Abstract
In the used car market, mileage is one of the principal criteria used for evaluating the overall condition of a vehicle. For this reason, mileage fraud continues to occur. Futhermore, the number of malicious brokers who obtain a monetary advantage by manipulating vehicle mileage is increasing. As many used cars with manipulated mileage are sold each year, buyers have suffered significant monetary damages. Although the number of mileage fraud reports has remained steady, governments and OEMs have no technical countermeasures to prevent it, beyond asking used car buyers to pay careful attention when purchasing used cars. This paper classifies odometer system architectures according to the types of sensors and controllers used to measure and transmit vehicle speed, and defines the assets to be protected in a secured odometer. Based on this classification, we analyze potential security threats related to mileage fraud. Finally, we propose realistic security requirements to prevent mileage fraud, within a resource constrained automotive controller environment.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
Abbreviations
- ABS:
-
anti-lock braking system
- CAN:
-
controller area network
- CGW:
-
central gateway
- CLU:
-
cluster
- ECU:
-
electronic control unit
- EMS:
-
engine management system
- HSM:
-
hardware security module
- MAC:
-
message authentication code
- MPU:
-
memory protection unit
- NVM:
-
non-volatile memory
- OBD:
-
on-board diagnostics
- PKI:
-
public key infrastructure
- TCU:
-
transmission control unit
References
Bogdanov, A., Weimerskirch, A., Wollinger, T. and Carluccio, D. (2007). Embedded Security Solutions for Automotive Applications. 11th Int. Forum on Advanced Microsystems for Automotive Applications, Springer-Verlag, Heidelberg, Berlin, Germany, 177–191.
Carsten, P., Andel, T. R., Yampolskiy, M. and McDonald, J. T. (2015). In-vehicle networks: Attacks vulnerabilities and proposed solutions. Proc.10th Annual Cyber and Information Security Research Conf., Oak Ridge, TN, USA, 1–8.
Checkoway, S., McCoy, D., Kantor, B., Anderson, D., Shacham, H., Savage, S., Koscher, K., Czeskis, A., Roesner, F. and Kohno, T. (2011). Comprehensive experimental analyses of automotive attack surfaces. USENIX Security Symp., 4, 447–462.
DIY Odometer Reprogramming/Odometer Rollback/Dashboard (2018). https://youtu.be/ljJqkZbKD84
E-safety vehicle intrusion protected application (EVITA) (2012). https://www.evita-project.org/deliverables.html
Groll, A. and Ruland, C. (2009). Secure and authentic communication on existing in-vehicle networks. IEEE Intelligent Vehicles Symp. Xi’an, China, 1093–1097.
Hacking the CAN Bus: Basic Manipulation of a Modern Automobile Through CAN Bus Reverse Engineering (2017). https://youtu.be/WjncMlpX85I
How to spot odometer rollback fraud on your used vehicle (2019). https://youtu.be/2iVz5vEeqDw
Hubaux, J. P., Capkun, S. and Luo, J. (2004). The security and privacy of smart vehicles. IEEE Security & Privacy Magazine, 2, 3, 49–55.
Koscher, K., Czeskis, A., Roesner, F., Patel, S., Kohno, T., Checkoway, S., McCoy, D., Kantor, B., Anderson, D., Shacham, H. and Savage, S. (2010). Experimental security analysis of a modern automobile. IEEE Symp. Security and Privacy, Berkeley/Oakland, CA, USA, 447–462.
Miller, C. and Valasek, C. (2014). A Survey of Remote Automotive Attack Surfaces. Black Hat USA, 1–90.
National Highway Traffic Safety Administration: Odometer Fraud (2018). https://www.nhtsa.gov/equipment/odometer-fraud
Odometer Fraud is easier than you think! (2014). https://youtu.be/cm6WRPH2t6E
Odometer Hacking in the 21st Century: Don’t be fooled (2017). https://youtu.be/kV0xb6_av5Q
Odometer Reprogramming/Dashboard correction/Hack instrument Cluster (2016). https://youtu.be/EW5IduW7KAo
Sagstetter, F., Lukasiewycz, M., Steinhorst, S., Wolf, M., Bouard, A., Harris, W. R., Jha, S., Peyrin, T., Poschmann, A. and Chakraborty, S. (2013). Security challenges in automotive hardware/software architecture design. Design, Automation & Test in Europe Conf. & Exhibition (DATE). IEEE, Grenoble, France, 458–463.
Schweppe, H., Roudier, Y., Weyl, B., Apvrille, L. and Scheuermann, D. (2011). Car2x communication: securing the last meter-a cost-effective approach for ensuring trust in car2x applications using in-vehicle symmetric cryptography. Proc. IEEE Vehicular Technology Conf. (VTC Fall), SanFrancisco, CA, USA, 1–5.
Wang, P. C., Hou, T. W., Wu, J. H. and Chen, B. C. (2007). A security module for car appliances. Int. J. World Academy of Science, Engineering and Technology, 26, 155–160.
Weimerskirch, A., Paar, C. and Wolf, M. (2005). Cryptographic component identification: Enabler for secure vehicles. Proc. IEEE 62nd Semiannual Vehicular Technology Conf. (VTC) 62, 2, 1227–1231.
Wolf, M., Weimerskirch, A. and Paar, C. (2006). Secure in-vehicle communication. Embedded Security in Cars, Springer, Berlin, Heidelberg, 95–109.
Acknowledgement
This work was supported in part by the Korea Agency for Infrastructure Technology Advancement and in part by the Ministry of Land, Infrastructure and Transport under Grant 20TRPB152761-02.
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher’s Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Kim, S., Cho, A. & Lee, D.H. Analysis of Threats and Countermeasures for Odomter Protection. Int.J Automot. Technol. 21, 1271–1281 (2020). https://doi.org/10.1007/s12239-020-0120-x
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12239-020-0120-x