Automotive cybersecurity: Foundations for next-generation vehicles

The automotive industry is experiencing a serious transformation due to a digitalisation process and the transition to the new paradigm of Mobility-As-A-Service. The next-generation vehicles are going to be very complex cyber-physical systems, whose design must be reinvented to fulfil the increasing demand of smart services, both for safety and entertainment purposes, causing the manufacturers' model to converge towards that of IT companies. Connected cars and autonomous driving are the preeminent factors that drive along this route, and they cause the necessity of a new design to address the emerging cybersecurity issues: The 'old' automotive architecture relied on a single closed network, with no external communications; modern vehicles are going to be always connected indeed, which means the attack surface will be much more extended. The result is the need for a paradigm shift towards a secure-by-design approach. In this paper, we propose a systematisation of knowledge about the core cybersecurity aspects to consider when designing a modern car. The major focus is pointed on the in-vehicle network, including its requirements, the current most used protocols and their vulnerabilities. Moreover, starting from the attackers' goals and strategies, we outline the proposed solutions and the main projects towards secure architectures. In this way, we aim to provide the foundations for more targeted analyses about the security impact of autonomous driving and connected cars.