[Cryptography] VW/EPA tests as crypto protocols ?

[Phillip Hallam-Baker]

On Thu, Sep 24, 2015 at 12:09 PM, Henry Baker <hbaker1 at pipeline.com> wrote:

> By now, you've all heard of the VW SW that cheats/defeats the EPA testing
> protocol.
>
> But VW isn't alone, and expect further revelations as the white hats start
> investigating these types of misbehavin' SW.
>
> So what's a regulator to do?
>


The only approach I can see working is to make the sensor a trusted,
trustworthy device.

That means that the sensor has to have a CPU with public key crypto
capability so that it can authenticate itself to the EMU on engine startup
and authenticate every message using a MAC.

That would add a few pennies to the sensor but that is cheap compared to
what the fines are going to run as.

It would be very difficult for a manufacturer to cheat as the test lab is
going to replace the sensor before the test. In fact you would probably
want to require that the sensor be a standard part so it can be required to
be replaced every so often.



BTW, when I was interviewing for an apprenticeship before University, I did
the tour at Austin Rover. They had a GM car on the test rig being stripped
down to see how it handles and a Ford sitting next in line.

The idea that none of the other manufacturers knew this was going on is
ludicrous. The only reason for not reporting would be if they were up to
the same sort of thing themselves.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150924/c1ae448d/attachment.html>