Review of KIISC (정보보호학회지)

Korea Institute of Information Security and Cryptology (한국정보보호학회)
권호 표지

escar 회의 등을 통한 각국의 자동차 보안 기술 연구 동향

  • 김광조 (한국과학기술원 전산학과) ;
  • 이동수 (한국과학기술원 전산학과)
  • Published : 2014.04.30
Download PDF
⟨ Previous Next ⟩

Abstract

본 고는 최근 10년간 유럽과 미국에서 개최된 바가 있는 자동차 보안 기술에 관한 국제 학술 대회인 escar (Embedded Security in Cars)에서 발표된 논문을 분석하여 그동안의 기술 추이를 조사한 결과, 본 회의의 참가자 수가 매년 점차 증가하고 있어 국제적으로 자동차 사이버 보안에 대한 관심도가 증가하는 것을 알 수 있었다. 또한, 국내 자동차 보안 기술의 경쟁력 향상을 위하여 최근 2-3년간 미국, 유럽, 일본에서 ICT 기술을 접목한 스마트 자동차의 보안 기술에 관하여 정부 및 민간 차원에서 최신 프로젝트 추진 상황을 조사한다.

Keywords

References

  1. 31st Symposium on Cryptography and Information Security (SCIS2014), Kagoshima, Japan, Jan. 21-24, 2014. http://www.iwsec.org/scis2014
  2. escar (Embedded Security in Cars Conference) https://www.escar.info/
  3. Hiroaki Anada, Shin-ichi Matsumoto and Kourich Sakurai, "Trend of Car-Information Security: a Report on International Conference 'escar", Proc. of SCIS2014, Session 1B3-4, Kagoshima, Japan, Jan. 21-24, 2014.
  4. IPA(Infomation-technology Promotion Agengy, Japan), "자동차의 정보 보안에 대한 대처 가이드", 2012-03, http://www.ipa.go.jp/ security/fy24/reports/ emb_car/index.html
  5. R. Charette, "This car runs on code", Feb, 2009, http://www.spectrum.ieee.org/feb09/7649
  6. S. Checkoway, et al. "Comprehensive Experimental Analyses of Automotive Attack Surfaces." USENIX Security Symposium. 2011.
  7. F. Bruwer, W. Smit and G. Kuhn, "Microchips and remote control devices compromising same", US patent 5517187, May. 14, 1996
  8. A. Bogdanov, "Cryptanalysis of the KeeLoq block cipher", IACR ePrint Archive 2007/055
  9. E. Biham, O. Dunkelman, S. Indesteege, N. Keller, and B. Preneel, "How to steal cars- a practical attack on KeeLoq", Proc. of Eurocrypt2008, LNCS 4965, pp.1-18, Springer, Apr. 13-17, 2008.
  10. I.Rouf, R. Miller, H.Mustafa, T.Taylor, S.Oh, W.Xu, M.Gruteser, W.Trappe, and I. Seskar, "Security and privacy vulnerabilities of in-car wireless networks; A tire pressure monitoring system case study", USENIX Security 2010, pp.323-338, USENIX Association, Aug., 2010.
  11. S. Checkoway, D. McCoy, B. Kantor, D. Anderson, H. Shacham, S. Savage, K. Koscher, A. Czeskis, F. Roesner, and T. Kohno,"Comprehensive experimental analyses of automative attack surfaces", SEC11, pp.1-16, 2011.
  12. National Council of ISAC, http://www.isaccouncil.org/
  13. EVITA Deliverable 2.3, EVITA Project, 2009-12,http://ec.europa.eu/information_society/ apps/projects/logos/5/224275/080/deliverables/ 001_EVITAD423.pdf
  14. NIST SP 800-53 Rev. 4, 2012-02-28, http:// csrc.nist.gov/publications/PubsSPs.html
  15. STRIDE : Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege, Microsoft, 2006, http://msdn.microsoft.com/ja-jp/magazine/ cc163519.aspx
  16. HR 4348 : MAP - 21, Govtrack.us / Civic Impulse, LLC, 2012-04-16, http://www. govtrack.us/congress/bills/112/hr4348
  17. RITA : The Research and Innovative Technology Administration, http://www.rita.dot.gov/
  18. Volpe Center, http://www.volpe.dot.gov
  19. "SAE 2013 Government / Industry Meeting, Technical & Business Session", SAE, 2012, http://www.sae.org/servlets/techSession?EVT_ NAME=GI&GROUP_CD=SPEC&SCHED_NU M=199952&REQUEST_TYPE=SESSION_LIST
  20. "Connected Vehicle Safety Pilot Program", NHTSA, 2012-08-21, http:// www.safercar.gov/ ConnectedVehicles/
  21. RITA : The Research and Innovative Technology Administration, http://www.rita.dot.gov/
  22. "SAFETY PILOT MODEL DEPLOY- MENT", UMTRI, 2011, http://www.umtri.umich.edu/ content/ SafetyPilot_brochure_v3.pdf
  23. "Safety Pilot", 미국 RITA, 2012-11-21, http://www.its.dot.gov/safety_pilot/
  24. "USDOT ITS Research Program", RITA, 2012-05 -01, http://www.pcb.its.dot.gov/ t3/s120501/ s120501_row.pdf
  25. Presentations from the 2012 Event "Crash Avoidance II", SAE, 2012, http://www.sae.org/ events/gim/presentations/2012/
  26. ITS Standards Fact Sheets, IEEE 1609 - Family of Standards for Wireless Access in Vehicular Environments (WAVE), RITA, http://www.standards.its.dot.gov/Factsheets/Factsheet/80
  27. 올랜도 ITS 세계 회의 보고, http://www.its -jp.org/wp-content/uploads/2011/11/IS09-Security -for-Cooperative-Mobility.pdf
  28. CyberAutoChallenge Helps Expose Car Security Flaws, TechNewsDaily, 2012-08-17, http://www.technewsdaily.com/6109-cyberauto- challenge-car-security.html
  29. Battelle, http://www.battelle.org/
  30. TCG : Trusted Computing Group, http://www.trustedcomputinggroup.org/
  31. 제4회 TCG 공개 워크샵, TCG 일본 지부, 2012-11, http://www.trustedcomputinggroup.org/jp/jrfwork shop/pastworkshop4
  32. EVITA - Deliverable D4.4.2: Test Results, 2012-02-15, http://ec.europa.eu/information_ society/ apps/projects/logos/5/224275/080/deliverables/ 001_EVITAD442.pdf
  33. Embedded Linux Development Kit (ELDK), XILINX, http://wiki.xilinx.com/installing- eldk
  34. MATLAB Simulink, http://www.math works. co.jp/products/simulink/
  35. FP7 : EU's Seventh Framework Progra- mme for Research, http://ec.europa.eu/research/fp7/index _en.cfm
  36. SCORE@F, ITS World 2012, http://2012.itsworldcongress.com/zone/Exhibitor List/Exhibitor/8633/SCOREF
  37. C2C-CC : CAR 2 CAR Communication Consortium, http://www.car-to-car.org/
  38. ETSI : European Telecommunications Standards Institute, http://www.etsi.org
  39. EC M/453 : STANDARDISATION MANDATE ADDRESSED TO CEN, CENELEC AND ETSI IN THE FIELD OF INFORMATION AND COMMUNI- CATION TECHNOLOGIES TO SUPPORT THE INTEROPERABILITY OF COOPERATIVE SYSTEMS FOR INTELLIGENT TRANSPORT IN THE EUROPEAN COMMUNITY, EU, 2009-10-06, http://ec.europa.eu/enterprise/sectors/ict/files/standardisation_ mandate_en.pdf
  40. "International ITS Harmonization Workshop", EU - US HTG, PRESERVE 공동 , 2012-11-15, http://www.preserve-project.eu/harmonizationworkshop
  41. EU-US Standards Harmonization Task Group Report: Overview of Harmonization Task Groups 1&3, 2012-11-15, http://ntl.bts. gov/lib/48000/48500/48524/4487DD4C.pdf
  42. "도로와 자동차 및 차량 간 협조 시스템의 통합 방법" JARI 스즈키 히로요시, 2012-10-06, http://www. jari.or.jp//tabid/259/pdid/53/Default.aspx
  43. ITS Standardization Activities in Japan, JSAE, 2013, https://www.jsae.or.jp/01info/its/2013_bro _e.pdf
  44. Dornier Consulting GmbH, http://www.dornier-consulting.com
  45. DIAMONDS Project, http://www.itea2-diamonds.org/
  46. A case study report on security testing of Bluetooth functionality in an automotive environment, Dornier Consulting, 2012-11-29, https://www.escar.info/fileadmin/Datastore/ 2012_escar-Vortraege/Dornier_Presentation.pdf
  47. EUREKA, http://www.eurekanetwork.org/
  48. ITEA2 : Information Technology for European Advancement, http://www.itea2.org/
  49. OVERSEE Project (Open Vehicle Secure Platform), https://www.oversee-project.com/
  50. OVERSEE - A Secure and Open In - Vehicle IT Platform, Hakan Cankaya, escrypt, 2012-11-28, https://www.escar.info/fieadmin/Datastore/2012 _escar-Vortraege/ESCRYPT_OVERSEE_Presentation.pdf
  51. "2011 년도 자동차 정보 보안 동향에 관한 조사 보고서의 공개 - 네트워크화 오픈화에 수반되는 자동차 보안", IPA, 2012-05-31, http://www.ipa.go.jp/security/fy23/reports/ emb_car/index.html
  52. IPA 기술 동향보고서 "자동차 정보 보안에 관한 보고서", IPA, 2012-05-31, http://www.ipa.go. jp/about/technicalwatch/20120531.html
  53. ITS World Congress 2012, 2012-10-22, http://2012.itsworldcongress.com/
  54. Cybersecurity and the impacts on the Intelligent Transportation System, ITS World Congress, 2012-10-25, http://2012.itsworldcongress.com/zone/Timetable/ Event/178
  55. 2012 년도 ITS 표준화 위원회 위원 참가자 명단, JSAE, 2013-08-29, https://www.jsae.or.jp/ 01info/ org/its/its_meibo.pdf
  56. JEITA : 일반 사단 법인 전자 정보 기술 산업 협회, http://www.jeita.or.jp/
  57. Nomadic Device "자동차 관련 활용 및 관련 표준화 동향", JARI, 2012-06-27, http://www.jari.or. jp/tabid/76/Default.aspx?itemid=9
  58. ITS 정보 통신 시스템 추진회의, http://www.itsforum.gr.jp/
  59. 운전 지원 시스템에 대한 보안 지침 ITS FORUM RC009 1.1 판, ITS Forum, 2012-04-25, http://www.itsforum.gr.jp/Public/J7Database/p41/ p41.pdf
  60. ITS 기술의 조기 실용화를 위하여, ITS 실험장을 구축 [도요타 자동차], JSAE, 2012-11-12, http://guide.jsae.or.jp/topics/44144/
  61. ISIT 제13회 차량 일렉트로닉스 연구회, http://www.car-electronics.jp/old/13th/