Middleware-Based Security and Privacy for In-car Intetgration of Third-Party Applications

Today's vehicles include up to seventy networked electronic platforms handling simultaneously infotainment and safety functions. Fully connected to the world, the car is now customizable, communicates with several external devices, online services and will be soon hosting third party applications, as our smartphones already do. Such an evolution raises several critical security and privacy issues. While offering numerous advantages, the use of Ethernet, the Internet Protocol (IP) and their associated security protocols as on-board communication standards may not be sufficient. A generic framework focused on information security and on the aforementioned use cases would fill this gap and is still missing. In this paper, we present a combination of car-wide and local security concepts for IP-based middleware securing the integration of unsafe automotive scenarios. We describe the implementation and integration of these mechanisms and show their evaluation.