Author: Mohammad Hamad
Edited by: Jan Lauinger
During the last decade, significant developments were introduced within the vehicular domain, evolving the vehicles to become a network of many embedded systems distributed throughout the car, known as Electronic Control Units (ECUs). Each of these ECUs runs several software components that collaborate to perform various vehicle functions. In addition, modern vehicles are also equipped with multiple technologies, such as WiFi, 5G, GPS, and Bluetooth, giving them the capability to collaborate and communicate with roadside units to ensure a safe and comfortable journey for drivers and passengers. Adding all these technologies was a double-edged sword. On the one hand, it extends the vehicle's functionalities and capabilities. On the other hand, it opens the door to several cybersecurity threats and makes the car a more attractive target for adversaries , .
Securing modern vehicles requires a holistic solution that considers security during the whole life cycle of the vehicle development, starting from the secure development of components, continuing to protect them. At the same time, they operate and reacting correctly even when an attack is successful.
IOV Secure Multilayer Framework Architecture
In , we have proposed a holistic framework (shown in Figure 1) to ensure the security of the vehicular system. This framework consists of multiple layers of mitigation strategies to deal with cybersecurity intrusions and provide a high degree of protection for the IoV ecosystem. We have proposed a framework that is based on the cybersecurity framework proposed by the National Institute of Standards and Technology (NIST) . The NIST framework uses five principal functions, "Identify, Protect, Detect, Respond, and Recover," to build a comprehensive approach to developing layered cybersecurity.
Our framework depends on three principles: prevention, detection, and response, covering most of the NIST framework's functions.
1. Prevention: This is coved by the first two layers. Within the first layer (i.e., layer 0), a comprehensive thread modeling process identifies all possible threats and vulnerabilities which could face the system. One primary outcome of this process is defining the security requirements for the different system assets. These requirements need to be satisfied to prevent attackers from compromising the system. The second layer (i.e., Layer 1) includes developing the security policy that implements each system component's security requirements. The security policy contains security rules which the other layers of the framework will use. Another process within this layer is defining the mechanism used to enforce the security policy and implement a mechanism to ensure the security requirements. This function includes building an access control mechanism to prevent unauthorized parties from accessing the system assets. Also, it adopts crypto mechanisms to ensure data security. Some of these mechanisms, such as a firewall, can be considered detection and prevention tools simultaneously; therefore, they can overlay on to the next layer.
Figure 1: The different layers of the proposed secure framework .
Detection: This is covered by layer 2. The core function
of this layer is building monitoring mechanisms to detect the occurrence of cyber-attacks that were not prevented by the prevention layers. This layer ensures continuance monitoring as well as the early detection of attacks and suspicious actions. Both anomaly-based and signature-based detection technologies need to be adopted in this layer. Security policy plays a pivotal role in defining the nominal behavior of the system components. This defined behavior is used as a reference to detect any odd behaviors.
3. Response: This is covered by layer 3. This layer determines the process when a security violation is detected either by layer 1 or layer 2. The main aim of this layer is to protect the vehicle from entering unstable states as a result of the detected attack. The effective design of this layer requires inputs from the above layers, such as the properties of the detected attack or the off-nominal behavior. The security policy is also needed for this layer since it includes possible responses for different attacks. Besides that, the collocated characteristics of attacks (i.e., aim, scenario, severity, etc.) are needed too . One output of this layer is feedback which can be used to support the next threat modeling process. In addition, it can be used to develop patches or updates for the security policy to mitigate these attacks. This update will be reflected on the underlying layers.
nIoVe and Multilayer cybersecurity framework
The main goal of the nIoVe project is to provide multi-layered cybersecurity solutions for the IoV by:
- developing blockchain-based trust management solutions to ensure secure communication among the different components of the IoV ecosystem .
- developing Machine-learning based mechanisms for near real-time intrusion detection and threat analysis.
- developing effective response strategies that mitigate complex cyber-attacks and ensure the system's successful recovery from any risky situation.
 S. Renner, E. Pozzobon, R. Hackenberg, and N. Weiss, "Extending Vehicle Attack Surface Through Smart Devices," 2017, Accessed: Jun. 03, 2021. [Online]. Available: https://www.researchgate.net/publication/328687160.
 I. Rouf et al., "Security and Privacy Vulnerabilities of In-car Wireless Networks: A Tire Pressure Monitoring System Case Study," 2010.
 M. Hamad, "A Multilayer Secure Framework for Vehicular Systems," May 2020, DOI: 10.24355/DBBS.084-202005221221-0.
 N. H. T. S. Administration and others, "Cybersecurity best practices for modern vehicles," Rep. No. DOT HS, vol. 812, no. 333, pp. 17–20, 2016.
 M. Hamad, M. Tsantekidis, and V. Prevelakis, "Red-Zone: Towards an Intrusion Response Framework for Intra-Vehicle System," 2019.
 A. Theodouli, K. Moschou, K. Votis, D. Tzovaras, J. Lauinger, and S. Steinhorst, "Towards a Blockchain-based Identity and Trust Management Framework for the IoV Ecosystem," Jun. 2020, doi: 10.1109/GIOTS49054.2020.9119623.
 J. Lauinger, J. Ernstberger, E. Regnath, M. Hamad, and S. Steinhorst, "A-PoA: Anonymous Proof of Authorization for Decentralized Identity Management," in Proceedings of the Conference on Blockchain and Cryptocurrency (ICBC 2021), 2021, p. 8, [Online]. Available: https://tum-esi.github.io/publications-list/PDF/2021-ICBC-APoA-Anonymous Proof of Authorization for Decentralized Identity Management.pdf.