The purpose of my diploma thesis is to provide an overview for the readers on how a secure automotive gateway prototype was developed.
I introduced at the beginning of my thesis the relevant important standards. Since the subject of the thesis is a future automotive product, first you may read about ISO 26262, and then an overview follows of two automotive cyber security standards that are under development. These standards primarily describe product development processes. In the interest of introducing the technological requirements and recommendations needed I also briefly reviewed the recommendations that were phrased by OWASP concerning the areas of embedded systems and of the Internet of Things.
The reader may get acquainted in the following chapter with the essential customer functional and cyber security requirements existing in respect of the prototype. For exploring more thoroughly the cyber protection requirements I carried out a so-called threat risk analysis. In the course of this analysis I first reviewed the relevant literature concerning STRIDE-based threat modelling. The final result of the complete threat risk analysis that was made in respect of the planned gateway is included in the appendix. It also covers which types of threats I took protective steps against during my work.
After carrying out the threat risk analysis, I examined those hardware architectures available on the market which fulfil the requirements that had been defined so far from the aspect of applying them in the prototype gateway. After selecting the target hardware, I introduced the implementation of the requirements that refer to the most important functionality and security aspects, and their theoretical backgrounds. The reader based on this may get acquainted with the process of secure booting, implementing it with the aid of the Mandatory Access Control by AppArmor. Subsequently, the reader may gain insight into two key areas, the establishment of secure network connections and the Docker-based container technology.
In the chapter that covers the establishment of secure network connections I describe the advantages and disadvantages of VPN connections, the selection of the protocol and technology to be applied, and their configuration. The gateway is protected against outside network attacks by a firewall. I carried out penetration tests for testing the firewall settings. I also described the theory of the specific attacks briefly. The registration of the gateway into the central server side system is covered at the end of this chapter.
In the chapter that introduces the container technology, first I outlined the basis of the Docker technology, then - after introducing the functional and security requirements concerning the containers - I outlined the container architecture that is planned for the gateway and its implementations.
At the end of my thesis I introduced two applications as examples. First the reader may get acquainted with the implementation of over-the-air updating that is of key importance in the case of embedded systems. In this respect I also introduced the possible further developments. The second example introduces the specific application of the container technology that is implemented on the gateway starting with the creation of the containers. Finally I introduced the results of one reliability test and one security test that were done in connection with the application of the containers.