RUB » Bibliotheksportal

Kristijan Lazeski, Michael Zohner

• Autonomous vehicles are expected to become a prime target for criminals, due to their economic value and potential impact on people’s safety. This increased threat presents additional challenges especially for vehicle fleet operators, which need to ensure that the vehicles, which they assign to tasks such as ride-hailing or object transportation, are not under the influence of a malicious attacker. A tool that is commonly used for ensuring that software on a device has not been changed is called remote attestation. However, many existing automotive remote attestation protocols were developed for non-autonomous vehicles and assume a trusted master, which is assumed to be outside of the scope of the attack. In this work, we develop and evaluate a remote attestation protocol for autonomous vehicles without a trusted master ECU. Our protocol builds on existing work and uses additional hardware security features, such as a TPM, in order to ensure that an attacker, which has corrupted the software of a device, can not convince a verifier that the vehicle is in a valid state. We prototypically implement our protocol and demonstrate that its run-time, for a small setting, is around one second.