由近年來美國國家犯罪保險局的統計報告可以看出，在2008年一年中，就有超過一百萬的車輛遭到偷竊。被偷竊的車子，往往不是整車轉賣，而是分解後出售零件。因此車上重要裝置原件，如安全氣囊，視聽音響設備等被偷竊的情形則更加嚴重。如何防止車上電子裝置被偷竊、轉賣，降低失竊率成為一個重要課題。
車輛上之電子裝置若能具有檢測所屬環境安全性之能力，並依此決定是否運作來進行自我保護，則對於防盜或減少竊賊盜竊動機會有很大幫助。本研究提出在車用電子裝置上嵌入一安全模組，且與電力及功能模組整合在一起，並搭配車上一特定裝置驗證車輛環境之安全性來決定是否開啟運作，則此電子裝置即具備防盜的能力。在此防盜環境中，若進一步加入代表使用者身份的裝置，則裝置、車輛與使用者可整合為一個更為完整的防盜環境。
本研究提出一個三層架構的模型，來描述電子裝置、車用電腦與使用者三者間在防盜環境中的關係。此車輛防盜環境含有以下能力：車用裝置的識別、車用電子裝置的自我檢測、防盜以及使用者鑑別。基於含有安全模組與電力、功能模組整合一起的防盜裝置，此防盜裝置可驗證被授權的驗證中心，以確認環境的合法性。在驗證合法性完成後，此驗證中心即代表車用防盜環境來對代表使用者的使用者標誌裝置進行身份認定。此驗證方式將三種裝置建構成三位一體模型於此防盜環境中。模型中含有兩個認證方案，分別為防盜裝置認證方案與使用者認證方案。並有車輛管理系統負責金鑰的管理與散佈於製造商、車輛販售商、車用裝置與使用者間。此防盜環境可以防範已知金鑰攻擊、重送攻擊與內部攻擊。本研究亦實現了一個實驗環境原型，並在實驗平台上測試出所有程序均在0.5秒附近完成。並且與已知研究比較均具有優勢。

The NICB (National Insurance Crime Bureau) of the United States has reported that more than one million cars were stolen in 2008. Besides being resold as a whole car, stolen cars are often disassembled for components to resell. The valuable parts, like the airbag, audio and video equipment are the most popular among thieves. How to prevent such electronic devices from being stolen and resold is the aim of this research.
A new idea is proposed in this work, that electronic devices should have the capability to check if their working environment is legal and thus to decide whether they will function or not. A security module is inside each electronic device and integrated with the power and functional units. The device can authenticate with a specific device to judge the security of the in-vehicle environment via the security module. Besides such anti-theft devices, the car and the user’s identity and an Authorized Center are added, which can complete the proposed in-vehicle anti-theft environment.
This research proposes a three-tier Trinitarian model that integrates the electronic devices, the car PC and the use’s identity and describes the relations between. We implemented an in-Vehicle Anti-Theft Environment (iVATE) to demonstrate the model. The environment provides device identification, self checking for anti-theft protection and the user authentication based. It can verify the Authorized Center (the Car PC) to check the in-vehicle environment, and then the center serves as the agent of the environment to verify the user’s identity. There are two authentication schemes: the Anti-Theft Device Authentication Scheme and the User Authentication Scheme. This research also defines the car management system for the key management and key distribution between the manufacturer, the dealer, the devices and the user. The proposed iVATE can protect against known key attacks, replay attacks and insider attacks. The performance of each process requires about 0.5 second.

[1] B. Arazi, “Vehicular Implementations of Public Key Cryptographic Techniques”, IEEE Transaction on Vehicular Technology, pp. 646-653, Vol. 40, No. 3, Aug. 1991.
[2] W. C.Barker, Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Cipher, Computer Security Division, Information Technology Lab., National Institute of Standards and Technology, May, 2004
[3] E. A. Cho, C. J. Moon and D. K. Baik, “Home Gateway Operating Model using Reference Monitor for Enhanced User Comfort and Privacy”, IEEE Transaction on Consumer Electronics, Vol. 54, Issue 2, pp.494-500, May, 2008.
[4] U. Erlingsoon, “The Inlined Reference Monitor Approach to Security Policy Enforcement”, ProQuest Information and Learning, UMI, Cornell University, Ithaca, NY, USA, Jan, 2004.
[5] D. F. Ferraiolo, R. Sandhu, S. Gavrila, D. R. Kuhn and R. Chandramouli, “Proposed NIST Standard for Role-Based Access Control”, ACM Transactions on Information and System Security, Vol. 4, No. 3, pp 224-274, August, 2001.
[6] C. C. Huang, P. C. Wang, T. W. Hou, “Advanced OSGi Security Layer”, Proc. of Advanced Information Networking and Applications Workshops,” Vol. 2, pp. 518–523, May, 2007.
[7] M. Howard, P. Powell, and R. Vidgen, “Automotive Industry Information Systems: From Mass Production to Build-to-Order”, Journal of Cases on Information Technology, Vol. 7, No. 2, pp. 16-30, 2005.
[8] ISO/IEC, “ISO/IEC 11889 : Trusted Platform Module”, ISO/IEC, 2009
[9] Sun Microsystems, “Java Card Specification V3.0 Final Release”, Sun Microsystems, April, 2008.
[10] G. Jayendra, S. Kumarawadu and L. Meegahapola, “RFID-Based Anti-theft Auto Security System with an Immobilizer”, Proc. of 2nd Int. Conf. Industrial and Information Systems (ICIIS), Sri Lanka, pp. 441-446, Aug. 2007.
[11] J. Kellerman, T. H. Cook, and O. Penzler, “The Best American Crime Reporting 2009”, Harper Perennia, Sept., 2009.
[12] Y. G. Lee, H. C. Kim, J. J. Kim and M. S. Jun, ”A Design of Home Network Security Protocol Using User Authentication and Access Control Technology”, Proc. of International Conference on Convergence and Hybrid Information Technology, pp.28-30, Aug., 2008.
[13] Y. K. Lee, D. G. Lee, J. W. Han and T. H. Kim, “Home Network Device Authentication: Device Authentication Framework and Device Certificate Profile”, The Computer Journal of Advance Access, Vol. 51, Issue 4, pp 30-34, July, 2008.
[14] K. Lemke, A. R. Sadeghi and C. Stüble, “An Open Approach for Designing Secure Electronic Immobilizers”, Proc. of 1st Information Security Practice and Experience Conference (ISPEC), Singapore, pp. 230-242, Apr. 2005.
[15] M. Long and U. Blumenthal, “Manageable One-Time Password for Consumer Applications”, Proc. of International Conference on Consumer Electronics, ICCE 2007, Las Vegas, USA, pp. 1-2, Jan, 2007.
[16] S. Pearson, M. Casassamont, and M. Novoa, “Securing Information Transfer in Distributed Computing Environments,” IEEE Security & Privacy, Vol. 6, No. 1, pp. 34-42, Feb. 2008.
[17] A. Pfitzmann, B. Pfitzmann, M. Schunter, and M. Waidner, “Trusting mobile user devices and security modules,” IEEE Computer, Vol. 30, pp. 61-68, Feb. 1997.
[18] W. Rankl and W. Effing, Smart Card Handbook, 3rd Ed., John Wiley & Sons Ltd., Jan. 2004
[19] Y. Z. Tong, J. T. Wu et al., The Anti-Theft System and Methods, Industrial Technology Research Institute (ITRI), Patent No. I262872, R.O.C, Taipei, Taiwan, Oct., 2006.
[20] P. C. Wang, T. W. Hou, J. H. Wu, and B. C. Chen, “A Security Module for Car Appliances,” International Journal of Mechanical Systems Science and Engineering (IJMSSE), Vol. 1, No. 3 , pp. 155-160, Summer 2007.
[21] P. C. Wang, Y. S. Hung, and T. W. Hou, “A Cross-layered Diagnostician in OSGi Platform for Home Network”, Proc. of the 2007 IFIP International Conference on Embedded and Ubiquitous Computing (EUC 2007), Taipei, Taiwan, pp. 435-444, Dec. 17-20, 2007.
[22] P. C. Wang, C. L. Lin, C. C. Kung, J. H. Rao and T. W. Hou, “A Try Before You Buy Approach for Networked Digital Home Appliances and Services,” Proc. of IEEE International Conference on Consumer Electronics, ICCE 2009, pp. 1-2, Jan. 2009.
[23] P. C. Wang, C. L. Lin, and T. W. Hou, “Resource-aware service deployment for open service gateway in home network,” Proc. of IEEE Region 10 Conference, TENCON 2007, Taipei, Taiwan, pp. 1–4, Oct.30-Nov.2, 2007.
[24] P. C. Wang, C. L. Lin, and T. W. Hou, “A Service-layer Diagnostic Approach for the OSGi Framework,” IEEE Transactions on Consumer Electronics, Vol. 55, Issue 4, pp. 1973-1981, Nov. 2009.
[25] A. Weimerskirch, C. Paar, and M Wolf, “Cryptographic Component Identification: Enabler for Secure Vehicles”, Proc. of IEEE 62th Semiannual Vehicular Technology Conference (VTC), Dallas, Texas, USA, pp. 1227-1231, Sept. 2005.
[26] M. Wolf, A. Weimerskirch, and T. Wollinger, “State of the Art: Embedding Security in Vehicles”, EURASIP Journal on Embedded Systems, Article ID 74706, pp. 1-16, Apr. 2007.
[27] J. H. Wu, C. C. Kung, J. H. Rao, P. C. Wang, C. L. Lin and T. W. Hou, “Design of an In-Vehicle Anti-Theft Component”, Proc. of IEEE International Conference on Intelligent Systems Design and Applications, Kaohsiung, Taiwan, pp. 566-569, Nov, 2008.
[28] C. S. Yang, P. C. Wang, C. L. Lin, and T. W. Hou, “Personalized iDTV Program in Multimedia Home Platform,” Proc. of 22nd International Conference on Advanced Information Networking and Applications, Okinawa, Japan, pp. 473-476, March, 2008.
[29] E. J. Yoon and K. Y. Yoo, “One-Time Password Authentication Scheme Using Smart card Providing User Anonymity”, Proc. of Workshop on Security Issues on Grid/ Distributed Computing Systems, pp.303-311, May, 2006.