External monitoring changes in vehicle hardware profiles: enhancing automotive cyber-security

As the vehicles are gradually transformed into the connected-vehicles, standard features of the past (i.e., immobilizer, keyless entry, self-diagnostics) were neglected to be software updated and hardware upgraded so they do not 'align” with the cyber-security demands of the new ICT era (IoT, Industry 4.0, IPv6, sensor technology) we have stepped into, therefore introducing critical legacy IT security issues. Stepping beyond the era of common auto-theft and 'chop-shops,” the new wave of attackers have cyber-skills to exploit these vulnerabilities and steal the vehicle or manipulate it. Recent evolution in ICT offered automotive industry vital tools for vehicle safety, functionality and up to 2010, theft prevention. However, the same technologies are the ones that make vehicles prone to cyber-attacks. To counter such attacks, this work proposes a unified solution that logs all hardware profile changes of a vehicle in a blockchain, to manage control and allow only authenticated changes, subject to user, time, geospatial, and contextual constraints exploiting several blockchain features. Testing of the proposed solution omens the prevention of numerous commons attacks, while additionally providing forensics capabilities and significantly enhancing the security architecture of the vehicle (respecting the original IT architectural design of automotive manufacturers)

Authenticating the Sender on CAN Bus using Inimitable Physical Characteristics of the Transmitter and Channel

The Cybersecurity for the embedded systems has become a serious challenge in the recent times. Given that the embedded applications are being connected with each other and over the public internet while running the relatively fragile low-density code, they are prone to a wide range of attacks. These attack surfaces are inherent to most of the embedded applications. One such example is a modern automobile. A modern vehicle consists of a network of small electronic computers known as Electronic Control Units (ECUs), which makes possible the state-of-the art features. Because of the power of these tiny computers and the artificial intelligence, autonomous vehicles will be on the road for public use in near future. These vehicles will be connected over the internet and hence susceptible to the broad range of attacks. The problem gets worse in the automotive applications because of the presence of very weak internal networking protocols. The ECUs are connected via each other over Controller Area Network (CAN) Bus which lacks the basic security features. It does not provide the authenticity of the message sender and the payload integrity is absent as well. In this paper, we have proposed a novel idea to solve both of these problems based on the physical fingerprinting the transmitter of the message packet. Electrical devices are unique in terms of the physical fingerprints, they leave in the transmitted messages due to the material’s microstructure. This uniqueness exists in the time domain as well as the frequency domain of the signals. We have proposed various techniques to capture this uniqueness using the signal processing techniques at the message receiver side which will be able to link the received packet to the original transmitter. We have applied the Neural Network based Classifier in order to realize an Intrusion Detection System proof of concept. Our proposed idea, realized with different techniques, has been proven to be more efficient than the state-of-the art intrusion detection systems. We have analyzed the weaknesses in one of the advanced security techniques based on fingerprinting the clock behaviors of the message sender. We were able to launch the successful attack to bypass the intrusion detection system based on fingerprinting the clock behavior of the sender. Our work demonstrates the wide range of attacks: the external attacks by exploiting the in-vehicle infotainment system, internal attacks and a possible defense mechanism as well. We have summarized the possible attack vectors on our proposed idea as well with the challenges being faced for the real-world implementation.Master of Science in EngineeringComputer Engineering, College of Engineering & Computer ScienceUniversity of Michigan-Dearbornhttps://deepblue.lib.umich.edu/bitstream/2027.42/143524/1/49698122_Thesis_MT_1_0 (1).pdfDescription of 49698122_Thesis_MT_1_0 (1).pdf : Thesi

Automotive firmware extraction and analysis techniques

An intricate network of embedded devices, called Electronic Control Units (ECUs), is responsible for the functionality of a modern vehicle. Every module processes a myriad of information and forwards it on to other nodes on the network, typically an automotive bus such as the Controller Area Network (CAN). Analysing embedded device software, and automotive in particular, brings many challenges. The analyst must, especially in the notoriously secretive automotive industry, first lift the ECU firmware from the hardware, which typically prevents unauthorised access. In this thesis, we address this problem in two ways: - We detail and bypass the access control mechanism used in diagnostic protocols in ECU firmware. Using existing diagnostic functionality, we present a generic technique to download code to RAM and execute it, without requiring physical access to the ECU. We propose a generic firmware readout framework on top of this, which only requires access to the CAN bus. - We analyse various embedded bootloaders and combine dynamic analysis with low-level hardware fault attacks, resulting in several fault-injection attacks which bypass on-chip readout protection. We then apply these firmware extraction techniques to acquire immobiliser firmware by two different manufacturers, from which we reverse engineer the DST80 cipher and present it in full detail here. Furthermore, we point out flaws in the key generation procedure, also recovered from the ECU firmware, leading to a full key recovery based on publicly readable transponder pages