Text
Your car has secrets
Your Car Has Secrets: A New Way to Catch Hackers Before They Catch You
When unlocking wirelessly, your car and key exchange a secret handshake. Every time your phone connects to the dashboard, another digital conversation begins. Your vehicle is constantly communicating with itself, the road, and the cloud. But who else might be listening?
This research tackles one of modern transportation's hidden vulnerabilities. What if we could teach a computer to decipher the secret language of your car's systems, map every possible conversation, and identify security flaws before attackers do?
The problem: insecure conversations on wheels
Modern vehicles use communication protocols to authenticate keys, manage payments, exchange sensor data, and connect to external services. These protocols are defined in standards—but in practice, two problems emerge. First, complexity: protocols have many possible states and message sequences that human testers can't realistically cover. Second, implementation gaps: manufacturers implement standards differently, and small differences can introduce subtle security weaknesses. Can we use formal methods and automation to learn how these systems behave, then systematically test them for security flaws?
The solution: let the system reveal itself
At the heart of this research is the state machine—a map of all the "moods" a system can be in and how it reacts. An electronic key system might have states like "waiting for card," "authenticating," "access granted," and "access denied." Each message moves the system between states.
The research uses automata learning: a computer interacts with a system, sends messages, observes outputs, and gradually constructs a state machine describing its behaviour—treating the system as a black box. Once learned, model checking and temporal logic can automatically verify properties like "the system should never grant access without authentication first."
Key contributions
Automatic protocol state machine derivation
Methods to learn state machines from real-world implementations in both white-box and black-box settings, handling noisy behaviour in realistic environments.
Multi-protocol analysis
A method for building compound protocol state machines that capture behaviour across multiple interacting protocols—critical because some security flaws only emerge from protocol interactions.
Automated verification
Techniques to compare learned models against reference specifications, using context-based proposition maps and temporal logic properties to automatically detect specification violations and security weaknesses.
From research to safer roads
This work shows complex automotive systems can be probed, learned, and checked. Instead of manual test crafting, testers can learn behavioural models, generate targeted test sequences, and automatically verify security properties. The result: security testing that's more systematic, less dependent on guesswork, and scalable to industry needs.
For drivers, this work is invisible—and that's the point. If successful, you'll simply live in a world where your car's digital conversations are more honest, more robust, and much harder to exploit.
UN Sustainable Development Goals
Goal 9 (Industry, Innovation and Infrastructure): Systematic security testing supports robust digital infrastructure, reducing risks of disruption and fraud in connected vehicles.
Goal 11 (Sustainable Cities and Communities): Secure vehicular communication is essential for smart cities—public transport ticketing, real-time traffic management, and shared mobility services all depend on it.
Read more in Stefan Marksteiner's dissertation -> MDU.se