Securing the third millennium’s cyber-CARs (SCAR)
The Supercar managed by the KITT computer and driven by Michael Knight is becoming real. Our cars are active online (carrying out payments, live traffic info, app execution), intelligent (driving style tips, routes and fuel consumption optimisation) and configurable to the driver’s personal data (account data and seat preferences, climate control, infotainment). While Supercar was unique, all modern cars are connected to the Internet, to each other and to a series of dedicated nodes, thus exposing a large attack surface to different and insidious threats. SCAR’s concept is to remedy such threats through the definition and prototyping (TRL4) of innovative enabling technologies for the security of modern cars in their ecosystem, in synthesis with the industry standards (ISO/SAE 21434-24089, UNECE WP29 R155, R156) and in compliance with the driver’s right to privacy on the data he/she generates while driving (GDPR). The technical-scientific objectives of the project, guided by risk assessment processes for safety (ISO27K, STRIDE) and for the protection of personal data (DPIA), concern: O1. HW security in automotive. Activities: protection of on-board memory hierarchy, development of open HSM architectures. O2. SW security in automotive. Activities: SSDLC, techniques and protocols at hypervisor level, operating system, cryptography for privacy-preserving computation and custom services, intra and extra-vehicular communication (V2V, V2I, V2SG). O3. Automotive validation and verification. Activities: anomaly/vulnerability detection, penetration testing, filtering of malicious transmissions on intravehicular networks, vehicle misbehaviour detection, formal verification of protocols also with human interaction. O4. Interdisciplinary aspects in automotive. Activities: Evaluation of legal, social engineering and human factor aspects, data protection measures, also following data discovery and data fusion, risk assessment for cars and their ecosystem.