Privacy and Security in Connected Vehicles Ecosystems

Modern vehicles could not be figured out without Internet connections in order to provide customers a wide range of services in the vehicle: infotainment platforms, third-party support, on-board and online monitor and maintenance, business analytics for car fleets. Exposure of the vehicles to the Internet turns them into targets for viruses, worms, Trojans, DoS and lot of other threats for connected vehicle security. Beside the classic threats of the Internet exposure, other new threats are introduced by the Internet of Things (IoT) new technologies that are poor regulated or undefined yet from the security point of view. Also, the large variety of the IoT technologies not being standardized yet contribute to security issues in this area of the automotive industry. This paper provides an overview of the connected vehicle environment, considering the main components of such kind of system and the main security challenges to be considered for building reliable secure online systems for connected vehicles.


Internet of Things Overview
Internet of Things (IoT) refers a tremendous variety of physical devices, vehicles, construction facilities and embedded systems having network connectivity features enabled to collect and exchange data between them directly or via a centralized information system.The Global Standards Initiative on Internet of Things (IoT-GSI) states: "The Internet of Things (IoT) has been defined in Recommendation ITU-T Y.2060 (06/2012) as a global infrastructure for the information society, enabling advanced services by interconnecting (physical and virtual) things based on existing and evolving interoperable information and communication technologies."[7].ITU is the United Nations specialized agency for information and communication technologies -ICTs.Many technology research companies estimates billions of devices to be connected into IoT infrastructures next year.Those large amounts of data generated by IoT represent a challenge for information systems to store, aggregate, index and process those data in order to provide more effectiveness during IoT usage processes.Possible IoT applications include [8]:  Media: application related to big data approach by using the IoT data for a better targeting of the consumers.Instead of the general traditional approach, the advertisers could target the marketing campaigns by using the consumers' mobile phones. Environmental monitoring: application using sensors to monitor quality of water, air and soil and their influence factors (e.g.waste management).Sensors could be deployed on large geographic areas such that the wildlife and its habitat are monitored.Also, implementations could be made triggering earthquakes and tsunami alarms for more effective emergency services. Infrastructure management: this kind of applications aims urban and rural infrastructures for monitoring the structural conditions and events that appear during operation.Collected data could be used to schedule maintenance activities, to ensure effective emergency services and lower costs for infrastructure operation. Manufacturing: large applications in industrial environments even there are proprietary monitoring systems.Thanks to network connectivity, IoT infrastructures could be deployed for network control, 1 management of manufacturing equipment, asset and situation management, manufacturing process control ensuring integration of the existing systems with the external ones and offering o better flexibility of the manufacturing assets with the market demands. Energy management: application integrates specialized sensors with energy consuming devices to send useful data to energy supplier or to control them remotely.Data are used to balance the energy system and to ensure an efficient, effective, reliable and sustainable production and distribution of the electricity. Medical and healthcare: IoT devices used in application for health monitoring and emergency notification systems.Also, management related or medical care processes could be automated (e.g.smart beds, treatment administration, seniors' assistance). Building and home automation: such applications have as goals improved comfort, efficient operation, low utility costs by using an automatic centralized control building system, WiFi connected devices, remote monitoring.The remote access to such systems could be done wallmounted terminals, mobile software, web interface or via cloud services. Transportation: applications have to consider the transportation system components: vehicle, infrastructure and the driver.Implementations include traffic control, smart parking, electronic billing systems, fleet management, vehicle control, safety and road assistance. Metropolitan scale deployments: they include smart city related applications for life quality improvement.These applications aim city service management and involve the habitants to contribute to high quality of life by using personal devices as data sources for efficient and effective services systems.The particularity of this kind of applications is the large urban scalability where they are implemented. Consumer application: they are those applications created for consumer use.They are related to those objects and services used by the consumers daily.Enabling IoT is possible at large scale by using embedded systems with network capabilities.An embedded system represents a computer system included into a larger or mechanical system.They have specific tasks and particular features like low power consumption, small size, and low per-unit cost and could have no input/output peripherals.Embedded systems could be based on microcontrollers or microprocessors.Microcontrollers are central processing units (CPUs) with integrated memory or peripheral interfaces.Characteristics of the embedded systems could consider the following topics, [9] [9] states:  Simple control loop: embedded software has one single loop calls subroutines for hardware or software management. Interrupt-controlled system: embedded software implements handlers for events.Handlers call interrupts for controlling the embedded system. Cooperative multitasking: embedded software has an appropriate environment to add new tasks and run them by the multitasking system yielding the control periodically. Preemptive multitasking or multi-threading: embedded software uses a timer for switching between tasks or threads.In order to allow the focus on device functionality instead of operating system services, a Real-Time Operating System (RTOS) is used for large systems. Microkernels and exokernels: these represent the step-up of RTOS.Microkernel is the minimum-needed software to implement the operating system.Exokernel is a kind of operating system kernel developed by the Massachusetts Institute of Technology (MIT) Parallel and Distributed Operating Systems in order to minimize the abstractions of hardware resources to applications. Monolithic kernels: they are large kernels having sophisticated capabilities adapted to embedded environment.They provide an environment similar to a desktop operating system one.Hence, development productivity is increase, and more hardware is required.Also, they are less predictable and reliable due to complexity of the embedded software. Additional software components: there are embedded systems allowing layered software components for networking, storage and multimedia capabilities.In the context of IoT, a connected vehicle is a vehicle having networking capabilities inside and well as outside.Usually, the Internet access is made via wireless network in order to optimize the vehicle operation and maintenance as well as the convenience and comfort of passengers.A connected vehicle comes to consumer with concerns about data privacy and possibility of hacking.

Interfaces for Connected Vehicles
In vehicle field, the interface represents the interaction point between two connected hardware pieces having as goal data translation from a representation format into a different one.Data captures and interpretation are made by automatic tools based on software that implement standard or proprietary interface definitions for automotive subsystems.Automotive subsystems communication is made by using a vehicle bus through messages are exchanged without a host computer.There is a communication infrastructure called vehicle bus, and automotive subsystems could be microcontrollers or hardware devices.Such kind of vehicle bus is Controller Area Network (CAN bus) [10].The modern vehicles have dozens of embedded systems as electronic control units (ECUs), controlling one or more electrical systems.These systems communicate via CAN bus, provide sensor data and perform      Vehicle operation-related data could be provided by the manufacturer to the driver during normal vehicle operation. Vehicle telematics: Used for fleet tracking, monitor fuel efficiency, prevent unsafe driving, as well as for remote diagnostics and by pay-as-you-drive insurance.OBD-II-related software could be implemented considering the OBD-II data reading infrastructure implemented by an API.Such kind of API could be found at [15] providing needed Java classes and functions (obd-javaapi) to create a connection to ELM327 device and read OBD-II dongle data by sending commands to the device.For instance, in order to get current revolutions-per-minute (RPM) data, obd-java-api contains OBD-II command to be instantiated [15]: private RPMCommand command = null; // Other code lines command = new RPMCommand(); Instantiation will place the RPM code in the command to be sent to the OBD-II vehicle dongle.In case of RPM, the OBD-II command code is "010C" and it is executed by a thread launched after establishing the connection to the OBD-II device (eventually pairing if the device is a Bluetooth one).The OBD-II RPM command is placed in package com.github.pires.obd.commands.engine.RPMCommand.
The following call reads the OBD-II response to the command for RPM by getting the data stream provided by the device as response, checking the errors the response stream, saving decoded data into a file buffer and applying RPM-related calculations [15]: Getting the current RPM data is made by the next call, returning an integer value [15]: Such APIs offer the opportunity to the developers to create OBD-II interface software for less or more complex vehicle diagnostics architectures.

Addressing Security in a Connected Vehicle Environment
A connected vehicle means a vehicle that has several dozens of microcontrollers with computing power over a dozen of personal computers, processing couple of dozen of gigabytes an hour, running applications having features implemented by dozens of millions of programming code.The traditional automotive digital technology has focused on operation aspects by monitor and optimization the internal function of the vehicle.Currently, the automotive digital technology focuses on connection with the outside environment of the vehicle and enhancement of the in-car experience, including access to the Internet.Hence, improved operation and maintenance of the vehicle are supported and the passengers benefit by better convenience and comfort.Penetration of information and communications technology (ICT) instruments into the vehicle will change the business model in the automotive industry by added value brought by the latest digital technology opening adoption of new valuable services within the vehicle, entering of new software and telecommunication companies into the automotive industry, larger pool of data and shared mobility.Despite all potential advantages offered by integration of ICT tools within a vehicle, there are some concerns about security, mainly aiming data privacy and hacking a connected vehicle.[6] maps, targeted advertising, contents streaming.Customers are aware about exposure of their private data (current location, address book, browser history etc.) to third party by using mobile applications.Data has become a currency to access valuable services provided by mobile applications and customers grant access to their data in exchange for benefits such as free application usage or free content.Using data as currency and data connectivity could generate significant benefits for the customers as [6]:  Safety: Real-time emergency calls, early and on-scene accident information, realtime road hazard warning. Convenience: Reduced breakdown risk and vehicle downtime by using on-board diagnostic and spare parts management at dealer/workshop, concierge services. Time: Optimized routing/navigation and traffic management system, networked parking and connected navigation. Cost: Usage of PAYD insurance, automated payment infrastructure, in-car purchasing or in-car advertising.There are two sources of enormous amount of data generated and used by connected vehicles:  ECU: Each vehicle contains dozens of mi-crocontrollers together with complex software that generate large amount of data. Connection to a telecommunication network: It is required by the features expected to be on-board by the customers.

McKinsey consultant defines vehicle data as "Data generated by a vehicle and its occupants either when the car is moving or stationary, by itself or in communication with other vehicles (V2V) or infrastructure (V2I), in the 'use' phase of its lifecycle."
Those features connect the vehicle with the connected society where the customers live in.The network connection ensures the conveniences expected by the customers in their cars, but they come with security risks and concerns about the hacking of the connected vehicle.Also, software complexity of the microcontrollers, having dozens of millions of programming code lines introduces vulnerabilities.Such critical operational features and safety systems are exposed to the outside environment of the vehicle when a network connection is used.For instance, health diagnostics, automatic braking or steering system makes a connected vehicle to be vulnerable to attacks.Access the vehicle data via OBD-II interface provides access to 3 rd party developers to run applications inside the vehicle.Also, integration of smartphone technologies could lead a connected vehicle to be hacked.In [5], connected vehicle security threats considering the physical location are presented:  ECU and in-vehicle network -They run operating software on-board that could come with certain security vulnerabilities or backdoors.A different threat could be reverse engineering applied on ECU software by disassembly and possibility to reflash the ECU by an attacker with malicious firmware.In-vehicle network could also be used for reverse engineering purposes in order to establish certain patters of packet exchanges between different ECUs.Also, security threats are introduced by in-vehicle network design and communication protocols because they did not require security for non-connected vehicles.vehicle network and the Internet infrastructure. Mobile device as access point to Internet services -Variety of physical handheld devices and operating systems introduces security threats for connected vehicles because it requires a bigger effort for security management of those.The operating system life-cycle raised the security threats because the software producers do not offer security updates for old versions of operating system.Also, the mobile eco-system does not impose installing the security updates for operating system and applications by the user.Even the mobile system is up-to-date, the operating system or application could be hacked or used in reverse engineering processes.Mobile applications are created and distributed by application stores for vehicle self-diagnostic.They could hide malicious software by opening o communication channel between the in-vehicle network and the Internet remote attacker. Communication channel -A wireless channel is required since the connection is made for a vehicle.Wifi, Bluetooth and GSM communications are used as channels with Internet infrastructure.Each technology has its own security challenges and requirements.By securing the communication channel, security vulnerabilities as man-in-the-middle and spoofing are decreased.By making a vehicle to be connected to the Internet offers the possibility of a remote attacker to address some vehicle's functions where the write operations are allowed.For instance, reprogramming of certain ECU functions makes the vehicle to respond to remote commands.Hence, malicious code could land into internal operational systems of the vehicle and strange and uncontrolled behavior by the driver could be assigned to the vehicle.Security elements to be considered for connected vehicle security solution architectures are provided by [4], figure 8. or identification cards.The management system must ensure a reliable cryptographic system within the connected vehicle ecosystem. Encrypted Communication -It is a secure component deals with data security exchanges between the car and the backend system.Because the main characteristic of a vehicle is its mobility, the encryption must deal with all challenges of wireless network security. Intrusion Detection and Prevention System -It can detect malicious activity or policy violations by monitoring the connected vehicle ecosystem.The system must be able to identify possible incidents, log and report them.Also, it must be updated according to the latest progresses and security policies defined and implemented within the connected vehicle systems. Security Intelligence -It is based on analytics systems by using large amount of real-time data collected from vehicles of different types and models, being in different geographic regions.Such anomaly could be identified and re-acting measures could be deployed within the connected car infrastructure or outside the vehicle within transport or Internet infrastructure. Security Operation Center -It defines new rules and policies to be deployed to connected vehicle infrastructure as response to detected, analyzed and classified anomalies.That experience could be used for improved security mechanisms preventing attacks on connected vehicle infrastructure.It is very important that a connected vehicle software bug once being discovered to be fixed very quick because the exploitation of that bug could have fatal consequences.This is the reason to involve the ICT companies in the automotive industry because they have the experience and resources to implement the quality assurance process in a shorter time than the automotive industry could do.

Conclusions
All objects exposed to the Internet must have properly protection by attackers.More than that, those objects must not allow transforming themselves into attack vectors to other Internet connected components.Cybersecurity of the connected vehicles becomes a critical requirement of automotive and ICT industries because the current predictions estimate over 75% of the cars shipped in 2020 will be connected.The above requirements have to be accomplished by connected vehicles as increasing and significant component of the IoT world.

DOI: 10 .
12948/issn14531305/21.4.2017.03control of systems (actuators).The benefits of the communication infrastructure used by automotive embedded systems lead to safety, economy and software development for hightech vehicles increasing the driver comfort and better maintenance.Automotive ECUs are nodes within CAN bus architecture.They could be simple as I/O devices or complex as embedded systems with CAN, USB or Ethernet interfaces and complex embedded software.ISO defines two specifications for CAN bus architecture:  High speed CAN: ISO 11898-2 specification, figure 1, usually used in automotive and industrial applications.