSafe boosts safety scores by 45% on average and achieves a 28.91% improvement on real-world tasks.
arXiv Detail & Related papers (2025-05-23T10:56:06Z)
Trusted Identities for AI Agents: Leveraging Telco-Hosted eSIM Infrastructure [0.0]
We propose a conceptual architecture that leverages telecom-grade eSIM infrastructure.<n>Rather than embedding SIM credentials in hardware devices, we envision a model where telcos host secure, certified hardware modules.<n>This paper is intended as a conceptual framework to open discussion around standardization, security architecture, and the role of telecom infrastructure in the evolving agent economy.
arXiv Detail & Related papers (2025-04-17T15:36:26Z)
EVSOAR: Security Orchestration, Automation and Response via EV Charging Stations [0.0]
Vehicle cybersecurity has emerged as a critical concern, driven by the innovation in the automotive industry.<n>Current efforts to address these challenges are constrained by the limited computational resources of vehicles.
arXiv Detail & Related papers (2025-03-21T09:48:29Z)
VMGuard: Reputation-Based Incentive Mechanism for Poisoning Attack Detection in Vehicular Metaverse [52.57251742991769]
vehicular Metaverse guard (VMGuard) protects vehicular Metaverse systems from data poisoning attacks.<n>VMGuard implements a reputation-based incentive mechanism to assess the trustworthiness of participating SIoT devices.<n>Our system ensures that reliable SIoT devices, previously missclassified, are not barred from participating in future rounds of the market.
arXiv Detail & Related papers (2024-12-05T17:08:20Z)
Differentiated Security Architecture for Secure and Efficient Infotainment Data Communication in IoV Networks [55.340315838742015]
Negligence on the security of infotainment data communication in IoV networks can unintentionally open an easy access point for social engineering attacks. In particular, we first classify data communication in the IoV network, examine the security focus of each data communication, and then develop a differentiated security architecture to provide security protection on a file-to-file basis.
arXiv Detail & Related papers (2024-03-29T12:01:31Z)
SISSA: Real-time Monitoring of Hardware Functional Safety and Cybersecurity with In-vehicle SOME/IP Ethernet Traffic [49.549771439609046]
We propose SISSA, a SOME/IP communication traffic-based approach for modeling and analyzing in-vehicle functional safety and cyber security. Specifically, SISSA models hardware failures with the Weibull distribution and addresses five potential attacks on SOME/IP communication. Extensive experimental results show the effectiveness and efficiency of SISSA.
arXiv Detail & Related papers (2024-02-21T03:31:40Z)
A Survey and Comparative Analysis of Security Properties of CAN Authentication Protocols [92.81385447582882]
The Controller Area Network (CAN) bus leaves in-vehicle communications inherently non-secure. This paper reviews and compares the 15 most prominent authentication protocols for the CAN bus. We evaluate protocols based on essential operational criteria that contribute to ease of implementation.
arXiv Detail & Related papers (2024-01-19T14:52:04Z)
Ensuring End-to-End Security with Fine-grained Access Control for Connected and Autonomous Vehicles [16.419749089728686]
We propose a practical and secure vehicular communication protocol for the E2E security based on a new attribute-based encryption scheme. Our scheme achieves the confidentiality, message authentication, identity anonymity, unlinkability, traceability, and reconfigurable outsourced computation.
arXiv Detail & Related papers (2023-12-13T05:08:17Z)
ESP2CS: Securing Internet of Vehicles through Blockchain-enabled Communications and Payments [1.6574413179773761]
The Internet of Vehicles (IoV) promises to revolutionize transportation through enhanced safety, efficiency, and environmental sustainability. This research introduces the Everything based Secure Payment and Communication Solution (ESP2CS) ESP2CS ensures robust and secure VehicleV2X communications and payments amidst rising cyber threats. The solution is complemented by an Android Auto application for vehicles, streamlining inter vehicle communication, parking space detection, and transaction management.
arXiv Detail & Related papers (2023-12-05T09:02:56Z)
When Authentication Is Not Enough: On the Security of Behavioral-Based Driver Authentication Systems [53.2306792009435]
We develop two lightweight driver authentication systems based on Random Forest and Recurrent Neural Network architectures. We are the first to propose attacks against these systems by developing two novel evasion attacks, SMARTCAN and GANCAN. Through our contributions, we aid practitioners in safely adopting these systems, help reduce car thefts, and enhance driver security.
arXiv Detail & Related papers (2023-06-09T14:33:26Z)
Smart and Secure CAV Networks Empowered by AI-Enabled Blockchain: Next Frontier for Intelligent Safe-Driving Assessment [17.926728975133113]
Securing a safe-driving circumstance for connected and autonomous vehicles (CAVs) continues to be a widespread concern. We propose a novel framework of algorithm-enabled intElligent Safe-driving assessmenT (BEST) to offer a smart and reliable approach.
arXiv Detail & Related papers (2021-04-09T19:08:34Z)

This list is automatically generated from the titles and abstracts of the papers in this site.