IT Security in Automotive Software Development
The consideration of targeted security attacks is not yet common in the automotive domain where primarily safety requirements are considered. Hence this survey addresses the relatively new field of IT-security in automotive technology in order to motivate further research. With the emergence of automotive technologies like car-to-car (c2c) communication, the challenges increase. In order to show the necessity for such research we describe how in theory, a potential attack on the Electronic Throttle Control (ETC) could succeed, if no countermeasures are taken, with potentially drastic consequences on the safety of the vehicle, its occupants and its environment as a result. Also an attack on the power window system is shown using the implementation techniques already employed in the design of automotive components. Our goal is to show, that such exploited security vulnerabilities are likely to have serious consequences with respect to the vehicles safety. Therefore such attacks need to be considered and suitable countermeasures have to be identified. In order to achieve this, the connection of the two disciplines Safety and Security for automotive IT components needs to be discussed. We introduce two exemplary attacks, the Trojan Horse targeting at the Electronic Throttle Control System (ETC) and a replay attack on the electric window lift. The first attack is mainly discussed in theory, the second is elaborated in a practical simulation scenario. Finally we introduce a general investigation of potential ways of intrusion and present some first practical results from tests with current automotive hardware.