• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.11 no.2
• /
• pp.865-882
• /
• 2017

To improve passenger convenience and safety, today's vehicle is evolving into a "connected vehicle," which mounts various sensors, electronic control devices, and wired/wireless communication devices. However, as the number of connections to external networks via the various electronic devices of connected vehicles increases and the internal structures of vehicles become more complex, there is an increasing chance of encountering issues such as malfunctions due to various functional defects and hacking. Recalls and indemnifications due to such hacking or defects, which may occur as vehicles evolve into connected vehicles, are becoming a new risk for automakers, causing devastating financial losses. Therefore, automakers need to make voluntary efforts to comply with security ethics and strengthen their responsibilities. In this study, we investigated potential security issues that may occur under a connected vehicle environment (vehicle-to-vehicle, vehicle-to-infrastructure, and internal communication). Furthermore, we analyzed several case studies related to automaker's legal risks and responsibilities and identified the security requirements and necessary roles to be played by each player in the automobile development process (design, manufacturing, sales, and post-sales management) to enhance their responsibility, along with measures to manage their legal risks.

• Journal of Information Processing Systems
• /
• v.20 no.2
• /
• pp.173-184
• /
• 2024

The connected car services are one of the most widely used services in the Internet of Things environment, and they provide numerous services to existing vehicles by connecting them through networks inside and outside the vehicle. However, although vehicle manufacturers are developing services considering the means to secure the connected car services, concerns about the security of the connected car services are growing due to the increasing number of attack cases. In this study, we reviewed the research related to the connected car services that have been announced so far, and we identified the threats that may exist in the connected car services through security threat modeling to improve the fundamental security level of the connected car services. As a result of performing the test to the applications for connected car services developed by four manufacturers, we found that all four companies' applications excessively requested unnecessary permissions for application operation, and the apps did not obfuscate the source code. Additionally, we found that there were still vulnerabilities in application items such as exposing error messages and debugging information.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.4
• /
• pp.753-773
• /
• 2019

CV(Connected Vehicle) technology provides safety-related services and user convenience-related services to vehicle. Safety-related services can cause privacy problem by continuously transmitting vehicle information to nearby vehicles or base stations. Therefore, safety-related services should provide vehicle anonymity for privacy protection. However, if convenience-related services such as payment services fail to provide vehicle anonymity, driver information related to safety-related services may also be leaked. In this paper, we design a payment protocol based on ECQV(Elliptic Curve Qu-Vanstone) impicit certificate and group signature that provides BU-anonymity and traceability. The proposed payment protocol makes it impossible to track vehicles from payment transactions history by separating roles of payment system components. Moreover, we define the security requirements that the vehicle payment protocol must satisfy and show that the protocol satisfies the requirements.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.15 no.2
• /
• pp.637-657
• /
• 2021

While the conventional vehicle's Head-Units played relatively simple roles (e.g., control of heating ventilation and air conditioning, the radio reception), they have been evolving into vehicle-driver interface with the advent of the concept of Connected Car on top of a rapid development of ICT technology. The Head-Unit is now successfully extended as an IVI (In Vehicle Infotainment) that can operate various functions on multimedia, navigation, information with regards to vehicle's parts (e.g. air pressure, oil gauge, etc.). In this paper, we propose a platform architecture for IVI devices required to achieve the goal as a connected car. Connected car platform (CoCaP) consists of vehicle selective gateway (VSG) for receiving and controlling data from major components of a vehicle, application framework including native and web APIs required to request VSG functionality from outside, and service framework for driver assistance. CoCaP is implemented using Tizen IVI and Android on hardware platforms manufactured for IVI such as Nexcom's VTC1010 and Freescale's i.MX6q/dl, respectively. For more practical verification, CoCaP platform was applied to an real-world finished vehicle. And it was confirmed the vehicle's main components could be controlled using various devices. In addition, by deriving several services for driver assistance and developing them based on CoCaP, this platform is expected to be available in various ways in connected car and ITS environments.

• The Journal of The Korea Institute of Intelligent Transport Systems
• /
• v.18 no.2
• /
• pp.144-155
• /
• 2019

One of the issues of the automotive industry today is autonomous driving vehicles. In order to achieve level 3 or higher as defined by SAE International, harmonization of autonomous driving technology and connected technology is essential. Current vehicles have new features such as autonomous driving, which not only increases the number of electrical components, but also the amount and complexity of software. As a result, the attack surface, which is the access point of attack, is widening, and software security vulnerabilities are also increasing. However, the reality is that the essential security requirements for vehicles are not defined. In this paper, based on real attacks and vulnerability cases and trends, we identify the assets in the in-vehicle network and derive the threats. We also defined the security requirements and derived essential security requirements that should be applied at least to the safety of the vehicle occupant through risk analysis.

• Journal of the Korea Society of Computer and Information
• /
• v.22 no.10
• /
• pp.47-54
• /
• 2017

In this paper, we propose a connected car platform architecture called Mobile Second for developing of verity convergence services. A Mobile Second platform architecture is designed to provide more powerful and diverse convergence services for vehicles and drivers by applying technologies of Connected Car and ICT Convergence in various ways. The Mobile Second platform is implemented by applying Tizen IVI and Android to hardware platforms for IVI, Nexcom's VTC1010 and Freescale's i.MX6q/dl respectively. The Mobile Second platform provides the driver with the vehicle's information via IVI devices, mobile devices and PCs, etc., and provides Vehicle Selective Gateway(VSG) and Vehicle Control Framework for the driver to control his/her vehicle, and also provides a web framework to enable the use of VSG's APIs for the monitoring and controlling the vehicle information in various mobile environments as well as IVI devices. Since the Mobile Second platform aims to create new variety of services for Connected Car, it includes service frameworks for Smart Care / Self diagonostics, Mood & Entertainment services, and Runtime, libraries and APIs needed for the development of related applications. The libraries given by the Mobile Second Platform provides both a native library for native application support and a Java Script-based library for web application support, minimizing the dependency on the platform and contributing the convenience of developers at the same time.

• Journal of Convergence for Information Technology
• /
• v.8 no.5
• /
• pp.115-120
• /
• 2018

As the number ofconnected cars grows, the security of the connected cars is becoming more important. There are also increasing warnings about the threat of attacks via the CAN bus used for in-vehicle networks. An attack can attack through a vulnerability in the CAN bus because the attacker can access the CAN bus remotely, or directly to the vehicle, without a security certificate on the vehicle, and send a malicious error message to the devices connected to the CAN bus. A large number of error messages put the devices into a 'Bus-Off' state, causing the device to stop functioning. There is a way to detect the error frame, or to manage the power of the devices related to the bus, but eventually the new standard for the CAN bus will be the fundamental solution to the problem. If new standards are adopted in the future, they will need to be studied.

• Journal of Auto-vehicle Safety Association
• /
• v.13 no.4
• /
• pp.81-91
• /
• 2021

Last year, the Autonomous Vehicle Act was enacted to respond to deployment of autonomous vehicles. But the Act stipulates the operation of autonomous vehicle pilot zones, In addition, in order to analyze autonomous vehicle accidents and establish a reasonable damage compensation system, the Automobile Damage Compensation Guarantee Act was revised. But, It is necessary to seek plans for institutional development such as detailed concepts of self-driving cars and driving, a security certification system for securing safety of autonomous cooperative driving, and enhancement of the effectiveness of special cases related to personal information processing. I would like to seek ways to improve the legal system to respond reasonably to the deployment of autonomous vehicles.

• Journal of Digital Contents Society
• /
• v.8 no.3
• /
• pp.371-376
• /
• 2007

Many modules such as controller, sensor, telematics terminal, navigation, audio and video are connected each other via vehicle network (CAN, MOST, etc). Futhermore, users can have ITS or internet services in moving by connecting to wireless mobile network. These network capabilities can cause a lots of security issues such as data hacking, privacy violation, location tracking and so on. Some possibilities which raise a breakdown or accident by hacking vehicle operation data (sensor, control data) are on the increase. In this paper, we propose a security module which has encryption functionalities and can be used for vehicle network system such as CAN, MOST, etc. This security module can provide conventional encryption algorithms and digital signature processing functionality such as DES, 3-DES, SEED, ECC, and RSA.

• Journal of Digital Convergence
• /
• v.13 no.9
• /
• pp.297-302
• /
• 2015

The increase in applying IT to vehicles has given birth to smart cars or connected cars. As smarts cars become connected with external network systems, threats to communication security are on the rise. With simulation test results supporting such threats to Convergence security in vehicular communication, concerns are raised over relevant vulnerabilities, while an increasing number of studies on secure vehicular communication are published. Hacking attacks against vehicles are more dangerous than other types of hacking attempts because such attacks may threaten drivers' lives and cause social instability. This paper designed a Convergence security protocol for inter-vehicle and intra-vehicle communication using a hash function, nonce, public keys, time stamps and passwords. The proposed protocol was tested with a formal verification tool, Casper/FDR, and found secure and safe against external attacks.