Edwin Yang (University of Oklahoma) and Song Fang (University of Oklahoma)

With the advent of the in-vehicle infotainment (IVI) systems (e.g., Android Automotive) and other portable devices (e.g., smartphones) that may be brought into a vehicle, it becomes crucial to establish a secure channel between the vehicle and an in-vehicle device or between two in-vehicle devices. Traditional pairing schemes are tedious, as they require user interaction (e.g., manually typing in a passcode or bringing the two devices close to each other). Modern vehicles, together with smartphones and many emerging Internet-of-things (IoT) devices (e.g., dashcam) are often equipped with built-in Global Positioning System (GPS) receivers. In this paper, we propose a GPS-based Key establishment technique, called GPSKey, by leveraging the inherent randomness of vehicle movement. Specifically, vehicle movement changes with road ground conditions, traffic situations, and pedal operations. It thus may have rich randomness. Meanwhile, two in-vehicle GPS receivers can observe the same vehicle movement and exploit it for key establishment without requiring user interaction. We implement a prototype of GPSKey on top of off-the-shelf devices. Experimental results show that legitimate devices in the same vehicle require 1.18-minute of driving on average to establish a 128-bit key. Meanwhile, the attacker who follows or leads the victim’s vehicle is unable to infer the key.

View More Papers

Euler: Detecting Network Lateral Movement via Scalable Temporal Graph...

Isaiah J. King (The George Washington University), H. Howie Huang (The George Washington University)

Read More

HARPO: Learning to Subvert Online Behavioral Advertising

Jiang Zhang (University of Southern California), Konstantinos Psounis (University of Southern California), Muhammad Haroon (University of California, Davis), Zubair Shafiq (University of California, Davis)

Read More

Low-risk Privacy-preserving Electric Vehicle Charging with Payments

Andreas Unterweger, Fabian Knirsch, Clemens Brunner and Dominik Engel (Center for Secure Energy Informatics, Salzburg University of Applied Sciences, Puch bei Hallein, Austria)

Read More

FitM: Binary-Only Coverage-GuidedFuzzing for Stateful Network Protocols

Dominik Maier, Otto Bittner, Marc Munier, Julian Beier (TU Berlin)

Read More