Protecting Vehicles from Remote Attackers with Firewalls and Switched Networks

Remote attacks on vehicles have become alarmingly more common over the past decade. Attackers often can compromise a single Electronic Control Unit (ECU) in the In-Vehicle Network (IVN) and then use it to send malicious messages that can cause a vehicle to stop, turn, or even crash. It is critical that we find a way to block or discard these messages. However, current IVNs contain few measures to prevent such threats. Most research in this area focuses on cryptography-based approaches that are too slow or too expensive for vehicle applications. In this thesis, we explore how we can stop many of these remote attacks without cryptography. We define a `security policy' that describes what messages are allowed in an IVN and then create a system of distributed firewalls to enforce it, blocking many remote attacks. Using newer, switched IVN topologies, we can authenticate messages with nearly zero additional overhead and implement our system with minimal changes to each ECU. This places the security responsibility on a few centralized network devices that automakers can more easily control and update, even after a vehicle is sold. We evaluate our firewall design using a network simulator and find that our approach is significantly faster than state-of-the-art cryptographic approaches.