scholarly journals My other car is your car: compromising the Tesla Model X keyless entry system

2021 ◽  
pp. 149-172
Author(s):  
Lennert Wouters ◽  
Benedikt Gierlichs ◽  
Bart Preneel
Keyword(s):  
The Body ◽  
Security Evaluation ◽  
Security Measures ◽  
Cryptographic Primitives ◽  
Security Issues ◽  
Common Criteria ◽  
Attack Surface ◽  
Practical Impact ◽  
Pairing Protocol ◽  
Gain Access

This paper documents a practical security evaluation of the Tesla Model X keyless entry system. In contrast to other works, the keyless entry system analysed in this paper employs secure symmetric-key and public-key cryptographic primitives implemented by a Common Criteria certified Secure Element. We document the internal workings of this system, covering the key fob, the body control module and the pairing protocol. Additionally, we detail our reverse engineering techniques and document several security issues. The identified issues in the key fob firmware update mechanism and the key fob pairing protocol allow us to bypass all of the cryptographic security measures put in place. To demonstrate the practical impact of our research we develop a fully remote Proof-of-Concept attack that allows to gain access to the vehicle’s interior in a matter of minutes and pair a modified key fob, allowing to drive off. Our attack is not a relay attack, as our new key fob allows us to start the car anytime anywhere. Finally, we provide an analysis of the update performed by Tesla to mitigate our findings. Our work highlights how the increased complexity and connectivity of vehicular systems can result in a larger and easier to exploit attack surface.

scholarly journals Evaluation and Simulation of Water Security in the Circum-Bohai Sea Region of China

2021 ◽  
Vol 13 (21) ◽  
pp. 11891
Author(s):  
Baohui Men ◽  
Libo Han ◽  
Changqing Meng
Keyword(s):  
Bohai Sea ◽  
Cloud Model ◽  
Sewage Treatment ◽  
Water Security ◽  
Water Shortage ◽  
Water Diversion ◽  
Security Evaluation ◽  
Security Measures ◽  
Security Issues ◽  
Functional Areas

The function and necessity of water resources make them an important factor affecting economic and social development. To explore various water security issues impacting water use, the pressure-state-response model was applied in this study to construct a water security evaluation indexing system for the Circum-Bohai Sea Region (CBSR) in China. In this study, the game method was used to balance the two weighting methods, and the water security grades were calculated by the forward cloud model. Compared with the previous work, this study tried to analyze the simulated scenarios using the ELECTRE Ⅲ method, determined the optimal development scenario mode based on the water security grade, and put forward water security measures and suggestions based on the results. This study put forward three scenarios of development models. Under the scenario of “pressure reduction”, it can be proposed to build suburbs and transfer urban functional areas to relieve the pressure of urban population. Under the “ideal state” scenario, water diversion projects and water storage projects can be proposed to relieve the regional water shortage. Under the scenario of “efficient response”, strengthening ecological environment construction and improving sewage treatment capacity can be proposed.

A security study in Portuguese Public Hospitals - GDPR perspective (Preprint)

2020 ◽  
Author(s):  
Cátia Santos-Pereira
Keyword(s):  
Information Systems ◽  
Identity Management ◽  
Personal Data ◽  
Public Hospitals ◽  
Hospital Environment ◽  
Security Measures ◽  
Eu Member States ◽  
Security Issues ◽  
Management Processes ◽  
Authentication Security

BACKGROUND GDPR was scheduled to be formally adopted in 2016 with EU member states being given two years to implement it (May 2018). Given the sensitive nature of the personal data that healthcare organization process on a 24/7 basis, it is critical that the protection of that data in a hospital environment is given the high priority that data protection legislation (GDPR) requires. OBJECTIVE This study addresses the state of Public Portuguese hospitals regarding GDPR compliance in the moment of GDPR preparation period (2016-2018) before the enforcement in 25 May 2018, and what activities have started since then. The study focuses in three GDPR articles namely 5, 25 and 32, concerning authentication security, identity management processes and audit trail themes. METHODS The study was conducted between 2017 and 2019 in five Portuguese Public Hospitals (each different in complexity). In each hospital, six categories of information systems critical to health institutions were included in the study, trying to cover the main health information systems available and common to hospitals (ADT, EPR, PMS, RIS, LIS and DSS). It was conducted interviews in two phases (before and after GDPR enforcement) with the objective to identify the maturity of information systems of each hospital regarding authentication security, identity management processes and traceability and efforts in progress to avoid security issues. RESULTS A total of 5 hospitals were included in this study and the results of this study highlight the hospitals privacy maturity, in general, the hospitals studied where very far from complying with the security measures selected (before May 2018). Session account lock and password history policy were the poorest issues, and, on the other hand, store encrypted passwords was the best issue. With the enforcement of GDPR these hospitals started a set of initiatives to fill this gap, this is made specifically for means of making the whole process as transparent and trustworthy as possible and trying to avoid the huge fines. CONCLUSIONS We are still very far from having GDPR compliant systems and Institutions efforts are being done. The first step to align an organization with GDPR should be an initial audit of all system. This work collaborates with the initial security audit of the hospitals that belong to this study.

Enabling Efficient Common Criteria Security Evaluation for Connected Vehicles

2021 ◽  
Author(s):  
Angelos Stamou ◽  
Panagiotis Pantazopoulos ◽  
Sammy Haddad ◽  
Angelos Amditis
Keyword(s):  
Security Evaluation ◽  
Connected Vehicles ◽  
Common Criteria

scholarly journals Secure message routing in structured peer-to-peer networks

2021 ◽  
Author(s):  
Abdolkarim Hajfarajollah Dabbagh
Keyword(s):  
Public Key Cryptography ◽  
Peer To Peer ◽  
Public Key ◽  
Message Delivery ◽  
Delivery Time ◽  
P2p Networks ◽  
Security Measures ◽  
Message Routing ◽  
Security Issues ◽  
Identity Based

"Due to the lack of a centralized server in “Peer-to-Peer” (P2P) networks, users are responsible for the security of these networks. One of the security issues in P2P networks is the security of the message routing. Messages could be altered or modified by attackers while being routed. The conventional security method to avoid this has been “Public Key Cryptography” (PKC). To avoid the certificate management issue in PKC, “Identity-based Encryption” (IBE) has been suggested in which any arbitrary string could be used as a public key. Since IBE is a computationally expensive method, current proposed IBE-based methods are not effective in the message routing phase in P2P networks and highly affect the performance of message delivery time in these networks. This thesis proposes two IBE-based protocols that can be applied effectively to the message routing phase of structured P2P networks, yet provide a satisfactory message delivery time performance. Both protocols benefit from Identity-based key exchange scheme and, therefore, none of them impose any extra communication on the network to secure message routing. Protocol 1 significantly improves the performance of message delivery time compared to the current IBE-based proposed methods. Protocol 2, which requires nodes to store data, has a performance similar to the situations in which no security measures are applied for message routing."

scholarly journals Ensuring Improved Security in Medical Data Using ECC and Blockchain Technology with Edge Devices

2021 ◽  
Vol 2021 ◽  
pp. 1-13
Author(s):  
Mary Subaja Christo ◽  
V. Elizabeth Jesi ◽  
Uma Priyadarsini ◽  
V. Anbarasu ◽  
Hridya Venugopal ◽  
...  
Keyword(s):  
Medical Data ◽  
Security Measures ◽  
Data Confidentiality ◽  
Hospital Data ◽  
Healthcare Data ◽  
Security Issues ◽  
Blockchain Technology ◽  
Data Authentication ◽  
Efficient Retrieval ◽  
Lightweight Authentication

Hospital data management is one of the functional parts of operations to store and access healthcare data. Nowadays, protecting these from hacking is one of the most difficult tasks in the healthcare system. As the user’s data collected in the field of healthcare is very sensitive, adequate security measures have to be taken in this field to protect the networks. To maintain security, an effective encryption technology must be utilised. This paper focuses on implementing the elliptic curve cryptography (ECC) technique, a lightweight authentication approach to share the data effectively. Many researches are in place to share the data wirelessly, among which this work uses Electronic Medical Card (EMC) to store the healthcare data. The work discusses two important data security issues: data authentication and data confidentiality. To ensure data authentication, the proposed system employs a secure mechanism to encrypt and decrypt the data with a 512-bit key. Data confidentiality is ensured by using the Blockchain ledger technique which allows ethical users to access the data. Finally, the encrypted data is stored on the edge device. The edge computing technology is used to store the medical reports within the edge network to access the data in a very fast manner. An authenticated user can decrypt the data and process the data at optimum speed. After processing, the updated data is stored in the Blockchain and in the cloud server. This proposed method ensures secure maintenance and efficient retrieval of medical data and reports.

A comparative analysis of the provision of student housing safety measures

2021 ◽  
Vol ahead-of-print (ahead-of-print) ◽  
Author(s):  
Fredrick Simpeh ◽  
Mariam Akinlolu
Keyword(s):  
South Africa ◽  
Quantitative Data ◽  
Qualitative Data ◽  
Sprinkler System ◽  
Student Housing ◽  
Facility Management ◽  
The Body ◽  
Security Measures ◽  
Traffic Light ◽  
Content Type

Purpose Security, safety, environment and health have become an integral part of facility management (FM). Therefore, FM departments within organisations are required to put measures in place to safeguard facility users. This paper thus aims to investigate and compare the safety and security measures that are provided in the student housing of two universities in South Africa. Design/methodology/approach A mixed method approach was adopted; interview was used to collect qualitative data, whereas a questionnaire was used as an instrument to collect quantitative data. Content analysis was used to analyse the qualitative data, whereas both descriptive and inferential statistics were used to analyse the quantitative data. Findings It became evident that university B had a better provision of safety and security measures in the student housing than university A. The study also found that both universities had some lapses in the safety and security measures provided in the student housing. Measures that were lacking in both universities were weapon detector, closed-circuit television (CCTV), water sprinkler system, burglar bars on the doors, lift for disabled students, disabled toilet facility, traffic light, tags for vehicles, first aid box, accident book and medically trained personnel. Research limitations/implications Data were collected from only two universities, making it difficult to generalise the findings of the research. For a broader perspective, a study that expands the number of participating universities is recommended. Practical implications The facility management and safety department in the universities can use the recommendations to improve on the safety and security measures required in the student housing. Moreover, the recommendations can contribute to the development of policy frameworks for student housing safety. Originality/value There is a paucity of studies on student housing safety/security worldwide, and South Africa in particular. With this study, the authors contribute to the body of knowledge in this area of research.

Cloud-Centric Blockchain Public Key Infrastructure for Big Data Applications

2020 ◽  
pp. 125-140
Author(s):  
Brian Tuan Khieu ◽  
Melody Moh
Keyword(s):  
Big Data ◽  
Data Storage ◽  
Public Key Infrastructure ◽  
Public Key ◽  
Cloud Provider ◽  
Smart Contracts ◽  
Security Measures ◽  
Certificate Authority ◽  
Blockchain Technology ◽  
Attack Surface

A cloud-based public key infrastructure (PKI) utilizing blockchain technology is proposed. Big data ecosystems have scalable and resilient needs that current PKI cannot satisfy. Enhancements include using blockchains to establish persistent access to certificate data and certificate revocation lists, decoupling of data from certificate authority, and hosting it on a cloud provider to tap into its traffic security measures. Instead of holding data within the transaction data fields, certificate data and status were embedded into smart contracts. The tests revealed a significant performance increase over that of both traditional and the version that stored data within blocks. The proposed method reduced the mining data size, and lowered the mining time to 6.6% of the time used for the block data storage method. Also, the mining gas cost per certificate was consequently cut by 87%. In summary, completely decoupling the certificate authority portion of a PKI and storing certificate data inside smart contracts yields a sizable performance boost while decreasing the attack surface.

Sign in / Sign up

Export Citation Format

Share Document