A Multi-Agent Security Testbed for the Analysis of Attacks and Defenses in Collaborative Sensor Fusion

The performance and safety of autonomous vehicles (AVs) deteriorates under adverse environments and adversarial actors. The investment in multi-sensor, multi-agent (MSMA) AVs is meant to promote improved efficiency of travel and mitigate safety risks. Unfortunately, minimal investment has been made to develop security-aware MSMA sensor fusion pipelines leaving them vulnerable to adversaries. To advance security analysis of AVs, we develop the Multi-Agent Security Testbed, MAST, in the Robot Operating System (ROS2). Our framework is scalable for general AV scenarios and is integrated with recent multi-agent datasets. We construct the first bridge between AVstack and ROS and develop automated AV pipeline builds to enable rapid AV prototyping. We tackle the challenge of deploying variable numbers of agent/adversary nodes at launch-time with dynamic topic remapping. Using this testbed, we motivate the need for security-aware AV architectures by exposing the vulnerability of centralized multi-agent fusion pipelines to (un)coordinated adversary models in case studies and Monte Carlo analysis

Automotive firmware extraction and analysis techniques

An intricate network of embedded devices, called Electronic Control Units (ECUs), is responsible for the functionality of a modern vehicle. Every module processes a myriad of information and forwards it on to other nodes on the network, typically an automotive bus such as the Controller Area Network (CAN). Analysing embedded device software, and automotive in particular, brings many challenges. The analyst must, especially in the notoriously secretive automotive industry, first lift the ECU firmware from the hardware, which typically prevents unauthorised access. In this thesis, we address this problem in two ways: - We detail and bypass the access control mechanism used in diagnostic protocols in ECU firmware. Using existing diagnostic functionality, we present a generic technique to download code to RAM and execute it, without requiring physical access to the ECU. We propose a generic firmware readout framework on top of this, which only requires access to the CAN bus. - We analyse various embedded bootloaders and combine dynamic analysis with low-level hardware fault attacks, resulting in several fault-injection attacks which bypass on-chip readout protection. We then apply these firmware extraction techniques to acquire immobiliser firmware by two different manufacturers, from which we reverse engineer the DST80 cipher and present it in full detail here. Furthermore, we point out flaws in the key generation procedure, also recovered from the ECU firmware, leading to a full key recovery based on publicly readable transponder pages

Security and safety interplay of intelligent software systems: ESORICS 2018 international workshops, ISSA 2018 and CSITS 2018, Barcelona, Spain, September 6-7, 2018, revised selected papers

International audienceThis book constitutes the thoroughly refereed post-conference proceedings of the International Workshop on Interplay of Security, Safety and System/Software Architecture, CSITS 2018, and the International Workshop on Cyber Security for Intelligent Transportation Systems, ISSA 2018, held in Barcelona, Spain, in September 2018, in conjunction with the 23rd European Symposium on Research in Computer Security, ESORICS 2018. The ISSA 2018 workshop received 10 submissions from which 3 full papers and 1 short paper were accepted. They cover topics such as software security engineering, domain-specific security and privacy architectures, and automative security. In addition, an invited paper on safety and security co-engineering intertwining is included. The CSITS 2018 workshop received 9 submissions from which 5 full papers and 1 short paper were accepted. The selected papers deal with car security and aviation securit

Metodologia para teste e análise de degradação de desempenho em protocolos de comunicação intra-veiculares

Considerar os efeitos de falhas e interferências que afetam as redes intra-veiculares desde o projeto dos seus sistemas de controle tornou-se fundamental, pois, a complexidade da eletrônica embarcada, o aumento do fluxo de informação e também as possibilidades de ataques maliciosos, tornaram o projeto destes sistemas uma tarefa cada vez mais complexa. Neste contexto, a presente tese visa explorar formas de integrar e modelar os efeitos de degradação causados por diferentes tipos de falhas que afetam os protocolos de comunicação, na interconexão das unidades de controle eletrônicas (ECUs). Dentre estas falhas, a pesquisa destaca o estudo aprofundado dos transientes elétricos rápidos – EFT, que degradam o desempenho e geram efeitos como perda de pacotes e atrasos de comunicação. Desta forma, contribui-se com uma metodologia para o tratamento de falhas em sistemas críticos de tempo real, desde as fases iniciais do projeto, utilizando a modelagem orientada a aspectos para modelar e especificar requisitos do sistema, de acordo com características transversais dos requisitos não funcionais relacionados a falhas. Para a definição dos requisitos não funcionais, esta pesquisa usa como base o framework RTFRIDA (Real-Time From Requirements to Design using Aspects), o qual foi estendido para agregar com mais detalhes a modelagem de falhas. Para fins de validação da metodologia foi desenvolvido um mecanismo de diagnóstico de degradação de desempenho, o qual foi integrado a um sistema de controle de suspensão ativa. O estudo foi avaliado em diferentes cenários de carga da rede e com injeções de falhas usando dois tipos de hardwares que seguem normas de teste usadas na indústria. Os resultados evidenciaram a aplicabilidade da metodologia, com a modelagem de um mecanismo de diagnóstico que detectou e registrou os distúrbios de desempenho nos cenários estudados. As análises enfatizam a degradação de desempenho acentuada registrada com as injeções EFT de maior amplitude de tensão e menor tempo de rajada, com carga de ocupação da rede acima de 30%. Os experimentos avaliaram o desempenho dos atuais protocolos de comunicação, com melhores resultados obtidos em FlexRay e CAN-FD, o que confirma a evolução dos protocolos para atender as recentes demandas de desempenho da indústria automotiva.Embedded computing applications are increasingly demanding performance and reliability because these factors are critical to the safety of real-time systems. Reliability aspects in design phases is a fundamental point of many researches because with the increase of embedded electronics, network data transmission and also possibilities of attacks on them, make the design of these systems an increasingly complex task. The present thesis aims to explore and correlate different fault types that degrade vehicular communication protocols performance used to interconnect embedded control units (ECUs). Among these faults, the electrical fast transients - EFT are highlighted, since they generate effects such as packet loss and communication delays. Thus, a methodology based on aspect-oriented modeling concepts, in real-time critical systems is proposed, to model and specify system requirements according to cross-cutting concerns of non-functional requirements related to faults. For non-functional requirements specification, this work is based on RT-FRIDA (Real-Time From Requirements to Design using Aspects) framework, which was be extended for fault modeling. Thus, the novel methodology allows fault modeling following the aspect-oriented principles from the early design phases. For the methodology validation purposes, a performance degradation diagnostic mechanism was developed, which was integrated into an active suspension control system. The study was evaluated in different network busload scenarios and with fault injections using two hardware types, certified by standards used in the automotive industry. The results present that the developed mechanism detected performance disturbances, recording occurrence data in the studied scenarios. The analyzes emphasize the best performance degradation observed with EFT injection of higher voltage amplitude, shorter burst time, and busload above 30%. The experiments evaluated the performance of current communication protocols, with better results obtained in FlexRay and CAN-FD, which confirms the protocol’s evolution to meet the recent performance demands of the automotive industry