Remote Attestation of Heterogeneous Cyber-Physical Systems: The Automotive Use Case

Cyber-Physical Systems (CPS) are increasingly permeating our daily lives, particularly in the automotive domain since a modern vehicle can be regarded as one complex CPS. Given their increasing importance, CPS (and automotive systems as a representative case) are becoming attractive targets for attacks. Several techniques with varying assumptions and limitations have been proposed to detect and/or mitigate such attacks. A common theme has been the need for Remote Attestation (RA), a security service that allows a trusted party (verifier) to check the internal state of a remote untrusted and possibly compromised system (prover). This talk provides a first stab at extending contemporary RA techniques to settings with heterogeneous CPS. This is in contrast to settings with standalone or single devices which have been the focus of existing research. We propose to efficiently and securely combine the attestation of multiple devices thus providing a (natural) security service for larger and more complex CPS. We focus on the automotive domain and investigate how to realize attestation of multi-device CPS. We conclude with a discussion of future research directions and open problems surrounding RA in the automotive and general CPS domains.