A Structured Approach to Securing the Connected Car

<p>Vehicles of today have become increasingly dependent on software to handle their functionalities. Updating and maintaining the software in vehicles has therefore become a costly process for the automotive industry. By introducing wireless communications to vehicles, vehicular maintenance can greatly be improved and many other new applications can also be brought to the vehicles. However, the vehicle was not designed with security in mind. Since the vehicle is safety-critical, it is vital that such new remote services do not violate the safety and security requirements of the vehicle. Thus, this thesis presents a general approach to securing the connected car and the usefulness of the approach is demonstrated in a vehicular diagnostics scenario.</p> <p>The thesis comes in two main parts. In the first part, we address security mechanisms for the connected car. First, a survey of current mechanisms to secure the in-vehicle networks is made. Then, a description of possible communication methods with vehicles is given and a taxonomy of current entities involved in such communication is presented. The taxonomy is organised in actors, vehicle-to-X communications, network paths, and dependability and security attributes. The usefulness of the taxonomy is demonstrated by two examples.</p> <p>In the second part, we address security with respect to vehicular diagnostics. First, an overall security analysis of the interaction between the connected car and the repair shop is conducted. We find that the most imminent risk in the repair shop is the loss of authentication keys. The loss of such keys allows masquerading attacks against vehicles. To address this problem, we propose a Kerberos-inspired protocol for authentication and authorisation of the diagnostics equipment and a trusted third party is introduced.</p> <p>To conclude, this thesis shows the value of adopting a structured approach to securing the connected car. The approach has been shown to be useful for identifying threats and countermeasures and thus help improving security.</p

Security aspects of the in-vehicle network in the connected car

In this paper, we briefly survey the research with respect to the security of the connected car, and in particular its in-vehicle network. The aim is to highlight the current state of the research; which are the problems found, and what solutions have been suggested. We have structured our investigation by categorizing the research into the following five categories: problems in the in-vehicle network, architectural security features, intrusion detection systems, honeypots, and threats and attacks. We conclude that even though quite some effort has already been expended in the area, most of it has been directed towards problem definition and not so much towards security solutions. We also highlight a few areas that we believe are of immediate concern

Authenticating the Sender on CAN Bus using Inimitable Physical Characteristics of the Transmitter and Channel

The Cybersecurity for the embedded systems has become a serious challenge in the recent times. Given that the embedded applications are being connected with each other and over the public internet while running the relatively fragile low-density code, they are prone to a wide range of attacks. These attack surfaces are inherent to most of the embedded applications. One such example is a modern automobile. A modern vehicle consists of a network of small electronic computers known as Electronic Control Units (ECUs), which makes possible the state-of-the art features. Because of the power of these tiny computers and the artificial intelligence, autonomous vehicles will be on the road for public use in near future. These vehicles will be connected over the internet and hence susceptible to the broad range of attacks. The problem gets worse in the automotive applications because of the presence of very weak internal networking protocols. The ECUs are connected via each other over Controller Area Network (CAN) Bus which lacks the basic security features. It does not provide the authenticity of the message sender and the payload integrity is absent as well. In this paper, we have proposed a novel idea to solve both of these problems based on the physical fingerprinting the transmitter of the message packet. Electrical devices are unique in terms of the physical fingerprints, they leave in the transmitted messages due to the material’s microstructure. This uniqueness exists in the time domain as well as the frequency domain of the signals. We have proposed various techniques to capture this uniqueness using the signal processing techniques at the message receiver side which will be able to link the received packet to the original transmitter. We have applied the Neural Network based Classifier in order to realize an Intrusion Detection System proof of concept. Our proposed idea, realized with different techniques, has been proven to be more efficient than the state-of-the art intrusion detection systems. We have analyzed the weaknesses in one of the advanced security techniques based on fingerprinting the clock behaviors of the message sender. We were able to launch the successful attack to bypass the intrusion detection system based on fingerprinting the clock behavior of the sender. Our work demonstrates the wide range of attacks: the external attacks by exploiting the in-vehicle infotainment system, internal attacks and a possible defense mechanism as well. We have summarized the possible attack vectors on our proposed idea as well with the challenges being faced for the real-world implementation.Master of Science in EngineeringComputer Engineering, College of Engineering & Computer ScienceUniversity of Michigan-Dearbornhttps://deepblue.lib.umich.edu/bitstream/2027.42/143524/1/49698122_Thesis_MT_1_0 (1).pdfDescription of 49698122_Thesis_MT_1_0 (1).pdf : Thesi

Physical-Fingerprinting of Electronic Control Unit (ECU) Based on Machine Learning Algorithm for In-Vehicle Network Communication Protocol “CAN-BUS”

The Controller Area Network (CAN) bus serves as a legacy protocol for in-vehicle data communication. Simplicity, robustness, and suitability for real-time systems are the salient features of the CAN bus protocol. However, it lacks the basic security features such as massage authentication, which makes it vulnerable to the spoofing attacks. In a CAN network, linking CAN packet to the sender node is a challenging task. This paper aims to address this issue by developing a framework to link each CAN packet to its source. Physical signal attributes of the received packet consisting of channel and node (or device) which contains specific unique artifacts are considered to achieve this goal. Material and design imperfections in the physical channel and digital device, which are the main contributing factors behind the device-channel specific unique artifacts, are leveraged to link the received electrical signal to the transmitter. Generally, the inimitable patterns of signals from each ECUs exist over the course of time that can manifest the stability of the proposed method. Uniqueness of the channel-device specific attributes are also investigated for time-and frequency-domain. Feature vector is made up of both time and frequency domain physical attributes and then employed to train a neural network-based classifier. Performance of the proposed fingerprinting method is evaluated by using a dataset collected from 16 different channels and four identical ECUs transmitting same message. Experimental results indicate that the proposed method achieves correct detection rates of 95.2% and 98.3% for channel and ECU classification, respectively.Master of Science in EngineeringComputer Engineering, College of Engineering and Computer ScienceUniversity of Michigan-Dearbornhttps://deepblue.lib.umich.edu/bitstream/2027.42/140731/1/Thesis manuscript_v3.pdfDescription of Thesis manuscript_v3.pdf : Thesi

Artificial Intelligence and Cybersecurity: Building an Automotive Cybersecurity Framework Using Machine Learning Algorithms

Automotive technology has continued to advance in many aspects. As an outcome of such advancements, autonomous vehicles are closer to commercialization and have brought to life a complex automotive technology ecosystem [1]. Like every other technology, these developments bring benefits but also introduce a variety of risks. One of these risks in the automotive space is cybersecurity threats. In the case of cars, these security challenges can produce devastating results and tremendous costs, including loss of life. Therefore, conducting a clear analysis, assessment and detection of threats solves some of the cybersecurity challenges in the automotive ecosystem. This dissertation does just that, by building a three-step framework to analyze, assess,and detect threats using machine learning algorithms. First, it does an analysis of the connected vehicle threats while leveraging the STRIDE framework [2]. Second, it presents an innovative, Fuzzy based threat assessment model (FTAM). FTAM leverages threat characterizations from established threat assessment models while focusing on improving its assessment capabilities by using Fuzzy logic. Through this methodology, FTAM can improve the efficiency and accuracy of the threat assessment process by using Fuzzy logic to determine the “degree” of the threat over other existing methods. This differs from the current threat assessment models which use subjective assessment processes based on table look-ups or scoring. Thirdly, this dissertation proposes an intrusion detection system (IDS) to detect malicious threats while taking in consideration results from the previous assessment stage. This IDS uses the dataset provided from Wyoming Connected Vehicle Deployment program [3] and consists of a two-stage intrusion detection system based on supervised and unsupervised machine learning algorithms. The first stage uses unsupervised learning to detect whether there is an attack present and the second stage classifies these attacks in a supervised learning fashion. The second stage also addresses data bias and eliminates the number of false positives. The simulation of this approach results in an IDS able to detect and classify attacks at a 99.965% accuracy and lowers the false positives rate to 0%.Ph.D.College of Engineering & Computer ScienceUniversity of Michigan-Dearbornhttps://deepblue.lib.umich.edu/bitstream/2027.42/149467/1/Nevrus Kaja PhD Dissertation V24.pdfDescription of Nevrus Kaja PhD Dissertation V24.pdf : Dissertatio

A First Simulation of Attacks in the Automotive Network Communications Protocol FlexRay

Abstract. The automotive industry has over the last decade gradually replaced mechanical parts with electronics and software solutions. Modern vehicles contain a number of electronic control units (ECUs), which are connected in an in-vehicle network and provide various vehicle functionalities. The next generation automotive network communications protocol FlexRay has been developed to meet the future demands of automotive networking and can replace the existing CAN protocol. Moreover, the upcoming trend of ubiquitous vehicle communication in terms of vehicle-to-vehicle and vehicle-to-infrastructure communication introduces an entry point to the previously isolated in-vehicle network. Consequently, the in-vehicle network is exposed to a whole new range of threats known as cyber attacks. In this paper, we have analyzed the FlexRay protocol specification and evaluated the ability of the FlexRay protocol to withstand cyber attacks. We have simulated a set of plausible attacks targeting the ECUs on a FlexRay bus. From the results, we conclude that the FlexRay protocol lacks sufficient protection against the executed attacks, and we therefore argue that future versions of the specification should include security protection

A First Simulation of Attacks in the Automotive Network Communications Protocol FlexRay

The automotive industry has over the last decade gradually replaced mechanical parts with electronics and software solutions. Modern vehicles contain a number of electronic control units (ECUs), which are connected in an in-vehicle network and provide various vehicle functionalities. The next generation automotive network communications protocol FlexRay has been developed to meet the future demands of automotive networking and can replace the existing CAN protocol. Moreover, the upcoming trend of ubiquitous vehicle communication in terms of vehicle-to-vehicle and vehicle-to-infrastructure communication introduces an entry point to the previously isolated in-vehicle network. Consequently, the in-vehicle network is exposed to a whole new range of threats known as cyber attacks. In this paper, we have analyzed the FlexRay protocol specification and evaluated the ability of the FlexRay protocol to withstand cyber attacks. We have simulated a set of plausible attacks targeting the ECUs on a FlexRay bus. From the results, we conclude that the FlexRay protocol lacks sufficient protection against the executed attacks, and we therefore argue that future versions of the specification should include security protection

A First Simulation of Attacks in the Automotive Network Communications Protocol FlexRay

The automotive industry has over the last decade gradually replaced mechanical parts with electronics and software solutions. Modern vehicles contain a number of electronic control units (ECUs), which are connected in an in-vehicle network and provide various vehicle functionalities. The next generation automotive network communications protocol FlexRay has been developed to meet the future demands ofautomotive networking and can replace the existing CAN protocol. Moreover, the upcoming trend of ubiquitous vehicle communication in terms of vehicle-to-vehicle and vehicle-to-infrastructure communication introduces an entry point to the previously isolated in-vehicle network. Consequently, the in-vehicle network is exposed to a whole new range of threats known as cyber attacks. In this paper, we have analyzed the FlexRay protocol specification and evaluated the ability of the FlexRay protocol to withstand cyber attacks. We have simulated a set of plausible attacks targeting the ECUs on a FlexRay bus. From the results, we conclude that the FlexRay protocol lacks sufficient protection against the executed attacks, and we therefore argue that future versions of the specification should include security protection

One proposal of software middleware for heterogenous in-vehicle environments

Ова докторска дисертација се бави истраживањем из области софтверских платформи у модерним возилима. Са појавом савремених технологија, број и сложеност функција у возилима расте, док произвођачима аутомобила постаје све теже да одржавају такве разноврсне системе због чега конвергирају уједињавању функција, тј. коришћењу што мањег броја савремених чипова на којима би се реализовао што већи број функција. Циљ истраживања у оквиру ове докторске дисертације је да се на основу истраживања стања у области предложи архитектура средњег слоја софтвера за рачунарски систем у возилима, која ће представљати корак напред у поменутој тежњи произвођача аутомобила. Предложено решење треба да омогући и бржи и једноставнији развој апликација у хетерогеном окружењу возила. Решење је реализовано на више платформи са циљем провере функционалности, перформанси решења као и евалуације архитектурних особина које утичу на једноставан развој апликација. Основни допринос се огледа у предложеној спрези која омогућава бржи развој апликација.Ova doktorska disertacija se bavi istraživanjem iz oblasti softverskih platformi u modernim vozilima. Sa pojavom savremenih tehnologija, broj i složenost funkcija u vozilima raste, dok proizvođačima automobila postaje sve teže da održavaju takve raznovrsne sisteme zbog čega konvergiraju ujedinjavanju funkcija, tj. korišćenju što manjeg broja savremenih čipova na kojima bi se realizovao što veći broj funkcija. Cilj istraživanja u okviru ove doktorske disertacije je da se na osnovu istraživanja stanja u oblasti predloži arhitektura srednjeg sloja softvera za računarski sistem u vozilima, koja će predstavljati korak napred u pomenutoj težnji proizvođača automobila. Predloženo rešenje treba da omogući i brži i jednostavniji razvoj aplikacija u heterogenom okruženju vozila. Rešenje je realizovano na više platformi sa ciljem provere funkcionalnosti, performansi rešenja kao i evaluacije arhitekturnih osobina koje utiču na jednostavan razvoj aplikacija. Osnovni doprinos se ogleda u predloženoj sprezi koja omogućava brži razvoj aplikacija.This PhD thesis addressed the problem of the software platforms in the field of heterogeneous in-vehicle environments. With modern technologies, the number and complexity of functions in the vehicle is constantly growing. It becomes harder for OEMs (Original Equipment Manufacturer) to maintain such different systems, and as a result there is a tendency to use as few modern chips as possible in order to realize as many functions. The goal of the research within this PhD thesis is to propose, based on the research, software middleware architecture for modern vehicle systems, which will be a step forward in the mentioned aspiration of OEMs. The proposed solution should enable faster and easier development of the applications in such environment. The solution is implemented on the multiple hardware platforms in order to check functionality, performance and to evaluate architectural features that affect ease application development. The main contribution of the thesis is the proposed interface that allows faster and easier application development