Preserving Privacy and Integrity in Automotive Tire Sensors

The automotive industry is following the rest of technology in moving towards more connected, and often wireless, systems. However, in the pursuit of these technological advances and to quickly satisfy requirements imposed on manufacturers, the security of these systems is often an afterthought. It has been shown that systems in a standard new automobile that one would not expect to be vulnerable can be exploited for a variety of harmful effects. In this paper, we look at Tire Pressure Monitoring Systems (TPMS), which have become standard on all modern vehicles. As they currently exist, they have no security-oriented features, leaking data that can be used for reliable tracking to a determined attacker, and being completely open to spoofing attacks. We will examine the resources needed for an attacker to leverage this common technology to track a vehicle and link travel routes to an individual, then propose an update to the present system to thwart such an ability. The sensors that transmit information have requirements to guide our solution, primarily the impact on power consumption and the cost of implementation compared to the gains in privacy and integrity. Our proposed solution uses an ID-hopping scheme to thwart the association of sensor ID's with a single identity. We also explore the possibility of using other sensor information, such as pressure and temperature, to fingerprint a vehicle and then associate readings with a unique car. Given that likelihood, a scheme for obfuscating this non-critical but potentially privacy-leaking information is a part of our solution. With as little modification to the hardware as possible, it is possible to create a new paradigm, TPMS 2.0, which is dramatically more resistant to attacks on the privacy and integrity of Tire Pressure Monitoring Systems.