Alexios Lekidis, profile picture
Uploaded byAlexios Lekidis
PDF, PPTX265 views

Wfcs2019

This document discusses model-based simulation and threat analysis of in-vehicle networks. It outlines the evolution of connected cars and the associated security risks. It then introduces the CARSEC environment for simulating in-vehicle networks and assessing risks. A case study applies CARSEC to evaluate security on a Toyota Prius architecture. Attacks are simulated and their impacts analyzed. The document concludes that CARSEC allows early detection of errors and threats to help enhance vehicle security. Future work includes automating the data collection process and directly using OBD-II port access.

Engineering
Related topics:
Internet of Things

Embed presentation

Download as PDF, PPTX
Model-based simulation and threat analysis of in-vehicle networks Alexios Lekidis, Ion Barosan WFCS 2019 Sundsvall, 28/05/2019
Outline • Connected cars evolution • Security risks and challenges • CARSEC: In-vehicle network simulation and risk assessment environment • Case-study: Evaluation on a Toyota Prius architecture • Conclusions and perspectives
Car historical evolution 1886 2000 2020 R&D area: 1966-1995 Embedded area: 1995- 2002 Infotainment area: 2007- 2012
1886 2005 2020 Embedded area: 1995- 2002 V2X area: 2012- ongoing Infotainment area: 2007- 2012 Car historical evolution
1886 2005 2020 Embedded area: 1995- 2002 V2X area: 2012- ongoing Infotainment area: 2007- 2012 New mobility area: 2020- onwards Car historical evolution
In-vehicle software complexity Complexity and V2X connectivity increase threat/hazard surface
Tackling complexity through data visibility • OBD-II added for troubleshooting and diagnostics (i.e. observing vehicle characteristics as engine, temperature) • OBD-II standard mandatory for all vehicles - 01 0C - 7E8 04 41 0C 10 C5 - 7EA 04 41 0C 10 80 RPM value length Request RPM OBD-II
In-vehicle network architecture: V2X area central gateway Instrument cluster Climate control Door locking Head Unit Audio Video Navigation Telephone Steering control Air Bag control Breaking system Engine control Transmission control Power train sensors MOST protocolCAN LINCAN/FlexRay OBUTCUHead Unit OBD-II • Head Unit: Vehicle entertainment system • On-board Unit (OBU): Enabling V2X communication • Telematics Control Unit (TCU): Vehicle tracking • Gateway: Central vehicle data access • On Board Diagnostics (OBD): Status diagnostics
In-vehicle network architecture: V2X area central gateway Instrument cluster Climate control Door locking Head Unit Audio Video Navigation Telephone Steering control Air Bag control Breaking system Engine control Transmission control Power train sensors MOST protocolCAN LINCAN/FlexRay OBUTCUHead Unit OBD-II Critical systems • Head Unit: Vehicle entertainment system • On-board Unit (OBU): Enabling V2X communication • Telematics Control Unit (TCU): Vehicle tracking • Gateway: Central vehicle data access • On Board Diagnostics (OBD): Status diagnostics
Outline • Connected cars evolution • Security risks and challenges • CARSEC: In-vehicle network simulation and risk assessment environment • Case-study: Evaluation on a Toyota Prius architecture • Conclusions and perspectives
Connected car security risks • Vital risks to vehicle passengers • Various incidents over the last years Crysler’s Jeep Cherokee CIA’s Vault 7 Bosch Drivelog dongle
Vehicle attack surfaces OBDII Telematics Control Unit Central Gateway Keyless entry Tire Pressure Monitoring Sensor Head Unit Direct access Long-range access Short-range access
Attack scenario OBDII Central Gateway Head Unit Brake Control Unit Telematics Control Unit • Sniff the telematics system IP address • Random generator of Bluetooth PIN / WiFi WPA password
Central Gateway Brake Control Unit Head Unit Telematics Control Unit • Move to safety Bus from telematics system Attack scenario OBDII
OBDII Central Gateway Brake Control Unit Head Unit Telematics Control Unit • Disengage brakes or kill engine Attack scenario Challenges: • Accessing the attack impact • Detecting the anomaly in the embedded system
Outline • Connected cars evolution • Security risks and challenges • CARSEC: In-vehicle network simulation and risk assessment environment • Case-study: Evaluation on a Toyota Prius architecture • Conclusions and perspectives
Proposed method
Behavior learning • Network fingerprinting – Network communication baseline for driving or parking mode – Captures cyclic messages between ECUs periodic • Manual scenario execution – Captures asynchronous actions inside the vehicle (e.g. driver switching on/off the engine) – Extends the communication baseline with dynamic messages Outcome: 1) Data flow patterns 2) Correlation between certain messages
Data model
Data model (in DBC) Data model filling
OMNET++ simulation environment • Open-source discrete event simulation framework • Progressive system construction from component-based modules • Network Editor (NED): Module editing • Initial configuration file (INI): Network data exchange definitions • In-vehicle protocol simulation through FiCo4OMNeT library – CAN, FlexRay support
OMNET++: CAN node (NED) • Data transmitter (sourceApp): CAN frame transmission • Output buffer (bufferOut): Temporal frame storage and scheduling for Bus transmission Input buffer (bufferIn): Temporal frame storage and forwarding to the data receiver • Data receiver (sinkApp): CAN frame reception and physical vehicle actions • Hardware clock (canClock): Node clock for frame scheduling • Data logger (pcapRecorder): Traffic logging
OMNET++: CAN node (INI) • idDataFrames: Message identifiers of the node • periodicityDataFrames: Message periodicity • dataLengthDataFrames: Data length • payloadDataFrames: Message payload • initialDataFrameOffset: CAN message scheduling offset Challenges: 1) Configuration changes require manual simulation restart 2) User actions cannot be modeled (e.g. driving mode)
Dynamic vehicle behavior • Added functionality: – Dynamic changes in the model’s INI configuration while the simulation is active – Dynamic calculation of bit-stuffing based on the exchanged data • Technique: Distribution fitting on the data logged while driving • Outcome: Payload values chosen based on the probability law of the fitted distribution
Model validation • Tool for automatic validation of the simulation accuracy against the real vehicle behavior – Different operation modes (i.e. parking or driving) • Relying on network traffic (i.e. pcap, log files) • Comparison on: 1) Packet level 2) Communication flow OMNET++ simulated traffic OBDII vehicle traffic CANvalidator Verdict OK NOK
Outline • Connected cars and their underlying security risks • Challenges in in-vehicle network simulation • CARSEC: In-vehicle network simulation and risk assessment environment • Case-study: Evaluation on a Toyota Prius architecture • Conclusions and perspectives
Data logging from the Toyota Prius • Vehicle available within TU/e premises from A-Team • CANtact to OBD-II due to buffer overflow in ELM327
Network and threat analysis on a Toyota Prius Goal: Real-time analysis of operational errors or security aspects Outcome: In-vehicle impact analysis and feedback for enhancements
Simulated attacks Attack class Description Denial Of Service Network flooding with certain frame ID Frame injection Inserting known/unknown frame ID Diagnostic messages Extract diagnostic info from ECUs allowing to reprogram them Masquerade / impersonation attack ECU spoofing or frame replay Fuzzing Iterative transmission of random or partially random packets Suspension Prevent frame transmission from a specific ECU Source: Common threats based on in-vehicle security state-of-the-art Purpose: Use simulation to avoid non recoverable errors from attacks on the in- vehicle architecture
Simulated attacks Attack class Description Denial Of Service Network flooding with certain frame ID Frame injection Inserting known/unknown frame ID Diagnostic messages Extract diagnostic info from ECUs allowing to reprogram them Masquerade / impersonation attack ECU spoofing or frame replay Fuzzing Iterative transmission of random or partially random packets Suspension Prevent frame transmission from a specific ECU Three categories of attacks: 1) Not feasible 2) Feasible but no impact on vehicle functionality 3) Feasible with impact on vehicle functionality, but requiring adequate in-vehicle network knowledge
Attack impact on vehicle functionality Attack start • Impact: Confusing indicator in the dashboard • Generating error frames on the Bus • Errors lead to error active/passive mode
Attack impact on the in-vehicle network - Initial increase in the amount of messages - Frequency-based detection for identifying the anomaly - For persistent attacks the Bus gradually balances the message load - Attack detection becomes very difficult
Conclusion • Early-stage detection of operational errors and security threats in the in-vehicle architecture • Impact and risk assessment for the addition of new features • Applied to a Toyota Prius vehicle within TU/e premises – State-of-the-art attacks to examine alternations of the vehicle behavior Future work • Automate the preliminary in-vehicle learning/data filling step • Use of OBD-II: 1) allows to learn only CAN and LIN network data 2) limits the network data if manufacturer firewall is used
Thank you for your attention Further info: a.lekidis@tue.nl, i.barosan@tue.nl

More Related Content

PPTX
Network Security for Automotive Embedded Systems
byTonex
 
PPTX
Model-Based Design For Motor Control Development
byThe Hartford
 
PPTX
What is Diagnostic over Internet Protocol (DoIP) and How it Supports Remote V...
byEmbitel Technologies - A VOLKSWAGEN GROUP COMPANY
 
PDF
Model Based Design of Hybrid and Electric Powertrains
bySandeep Sovani, Ph.D.
 
DOC
AjishP-2016
byAjish Pulikkool
 
PDF
Cyber Security and Cyber-Resilience for RPAS
byGiovanni Panice
 
PDF
Cygnotel Prueba 01
bycygnotel
 
PDF
Formal Model Based Design of Control Software
byVadim Alimguzhin
 
Network Security for Automotive Embedded Systems
byTonex
 
Model-Based Design For Motor Control Development
byThe Hartford
 
What is Diagnostic over Internet Protocol (DoIP) and How it Supports Remote V...
byEmbitel Technologies - A VOLKSWAGEN GROUP COMPANY
 
Model Based Design of Hybrid and Electric Powertrains
bySandeep Sovani, Ph.D.
 
AjishP-2016
byAjish Pulikkool
 
Cyber Security and Cyber-Resilience for RPAS
byGiovanni Panice
 
Cygnotel Prueba 01
bycygnotel
 
Formal Model Based Design of Control Software
byVadim Alimguzhin
 

What's hot

PDF
Automotive engineering design - Model Based Design
byVinayagam Mariappan
 
PPTX
OBD2 Software Development and Testing for an ECU Application
byEmbitel Technologies - A VOLKSWAGEN GROUP COMPANY
 
PDF
Automotive Diagnostics Communication Protocols AnalysisKWP2000, CAN, and UDS
byIOSR Journals
 
PPTX
ECS
byAhmed Mohamed
 
PDF
Industrial Ethernet Facts - The 5 major technologies
byStephane Potier
 
PDF
MIPI DevCon 2021: MIPI I3C interface for the ETSI Smart Secure Platform
byMIPI Alliance
 
PDF
Understanding User Needs for Electrical and Lighting Management Systems (ELMS...
byJim Frazer
 
PDF
Presentatie Festo
byswitchingonthefuture
 
DOCX
Resume_neeraj
byneeraj kumar
 
PPT
Robot Tele-operation System Based on GPRS
byarunjps
 
PDF
Opis softera i ModulaENVlada
byZoran Perisic
 
PDF
Video Based Industry Control
byJun Steed Huang
 
PDF
Manir_TECK_Presentation_1
byManir Al Faisal
 
PDF
5 Things to Know about the Railway Data Center menRDC
byMEN Mikro Elektronik GmbH
 
DOC
Ahmad_AlHadi_En
byAhmad Al-Hadi
 
DOC
Dilip Kumar M_CV
byDilipkumar M.
 
PDF
Hany Abdel Hamed Abo Oaf
byhany_oaf
 
PDF
Flex Stack Rapid Prototyping System
byfrankp617
 
Automotive engineering design - Model Based Design
byVinayagam Mariappan
 
OBD2 Software Development and Testing for an ECU Application
byEmbitel Technologies - A VOLKSWAGEN GROUP COMPANY
 
Automotive Diagnostics Communication Protocols AnalysisKWP2000, CAN, and UDS
byIOSR Journals
 
ECS
byAhmed Mohamed
 
Industrial Ethernet Facts - The 5 major technologies
byStephane Potier
 
MIPI DevCon 2021: MIPI I3C interface for the ETSI Smart Secure Platform
byMIPI Alliance
 
Understanding User Needs for Electrical and Lighting Management Systems (ELMS...
byJim Frazer
 
Presentatie Festo
byswitchingonthefuture
 
Resume_neeraj
byneeraj kumar
 
Robot Tele-operation System Based on GPRS
byarunjps
 
Opis softera i ModulaENVlada
byZoran Perisic
 
Video Based Industry Control
byJun Steed Huang
 
Manir_TECK_Presentation_1
byManir Al Faisal
 
5 Things to Know about the Railway Data Center menRDC
byMEN Mikro Elektronik GmbH
 
Ahmad_AlHadi_En
byAhmad Al-Hadi
 
Dilip Kumar M_CV
byDilipkumar M.
 
Hany Abdel Hamed Abo Oaf
byhany_oaf
 
Flex Stack Rapid Prototyping System
byfrankp617
 

Similar to Wfcs2019

PPTX
Automotive Security (Connected Vehicle Security Issues)
byPriyanka Aash
 
PDF
Cyber securityppt
bySachin Roy
 
PDF
Verification of IVI Over-The-Air using UML/OCL
bySeungjoo Kim
 
PDF
Embedded Systems in Automotive
byمحمدعبد الحى
 
PDF
Connected Car Security
bySuresh Mandava
 
PPT
Automotive electronics Systems by Ravikumar Chilmula
byRavikumar Chilmula
 
PPTX
Will future vehicles be secure?
byAlan Tatourian
 
PPTX
Connected Cars - Poster Child for the IoT Reality Check
bySecurity Innovation
 
PPT
T062500000 p003050ppte
byPhani Kumar
 
DOCX
16.An Intelligent Data-Driven Model to Secure Intravehicle Communications Bas...
byspub1985
 
PPT
Connected vehicles
byChristie Dudley
 
PDF
Connected Cars: What Could Possibly Go Wrong
byOnBoard Security, Inc. - a Qualcomm Company
 
DOCX
thesis paper
byBhanuprakash K
 
PDF
Current state of automotive network security
byFFRI, Inc.
 
PDF
Trend of Next-Gen In-Vehicle Network Standard and Current State of Security(F...
byFFRI, Inc.
 
PDF
Connected vehicles: An Overview on Security, Vulnerabilities and Remedies
byMadhur Gupta
 
PDF
An OSGi based HMI for networked vehicles - Miguel García Longarón, TID
bymfrancis
 
PPTX
2014 MATC Spring Lecture Series: Chris Schwarz
byMid-America Transportation Center
 
PDF
From Driver Distraction to Driver Augmentation: Open Source in Cars
byAlison Chaiken
 
PDF
Why Cars Need Free Software
byAlison Chaiken
 
Automotive Security (Connected Vehicle Security Issues)
byPriyanka Aash
 
Cyber securityppt
bySachin Roy
 
Verification of IVI Over-The-Air using UML/OCL
bySeungjoo Kim
 
Embedded Systems in Automotive
byمحمدعبد الحى
 
Connected Car Security
bySuresh Mandava
 
Automotive electronics Systems by Ravikumar Chilmula
byRavikumar Chilmula
 
Will future vehicles be secure?
byAlan Tatourian
 
Connected Cars - Poster Child for the IoT Reality Check
bySecurity Innovation
 
T062500000 p003050ppte
byPhani Kumar
 
16.An Intelligent Data-Driven Model to Secure Intravehicle Communications Bas...
byspub1985
 
Connected vehicles
byChristie Dudley
 
Connected Cars: What Could Possibly Go Wrong
byOnBoard Security, Inc. - a Qualcomm Company
 
thesis paper
byBhanuprakash K
 
Current state of automotive network security
byFFRI, Inc.
 
Trend of Next-Gen In-Vehicle Network Standard and Current State of Security(F...
byFFRI, Inc.
 
Connected vehicles: An Overview on Security, Vulnerabilities and Remedies
byMadhur Gupta
 
An OSGi based HMI for networked vehicles - Miguel García Longarón, TID
bymfrancis
 
2014 MATC Spring Lecture Series: Chris Schwarz
byMid-America Transportation Center
 
From Driver Distraction to Driver Augmentation: Open Source in Cars
byAlison Chaiken
 
Why Cars Need Free Software
byAlison Chaiken
 

Recently uploaded

PPTX
Washing-Machine-Simulation-using-PICSimLab.pptx
byhelppolytechnic24
 
PDF
222109_MD_MILTON_HOSSAIN_26TH_BATCH_REGULAR_PMIT V5.pdf
byMILTONKHAN5
 
PPTX
Ship Repair and fault diagnosis and restoration of system back to normal .pptx
byIntuition1
 
PPTX
Intrusion Detection Systems presentation.pptx
bykamalakantas
 
PPTX
introduction-to-maintenance- Dr. Munthear Alqaderi
byDr. Munthear Alqaderi
 
PDF
Stern-Gerlach-Experiment from quantum mechanics
byjhapratik970
 
PPTX
CEC369 IoT P CEC369 IoT P CEC369 IoT PCEC369 IoT PCEC369 IoT P
byKesavRaj8
 
PDF
Welcome to ISPR 2026 - 12th International Conference on Image and Signal Pro...
byieijjournal
 
PDF
Event #3_ Build a Gemini Bot, Together with GitHub_private.pdf
by3526ming
 
PDF
Why Buildings Crumble Before Their Time And How We Can Build a Legacy
byinfoplanetcon
 
PPTX
waste to energy deck v.3.pptx changing garbage to electricity
byGegaGrandeza1
 
PDF
Soil Permeability and Seepage-Irrigation Structures
byMedoAbdelrahman
 
PPTX
Mc25104 - data structures and algorithms using PYTHON OOP_Python_Lecture_Note...
byjanaki raman
 
PPTX
Supercapacitor.pptx...............................
byTarikBouchala
 
PPT
399-Cathodic-Protection-Presentation.ppt
byMekine
 
PDF
Advancements in Telecommunication for Disaster Management (www.kiu.ac.ug)
bypublication11
 
PDF
k-means algorithm with numerical solution.pdf
bydeepalishinkar1
 
PPTX
Lead-acid battery.pptx.........................
byTarikBouchala
 
PPT
lec13.ppt FOR COMPOSITES AND POLYMERS MATERIAL SCIENCE
byKevinkahrlPipino
 
PDF
Grade 11 Quarter 3 Gravitational Potentional Energy
bybuannnbeatrice
 
Washing-Machine-Simulation-using-PICSimLab.pptx
byhelppolytechnic24
 
222109_MD_MILTON_HOSSAIN_26TH_BATCH_REGULAR_PMIT V5.pdf
byMILTONKHAN5
 
Ship Repair and fault diagnosis and restoration of system back to normal .pptx
byIntuition1
 
Intrusion Detection Systems presentation.pptx
bykamalakantas
 
introduction-to-maintenance- Dr. Munthear Alqaderi
byDr. Munthear Alqaderi
 
Stern-Gerlach-Experiment from quantum mechanics
byjhapratik970
 
CEC369 IoT P CEC369 IoT P CEC369 IoT PCEC369 IoT PCEC369 IoT P
byKesavRaj8
 
Welcome to ISPR 2026 - 12th International Conference on Image and Signal Pro...
byieijjournal
 
Event #3_ Build a Gemini Bot, Together with GitHub_private.pdf
by3526ming
 
Why Buildings Crumble Before Their Time And How We Can Build a Legacy
byinfoplanetcon
 
waste to energy deck v.3.pptx changing garbage to electricity
byGegaGrandeza1
 
Soil Permeability and Seepage-Irrigation Structures
byMedoAbdelrahman
 
Mc25104 - data structures and algorithms using PYTHON OOP_Python_Lecture_Note...
byjanaki raman
 
Supercapacitor.pptx...............................
byTarikBouchala
 
399-Cathodic-Protection-Presentation.ppt
byMekine
 
Advancements in Telecommunication for Disaster Management (www.kiu.ac.ug)
bypublication11
 
k-means algorithm with numerical solution.pdf
bydeepalishinkar1
 
Lead-acid battery.pptx.........................
byTarikBouchala
 
lec13.ppt FOR COMPOSITES AND POLYMERS MATERIAL SCIENCE
byKevinkahrlPipino
 
Grade 11 Quarter 3 Gravitational Potentional Energy
bybuannnbeatrice
 

Wfcs2019

  • 1.
    Model-based simulation and threatanalysis of in-vehicle networks Alexios Lekidis, Ion Barosan WFCS 2019 Sundsvall, 28/05/2019
  • 2.
    Outline • Connected carsevolution • Security risks and challenges • CARSEC: In-vehicle network simulation and risk assessment environment • Case-study: Evaluation on a Toyota Prius architecture • Conclusions and perspectives
  • 3.
    Car historical evolution 18862000 2020 R&D area: 1966-1995 Embedded area: 1995- 2002 Infotainment area: 2007- 2012
  • 4.
    1886 2005 2020 Embedded area:1995- 2002 V2X area: 2012- ongoing Infotainment area: 2007- 2012 Car historical evolution
  • 5.
    1886 2005 2020 Embedded area:1995- 2002 V2X area: 2012- ongoing Infotainment area: 2007- 2012 New mobility area: 2020- onwards Car historical evolution
  • 6.
    In-vehicle software complexity Complexityand V2X connectivity increase threat/hazard surface
  • 7.
    Tackling complexity throughdata visibility • OBD-II added for troubleshooting and diagnostics (i.e. observing vehicle characteristics as engine, temperature) • OBD-II standard mandatory for all vehicles - 01 0C - 7E8 04 41 0C 10 C5 - 7EA 04 41 0C 10 80 RPM value length Request RPM OBD-II
  • 8.
    In-vehicle network architecture:V2X area central gateway Instrument cluster Climate control Door locking Head Unit Audio Video Navigation Telephone Steering control Air Bag control Breaking system Engine control Transmission control Power train sensors MOST protocolCAN LINCAN/FlexRay OBUTCUHead Unit OBD-II • Head Unit: Vehicle entertainment system • On-board Unit (OBU): Enabling V2X communication • Telematics Control Unit (TCU): Vehicle tracking • Gateway: Central vehicle data access • On Board Diagnostics (OBD): Status diagnostics
  • 9.
    In-vehicle network architecture:V2X area central gateway Instrument cluster Climate control Door locking Head Unit Audio Video Navigation Telephone Steering control Air Bag control Breaking system Engine control Transmission control Power train sensors MOST protocolCAN LINCAN/FlexRay OBUTCUHead Unit OBD-II Critical systems • Head Unit: Vehicle entertainment system • On-board Unit (OBU): Enabling V2X communication • Telematics Control Unit (TCU): Vehicle tracking • Gateway: Central vehicle data access • On Board Diagnostics (OBD): Status diagnostics
  • 10.
    Outline • Connected carsevolution • Security risks and challenges • CARSEC: In-vehicle network simulation and risk assessment environment • Case-study: Evaluation on a Toyota Prius architecture • Conclusions and perspectives
  • 11.
    Connected car securityrisks • Vital risks to vehicle passengers • Various incidents over the last years Crysler’s Jeep Cherokee CIA’s Vault 7 Bosch Drivelog dongle
  • 12.
  • 13.
    Attack scenario OBDII Central Gateway Head Unit Brake Control Unit Telematics Control Unit •Sniff the telematics system IP address • Random generator of Bluetooth PIN / WiFi WPA password
  • 14.
    Central Gateway Brake Control Unit Head Unit Telematics Control Unit • Move tosafety Bus from telematics system Attack scenario OBDII
  • 15.
    OBDII Central Gateway Brake Control Unit Head Unit Telematics Control Unit • Disengage brakes orkill engine Attack scenario Challenges: • Accessing the attack impact • Detecting the anomaly in the embedded system
  • 16.
    Outline • Connected carsevolution • Security risks and challenges • CARSEC: In-vehicle network simulation and risk assessment environment • Case-study: Evaluation on a Toyota Prius architecture • Conclusions and perspectives
  • 17.
  • 18.
    Behavior learning • Networkfingerprinting – Network communication baseline for driving or parking mode – Captures cyclic messages between ECUs periodic • Manual scenario execution – Captures asynchronous actions inside the vehicle (e.g. driver switching on/off the engine) – Extends the communication baseline with dynamic messages Outcome: 1) Data flow patterns 2) Correlation between certain messages
  • 19.
  • 20.
    Data model (inDBC) Data model filling
  • 21.
    OMNET++ simulation environment •Open-source discrete event simulation framework • Progressive system construction from component-based modules • Network Editor (NED): Module editing • Initial configuration file (INI): Network data exchange definitions • In-vehicle protocol simulation through FiCo4OMNeT library – CAN, FlexRay support
  • 22.
    OMNET++: CAN node(NED) • Data transmitter (sourceApp): CAN frame transmission • Output buffer (bufferOut): Temporal frame storage and scheduling for Bus transmission Input buffer (bufferIn): Temporal frame storage and forwarding to the data receiver • Data receiver (sinkApp): CAN frame reception and physical vehicle actions • Hardware clock (canClock): Node clock for frame scheduling • Data logger (pcapRecorder): Traffic logging
  • 23.
    OMNET++: CAN node(INI) • idDataFrames: Message identifiers of the node • periodicityDataFrames: Message periodicity • dataLengthDataFrames: Data length • payloadDataFrames: Message payload • initialDataFrameOffset: CAN message scheduling offset Challenges: 1) Configuration changes require manual simulation restart 2) User actions cannot be modeled (e.g. driving mode)
  • 24.
    Dynamic vehicle behavior •Added functionality: – Dynamic changes in the model’s INI configuration while the simulation is active – Dynamic calculation of bit-stuffing based on the exchanged data • Technique: Distribution fitting on the data logged while driving • Outcome: Payload values chosen based on the probability law of the fitted distribution
  • 25.
    Model validation • Toolfor automatic validation of the simulation accuracy against the real vehicle behavior – Different operation modes (i.e. parking or driving) • Relying on network traffic (i.e. pcap, log files) • Comparison on: 1) Packet level 2) Communication flow OMNET++ simulated traffic OBDII vehicle traffic CANvalidator Verdict OK NOK
  • 26.
    Outline • Connected carsand their underlying security risks • Challenges in in-vehicle network simulation • CARSEC: In-vehicle network simulation and risk assessment environment • Case-study: Evaluation on a Toyota Prius architecture • Conclusions and perspectives
  • 27.
    Data logging fromthe Toyota Prius • Vehicle available within TU/e premises from A-Team • CANtact to OBD-II due to buffer overflow in ELM327
  • 28.
    Network and threatanalysis on a Toyota Prius Goal: Real-time analysis of operational errors or security aspects Outcome: In-vehicle impact analysis and feedback for enhancements
  • 29.
    Simulated attacks Attack classDescription Denial Of Service Network flooding with certain frame ID Frame injection Inserting known/unknown frame ID Diagnostic messages Extract diagnostic info from ECUs allowing to reprogram them Masquerade / impersonation attack ECU spoofing or frame replay Fuzzing Iterative transmission of random or partially random packets Suspension Prevent frame transmission from a specific ECU Source: Common threats based on in-vehicle security state-of-the-art Purpose: Use simulation to avoid non recoverable errors from attacks on the in- vehicle architecture
  • 30.
    Simulated attacks Attack classDescription Denial Of Service Network flooding with certain frame ID Frame injection Inserting known/unknown frame ID Diagnostic messages Extract diagnostic info from ECUs allowing to reprogram them Masquerade / impersonation attack ECU spoofing or frame replay Fuzzing Iterative transmission of random or partially random packets Suspension Prevent frame transmission from a specific ECU Three categories of attacks: 1) Not feasible 2) Feasible but no impact on vehicle functionality 3) Feasible with impact on vehicle functionality, but requiring adequate in-vehicle network knowledge
  • 31.
    Attack impact onvehicle functionality Attack start • Impact: Confusing indicator in the dashboard • Generating error frames on the Bus • Errors lead to error active/passive mode
  • 32.
    Attack impact onthe in-vehicle network - Initial increase in the amount of messages - Frequency-based detection for identifying the anomaly - For persistent attacks the Bus gradually balances the message load - Attack detection becomes very difficult
  • 33.
    Conclusion • Early-stage detectionof operational errors and security threats in the in-vehicle architecture • Impact and risk assessment for the addition of new features • Applied to a Toyota Prius vehicle within TU/e premises – State-of-the-art attacks to examine alternations of the vehicle behavior Future work • Automate the preliminary in-vehicle learning/data filling step • Use of OBD-II: 1) allows to learn only CAN and LIN network data 2) limits the network data if manufacturer firewall is used
  • 34.
    Thank you foryour attention Further info: a.lekidis@tue.nl, i.barosan@tue.nl