SlideShare a Scribd company logo

Wfcs2019

Alexios Lekidis
Alexios Lekidis

This document discusses model-based simulation and threat analysis of in-vehicle networks. It outlines the evolution of connected cars and the associated security risks. It then introduces the CARSEC environment for simulating in-vehicle networks and assessing risks. A case study applies CARSEC to evaluate security on a Toyota Prius architecture. Attacks are simulated and their impacts analyzed. The document concludes that CARSEC allows early detection of errors and threats to help enhance vehicle security. Future work includes automating the data collection process and directly using OBD-II port access.

Engineering
1 of 34
Download to read offline
Model-based simulation and threat analysis of in-vehicle networks Alexios Lekidis, Ion Barosan WFCS 2019 Sundsvall, 28/05/2019
Outline • Connected cars evolution • Security risks and challenges • CARSEC: In-vehicle network simulation and risk assessment environment • Case-study: Evaluation on a Toyota Prius architecture • Conclusions and perspectives
Car historical evolution 1886 2000 2020 R&D area: 1966-1995 Embedded area: 1995- 2002 Infotainment area: 2007- 2012
1886 2005 2020 Embedded area: 1995- 2002 V2X area: 2012- ongoing Infotainment area: 2007- 2012 Car historical evolution
1886 2005 2020 Embedded area: 1995- 2002 V2X area: 2012- ongoing Infotainment area: 2007- 2012 New mobility area: 2020- onwards Car historical evolution
In-vehicle software complexity Complexity and V2X connectivity increase threat/hazard surface
Tackling complexity through data visibility • OBD-II added for troubleshooting and diagnostics (i.e. observing vehicle characteristics as engine, temperature) • OBD-II standard mandatory for all vehicles - 01 0C - 7E8 04 41 0C 10 C5 - 7EA 04 41 0C 10 80 RPM value length Request RPM OBD-II
In-vehicle network architecture: V2X area central gateway Instrument cluster Climate control Door locking Head Unit Audio Video Navigation Telephone Steering control Air Bag control Breaking system Engine control Transmission control Power train sensors MOST protocolCAN LINCAN/FlexRay OBUTCUHead Unit OBD-II • Head Unit: Vehicle entertainment system • On-board Unit (OBU): Enabling V2X communication • Telematics Control Unit (TCU): Vehicle tracking • Gateway: Central vehicle data access • On Board Diagnostics (OBD): Status diagnostics
In-vehicle network architecture: V2X area central gateway Instrument cluster Climate control Door locking Head Unit Audio Video Navigation Telephone Steering control Air Bag control Breaking system Engine control Transmission control Power train sensors MOST protocolCAN LINCAN/FlexRay OBUTCUHead Unit OBD-II Critical systems • Head Unit: Vehicle entertainment system • On-board Unit (OBU): Enabling V2X communication • Telematics Control Unit (TCU): Vehicle tracking • Gateway: Central vehicle data access • On Board Diagnostics (OBD): Status diagnostics
Outline • Connected cars evolution • Security risks and challenges • CARSEC: In-vehicle network simulation and risk assessment environment • Case-study: Evaluation on a Toyota Prius architecture • Conclusions and perspectives
Connected car security risks • Vital risks to vehicle passengers • Various incidents over the last years Crysler’s Jeep Cherokee CIA’s Vault 7 Bosch Drivelog dongle
Vehicle attack surfaces OBDII Telematics Control Unit Central Gateway Keyless entry Tire Pressure Monitoring Sensor Head Unit Direct access Long-range access Short-range access
Attack scenario OBDII Central Gateway Head Unit Brake Control Unit Telematics Control Unit • Sniff the telematics system IP address • Random generator of Bluetooth PIN / WiFi WPA password
Central Gateway Brake Control Unit Head Unit Telematics Control Unit • Move to safety Bus from telematics system Attack scenario OBDII
OBDII Central Gateway Brake Control Unit Head Unit Telematics Control Unit • Disengage brakes or kill engine Attack scenario Challenges: • Accessing the attack impact • Detecting the anomaly in the embedded system
Outline • Connected cars evolution • Security risks and challenges • CARSEC: In-vehicle network simulation and risk assessment environment • Case-study: Evaluation on a Toyota Prius architecture • Conclusions and perspectives
Proposed method
Behavior learning • Network fingerprinting – Network communication baseline for driving or parking mode – Captures cyclic messages between ECUs periodic • Manual scenario execution – Captures asynchronous actions inside the vehicle (e.g. driver switching on/off the engine) – Extends the communication baseline with dynamic messages Outcome: 1) Data flow patterns 2) Correlation between certain messages
Data model
Data model (in DBC) Data model filling
OMNET++ simulation environment • Open-source discrete event simulation framework • Progressive system construction from component-based modules • Network Editor (NED): Module editing • Initial configuration file (INI): Network data exchange definitions • In-vehicle protocol simulation through FiCo4OMNeT library – CAN, FlexRay support
OMNET++: CAN node (NED) • Data transmitter (sourceApp): CAN frame transmission • Output buffer (bufferOut): Temporal frame storage and scheduling for Bus transmission Input buffer (bufferIn): Temporal frame storage and forwarding to the data receiver • Data receiver (sinkApp): CAN frame reception and physical vehicle actions • Hardware clock (canClock): Node clock for frame scheduling • Data logger (pcapRecorder): Traffic logging
OMNET++: CAN node (INI) • idDataFrames: Message identifiers of the node • periodicityDataFrames: Message periodicity • dataLengthDataFrames: Data length • payloadDataFrames: Message payload • initialDataFrameOffset: CAN message scheduling offset Challenges: 1) Configuration changes require manual simulation restart 2) User actions cannot be modeled (e.g. driving mode)
Dynamic vehicle behavior • Added functionality: – Dynamic changes in the model’s INI configuration while the simulation is active – Dynamic calculation of bit-stuffing based on the exchanged data • Technique: Distribution fitting on the data logged while driving • Outcome: Payload values chosen based on the probability law of the fitted distribution
Model validation • Tool for automatic validation of the simulation accuracy against the real vehicle behavior – Different operation modes (i.e. parking or driving) • Relying on network traffic (i.e. pcap, log files) • Comparison on: 1) Packet level 2) Communication flow OMNET++ simulated traffic OBDII vehicle traffic CANvalidator Verdict OK NOK
Outline • Connected cars and their underlying security risks • Challenges in in-vehicle network simulation • CARSEC: In-vehicle network simulation and risk assessment environment • Case-study: Evaluation on a Toyota Prius architecture • Conclusions and perspectives
Data logging from the Toyota Prius • Vehicle available within TU/e premises from A-Team • CANtact to OBD-II due to buffer overflow in ELM327
Network and threat analysis on a Toyota Prius Goal: Real-time analysis of operational errors or security aspects Outcome: In-vehicle impact analysis and feedback for enhancements
Simulated attacks Attack class Description Denial Of Service Network flooding with certain frame ID Frame injection Inserting known/unknown frame ID Diagnostic messages Extract diagnostic info from ECUs allowing to reprogram them Masquerade / impersonation attack ECU spoofing or frame replay Fuzzing Iterative transmission of random or partially random packets Suspension Prevent frame transmission from a specific ECU Source: Common threats based on in-vehicle security state-of-the-art Purpose: Use simulation to avoid non recoverable errors from attacks on the in- vehicle architecture
Simulated attacks Attack class Description Denial Of Service Network flooding with certain frame ID Frame injection Inserting known/unknown frame ID Diagnostic messages Extract diagnostic info from ECUs allowing to reprogram them Masquerade / impersonation attack ECU spoofing or frame replay Fuzzing Iterative transmission of random or partially random packets Suspension Prevent frame transmission from a specific ECU Three categories of attacks: 1) Not feasible 2) Feasible but no impact on vehicle functionality 3) Feasible with impact on vehicle functionality, but requiring adequate in-vehicle network knowledge
Attack impact on vehicle functionality Attack start • Impact: Confusing indicator in the dashboard • Generating error frames on the Bus • Errors lead to error active/passive mode
Attack impact on the in-vehicle network - Initial increase in the amount of messages - Frequency-based detection for identifying the anomaly - For persistent attacks the Bus gradually balances the message load - Attack detection becomes very difficult
Conclusion • Early-stage detection of operational errors and security threats in the in-vehicle architecture • Impact and risk assessment for the addition of new features • Applied to a Toyota Prius vehicle within TU/e premises – State-of-the-art attacks to examine alternations of the vehicle behavior Future work • Automate the preliminary in-vehicle learning/data filling step • Use of OBD-II: 1) allows to learn only CAN and LIN network data 2) limits the network data if manufacturer firewall is used
Thank you for your attention Further info: a.lekidis@tue.nl, i.barosan@tue.nl

Recommended

Network Security for Automotive Embedded Systems
Network Security for Automotive Embedded SystemsNetwork Security for Automotive Embedded Systems
Network Security for Automotive Embedded Systems
Tonex
 
Model Based Design of Hybrid and Electric Powertrains
Model Based Design of Hybrid and Electric PowertrainsModel Based Design of Hybrid and Electric Powertrains
Model Based Design of Hybrid and Electric Powertrains
Sandeep Sovani, Ph.D.
 
Formal Model Based Design of Control Software
Formal Model Based Design of Control SoftwareFormal Model Based Design of Control Software
Formal Model Based Design of Control Software
Vadim Alimguzhin
 
AjishP-2016
AjishP-2016AjishP-2016
AjishP-2016
Ajish Pulikkool
 
What is Diagnostic over Internet Protocol (DoIP) and How it Supports Remote V...
What is Diagnostic over Internet Protocol (DoIP) and How it Supports Remote V...What is Diagnostic over Internet Protocol (DoIP) and How it Supports Remote V...
What is Diagnostic over Internet Protocol (DoIP) and How it Supports Remote V...
Embitel Technologies (I) PVT LTD
 
Cygnotel Prueba 01
Cygnotel Prueba 01Cygnotel Prueba 01
Cygnotel Prueba 01
cygnotel
 
Model-Based Design For Motor Control Development
Model-Based Design For Motor Control DevelopmentModel-Based Design For Motor Control Development
Model-Based Design For Motor Control Development
The Hartford
 
Cyber Security and Cyber-Resilience for RPAS
Cyber Security and Cyber-Resilience for RPASCyber Security and Cyber-Resilience for RPAS
Cyber Security and Cyber-Resilience for RPAS
Giovanni Panice
 

Recommended

Network Security for Automotive Embedded Systems
Network Security for Automotive Embedded SystemsNetwork Security for Automotive Embedded Systems
Network Security for Automotive Embedded Systems
Tonex
 
Model Based Design of Hybrid and Electric Powertrains
Model Based Design of Hybrid and Electric PowertrainsModel Based Design of Hybrid and Electric Powertrains
Model Based Design of Hybrid and Electric Powertrains
Sandeep Sovani, Ph.D.
 
Formal Model Based Design of Control Software
Formal Model Based Design of Control SoftwareFormal Model Based Design of Control Software
Formal Model Based Design of Control Software
Vadim Alimguzhin
 
AjishP-2016
AjishP-2016AjishP-2016
AjishP-2016
Ajish Pulikkool
 
What is Diagnostic over Internet Protocol (DoIP) and How it Supports Remote V...
What is Diagnostic over Internet Protocol (DoIP) and How it Supports Remote V...What is Diagnostic over Internet Protocol (DoIP) and How it Supports Remote V...
What is Diagnostic over Internet Protocol (DoIP) and How it Supports Remote V...
Embitel Technologies (I) PVT LTD
 
Cygnotel Prueba 01
Cygnotel Prueba 01Cygnotel Prueba 01
Cygnotel Prueba 01
cygnotel
 
Model-Based Design For Motor Control Development
Model-Based Design For Motor Control DevelopmentModel-Based Design For Motor Control Development
Model-Based Design For Motor Control Development
The Hartford
 
Cyber Security and Cyber-Resilience for RPAS
Cyber Security and Cyber-Resilience for RPASCyber Security and Cyber-Resilience for RPAS
Cyber Security and Cyber-Resilience for RPAS
Giovanni Panice
 
Resume_neeraj
Resume_neerajResume_neeraj
Resume_neeraj
neeraj kumar
 
Video Based Industry Control
Video Based Industry ControlVideo Based Industry Control
Video Based Industry Control
Jun Steed Huang
 
Presentatie Festo
Presentatie FestoPresentatie Festo
Presentatie Festo
switchingonthefuture
 
Understanding User Needs for Electrical and Lighting Management Systems (ELMS...
Understanding User Needs for Electrical and Lighting Management Systems (ELMS...Understanding User Needs for Electrical and Lighting Management Systems (ELMS...
Understanding User Needs for Electrical and Lighting Management Systems (ELMS...
Jim Frazer
 
Hany Abdel Hamed Abo Oaf
Hany Abdel Hamed Abo OafHany Abdel Hamed Abo Oaf
Hany Abdel Hamed Abo Oaf
hany_oaf
 
Automotive Diagnostics Communication Protocols AnalysisKWP2000, CAN, and UDS
Automotive Diagnostics Communication Protocols AnalysisKWP2000, CAN, and UDSAutomotive Diagnostics Communication Protocols AnalysisKWP2000, CAN, and UDS
Automotive Diagnostics Communication Protocols AnalysisKWP2000, CAN, and UDS
IOSR Journals
 
ECS
ECSECS
ECS
Ahmed Mohamed
 
OBD2 Software Development and Testing for an ECU Application
OBD2 Software Development and Testing for an ECU ApplicationOBD2 Software Development and Testing for an ECU Application
OBD2 Software Development and Testing for an ECU Application
Embitel Technologies (I) PVT LTD
 
MIPI DevCon 2021: MIPI I3C interface for the ETSI Smart Secure Platform
MIPI DevCon 2021: MIPI I3C interface for the ETSI Smart Secure PlatformMIPI DevCon 2021: MIPI I3C interface for the ETSI Smart Secure Platform
MIPI DevCon 2021: MIPI I3C interface for the ETSI Smart Secure Platform
MIPI Alliance
 
Robot Tele-operation System Based on GPRS
Robot Tele-operation System Based on GPRSRobot Tele-operation System Based on GPRS
Robot Tele-operation System Based on GPRS
arunjps
 
Manir_TECK_Presentation_1
Manir_TECK_Presentation_1Manir_TECK_Presentation_1
Manir_TECK_Presentation_1
Manir Al Faisal
 
Opis softera i ModulaENVlada
Opis softera i ModulaENVladaOpis softera i ModulaENVlada
Opis softera i ModulaENVlada
Zoran Perisic
 
Automotive engineering design - Model Based Design
Automotive engineering design - Model Based DesignAutomotive engineering design - Model Based Design
Automotive engineering design - Model Based Design
Vinayagam Mariappan
 
Ahmad_AlHadi_En
Ahmad_AlHadi_EnAhmad_AlHadi_En
Ahmad_AlHadi_En
Ahmad Al-Hadi
 
Flex Stack Rapid Prototyping System
Flex Stack Rapid Prototyping SystemFlex Stack Rapid Prototyping System
Flex Stack Rapid Prototyping System
frankp617
 
Dilip Kumar M_CV
Dilip Kumar M_CVDilip Kumar M_CV
Dilip Kumar M_CV
Dilipkumar M.
 
Industrial Ethernet Facts - The 5 major technologies
Industrial Ethernet Facts - The 5 major technologiesIndustrial Ethernet Facts - The 5 major technologies
Industrial Ethernet Facts - The 5 major technologies
Stephane Potier
 
5 Things to Know about the Railway Data Center menRDC
5 Things to Know about the Railway Data Center menRDC5 Things to Know about the Railway Data Center menRDC
5 Things to Know about the Railway Data Center menRDC
MEN Mikro Elektronik GmbH
 
Architecture & data acquisition by embedded systems in automobiles seminar ppt
Architecture & data acquisition by embedded systems in automobiles seminar pptArchitecture & data acquisition by embedded systems in automobiles seminar ppt
Architecture & data acquisition by embedded systems in automobiles seminar ppt
Ankit Kaul
 
What is Telematics & How Does It Work?
What is Telematics & How Does It Work?What is Telematics & How Does It Work?
What is Telematics & How Does It Work?
Embitel Technologies (I) PVT LTD
 
In Automotive Environments - HU Michel
In Automotive Environments - HU MichelIn Automotive Environments - HU Michel
In Automotive Environments - HU Michel
mfrancis
 
thesis paper
thesis paperthesis paper
thesis paper
Bhanuprakash K
 

More Related Content

What's hot

Resume_neeraj
Resume_neerajResume_neeraj
Resume_neeraj
neeraj kumar
 
Video Based Industry Control
Video Based Industry ControlVideo Based Industry Control
Video Based Industry Control
Jun Steed Huang
 
Presentatie Festo
Presentatie FestoPresentatie Festo
Presentatie Festo
switchingonthefuture
 
Understanding User Needs for Electrical and Lighting Management Systems (ELMS...
Understanding User Needs for Electrical and Lighting Management Systems (ELMS...Understanding User Needs for Electrical and Lighting Management Systems (ELMS...
Understanding User Needs for Electrical and Lighting Management Systems (ELMS...
Jim Frazer
 
Hany Abdel Hamed Abo Oaf
Hany Abdel Hamed Abo OafHany Abdel Hamed Abo Oaf
Hany Abdel Hamed Abo Oaf
hany_oaf
 
Automotive Diagnostics Communication Protocols AnalysisKWP2000, CAN, and UDS
Automotive Diagnostics Communication Protocols AnalysisKWP2000, CAN, and UDSAutomotive Diagnostics Communication Protocols AnalysisKWP2000, CAN, and UDS
Automotive Diagnostics Communication Protocols AnalysisKWP2000, CAN, and UDS
IOSR Journals
 
ECS
ECSECS
ECS
Ahmed Mohamed
 
OBD2 Software Development and Testing for an ECU Application
OBD2 Software Development and Testing for an ECU ApplicationOBD2 Software Development and Testing for an ECU Application
OBD2 Software Development and Testing for an ECU Application
Embitel Technologies (I) PVT LTD
 
MIPI DevCon 2021: MIPI I3C interface for the ETSI Smart Secure Platform
MIPI DevCon 2021: MIPI I3C interface for the ETSI Smart Secure PlatformMIPI DevCon 2021: MIPI I3C interface for the ETSI Smart Secure Platform
MIPI DevCon 2021: MIPI I3C interface for the ETSI Smart Secure Platform
MIPI Alliance
 
Robot Tele-operation System Based on GPRS
Robot Tele-operation System Based on GPRSRobot Tele-operation System Based on GPRS
Robot Tele-operation System Based on GPRS
arunjps
 
Manir_TECK_Presentation_1
Manir_TECK_Presentation_1Manir_TECK_Presentation_1
Manir_TECK_Presentation_1
Manir Al Faisal
 
Opis softera i ModulaENVlada
Opis softera i ModulaENVladaOpis softera i ModulaENVlada
Opis softera i ModulaENVlada
Zoran Perisic
 
Automotive engineering design - Model Based Design
Automotive engineering design - Model Based DesignAutomotive engineering design - Model Based Design
Automotive engineering design - Model Based Design
Vinayagam Mariappan
 
Ahmad_AlHadi_En
Ahmad_AlHadi_EnAhmad_AlHadi_En
Ahmad_AlHadi_En
Ahmad Al-Hadi
 
Flex Stack Rapid Prototyping System
Flex Stack Rapid Prototyping SystemFlex Stack Rapid Prototyping System
Flex Stack Rapid Prototyping System
frankp617
 
Dilip Kumar M_CV
Dilip Kumar M_CVDilip Kumar M_CV
Dilip Kumar M_CV
Dilipkumar M.
 
Industrial Ethernet Facts - The 5 major technologies
Industrial Ethernet Facts - The 5 major technologiesIndustrial Ethernet Facts - The 5 major technologies
Industrial Ethernet Facts - The 5 major technologies
Stephane Potier
 
5 Things to Know about the Railway Data Center menRDC
5 Things to Know about the Railway Data Center menRDC5 Things to Know about the Railway Data Center menRDC
5 Things to Know about the Railway Data Center menRDC
MEN Mikro Elektronik GmbH
 

What's hot (18)

Resume_neeraj
Resume_neerajResume_neeraj
Resume_neeraj
 
Video Based Industry Control
Video Based Industry ControlVideo Based Industry Control
Video Based Industry Control
 
Presentatie Festo
Presentatie FestoPresentatie Festo
Presentatie Festo
 
Understanding User Needs for Electrical and Lighting Management Systems (ELMS...
Understanding User Needs for Electrical and Lighting Management Systems (ELMS...Understanding User Needs for Electrical and Lighting Management Systems (ELMS...
Understanding User Needs for Electrical and Lighting Management Systems (ELMS...
 
Hany Abdel Hamed Abo Oaf
Hany Abdel Hamed Abo OafHany Abdel Hamed Abo Oaf
Hany Abdel Hamed Abo Oaf
 
Automotive Diagnostics Communication Protocols AnalysisKWP2000, CAN, and UDS
Automotive Diagnostics Communication Protocols AnalysisKWP2000, CAN, and UDSAutomotive Diagnostics Communication Protocols AnalysisKWP2000, CAN, and UDS
Automotive Diagnostics Communication Protocols AnalysisKWP2000, CAN, and UDS
 
ECS
ECSECS
ECS
 
OBD2 Software Development and Testing for an ECU Application
OBD2 Software Development and Testing for an ECU ApplicationOBD2 Software Development and Testing for an ECU Application
OBD2 Software Development and Testing for an ECU Application
 
MIPI DevCon 2021: MIPI I3C interface for the ETSI Smart Secure Platform
MIPI DevCon 2021: MIPI I3C interface for the ETSI Smart Secure PlatformMIPI DevCon 2021: MIPI I3C interface for the ETSI Smart Secure Platform
MIPI DevCon 2021: MIPI I3C interface for the ETSI Smart Secure Platform
 
Robot Tele-operation System Based on GPRS
Robot Tele-operation System Based on GPRSRobot Tele-operation System Based on GPRS
Robot Tele-operation System Based on GPRS
 
Manir_TECK_Presentation_1
Manir_TECK_Presentation_1Manir_TECK_Presentation_1
Manir_TECK_Presentation_1
 
Opis softera i ModulaENVlada
Opis softera i ModulaENVladaOpis softera i ModulaENVlada
Opis softera i ModulaENVlada
 
Automotive engineering design - Model Based Design
Automotive engineering design - Model Based DesignAutomotive engineering design - Model Based Design
Automotive engineering design - Model Based Design
 
Ahmad_AlHadi_En
Ahmad_AlHadi_EnAhmad_AlHadi_En
Ahmad_AlHadi_En
 
Flex Stack Rapid Prototyping System
Flex Stack Rapid Prototyping SystemFlex Stack Rapid Prototyping System
Flex Stack Rapid Prototyping System
 
Dilip Kumar M_CV
Dilip Kumar M_CVDilip Kumar M_CV
Dilip Kumar M_CV
 
Industrial Ethernet Facts - The 5 major technologies
Industrial Ethernet Facts - The 5 major technologiesIndustrial Ethernet Facts - The 5 major technologies
Industrial Ethernet Facts - The 5 major technologies
 
5 Things to Know about the Railway Data Center menRDC
5 Things to Know about the Railway Data Center menRDC5 Things to Know about the Railway Data Center menRDC
5 Things to Know about the Railway Data Center menRDC
 

Similar to Wfcs2019

Architecture & data acquisition by embedded systems in automobiles seminar ppt
Architecture & data acquisition by embedded systems in automobiles seminar pptArchitecture & data acquisition by embedded systems in automobiles seminar ppt
Architecture & data acquisition by embedded systems in automobiles seminar ppt
Ankit Kaul
 
What is Telematics & How Does It Work?
What is Telematics & How Does It Work?What is Telematics & How Does It Work?
What is Telematics & How Does It Work?
Embitel Technologies (I) PVT LTD
 
In Automotive Environments - HU Michel
In Automotive Environments - HU MichelIn Automotive Environments - HU Michel
In Automotive Environments - HU Michel
mfrancis
 
thesis paper
thesis paperthesis paper
thesis paper
Bhanuprakash K
 
ROLE OF DIGITAL SIMULATION IN CONFIGURING NETWORK PARAMETERS
ROLE OF DIGITAL SIMULATION IN CONFIGURING NETWORK PARAMETERSROLE OF DIGITAL SIMULATION IN CONFIGURING NETWORK PARAMETERS
ROLE OF DIGITAL SIMULATION IN CONFIGURING NETWORK PARAMETERS
Deepak Shankar
 
SAHITHI - VANET ppt.pptx
SAHITHI - VANET ppt.pptxSAHITHI - VANET ppt.pptx
SAHITHI - VANET ppt.pptx
Sahithikairamkonda
 
SAHITHI - VANET ppt.pptx
SAHITHI - VANET ppt.pptxSAHITHI - VANET ppt.pptx
SAHITHI - VANET ppt.pptx
Sahithikairamkonda
 
Identifying parameters for Code Offloading as a practical solution to optimiz...
Identifying parameters for Code Offloading as a practical solution to optimiz...Identifying parameters for Code Offloading as a practical solution to optimiz...
Identifying parameters for Code Offloading as a practical solution to optimiz...
Anindya Duti Dhar
 
Software defined vehicles,automotive standards (safety, security), agile cont...
Software defined vehicles,automotive standards (safety, security), agile cont...Software defined vehicles,automotive standards (safety, security), agile cont...
Software defined vehicles,automotive standards (safety, security), agile cont...
Dr. Anish Cheriyan (PhD)
 
Inter vehicle communication
Inter vehicle communicationInter vehicle communication
Inter vehicle communication
R prasad
 
Vehicular ad hoc network - VANET
Vehicular ad hoc network - VANETVehicular ad hoc network - VANET
Vehicular ad hoc network - VANET
Sarah Baras
 
Current state of automotive network security
Current state of automotive network securityCurrent state of automotive network security
Current state of automotive network security
FFRI, Inc.
 
Embedded Systems in Automotive
Embedded Systems in Automotive Embedded Systems in Automotive
Embedded Systems in Automotive
محمدعبد الحى
 
Fast and Scalable Authentication for Vehicular Internet of Things
Fast and Scalable Authentication for Vehicular Internet of ThingsFast and Scalable Authentication for Vehicular Internet of Things
Fast and Scalable Authentication for Vehicular Internet of Things
Ioannis Papapanagiotou
 
Connecting vehicles, highways and telecommunications
Connecting vehicles, highways and telecommunicationsConnecting vehicles, highways and telecommunications
Connecting vehicles, highways and telecommunications
innovITS
 
Iaetsd zigbee for vehicular communication systems
Iaetsd zigbee for vehicular communication systemsIaetsd zigbee for vehicular communication systems
Iaetsd zigbee for vehicular communication systems
Iaetsd Iaetsd
 
Passenger Counting / People Counting Applications and Devices
Passenger Counting / People Counting Applications and DevicesPassenger Counting / People Counting Applications and Devices
Passenger Counting / People Counting Applications and Devices
Eurotech
 
Is cybersecurity protection of commercial vehicles harder?
Is cybersecurity protection of commercial vehicles harder?Is cybersecurity protection of commercial vehicles harder?
Is cybersecurity protection of commercial vehicles harder?
Gilad Bandel
 
Future Intelligent Mobility with Adaptive AUTOSAR - Transforming Vehicle E/E A
Future Intelligent Mobility with Adaptive AUTOSAR - Transforming Vehicle E/E AFuture Intelligent Mobility with Adaptive AUTOSAR - Transforming Vehicle E/E A
Future Intelligent Mobility with Adaptive AUTOSAR - Transforming Vehicle E/E A
GlobalLogic Croatia
 
Vehicle Diagnostics and Communication.pdf
Vehicle Diagnostics and Communication.pdfVehicle Diagnostics and Communication.pdf
Vehicle Diagnostics and Communication.pdf
DorleControls
 

Similar to Wfcs2019 (20)

Architecture & data acquisition by embedded systems in automobiles seminar ppt
Architecture & data acquisition by embedded systems in automobiles seminar pptArchitecture & data acquisition by embedded systems in automobiles seminar ppt
Architecture & data acquisition by embedded systems in automobiles seminar ppt
 
What is Telematics & How Does It Work?
What is Telematics & How Does It Work?What is Telematics & How Does It Work?
What is Telematics & How Does It Work?
 
In Automotive Environments - HU Michel
In Automotive Environments - HU MichelIn Automotive Environments - HU Michel
In Automotive Environments - HU Michel
 
thesis paper
thesis paperthesis paper
thesis paper
 
ROLE OF DIGITAL SIMULATION IN CONFIGURING NETWORK PARAMETERS
ROLE OF DIGITAL SIMULATION IN CONFIGURING NETWORK PARAMETERSROLE OF DIGITAL SIMULATION IN CONFIGURING NETWORK PARAMETERS
ROLE OF DIGITAL SIMULATION IN CONFIGURING NETWORK PARAMETERS
 
SAHITHI - VANET ppt.pptx
SAHITHI - VANET ppt.pptxSAHITHI - VANET ppt.pptx
SAHITHI - VANET ppt.pptx
 
SAHITHI - VANET ppt.pptx
SAHITHI - VANET ppt.pptxSAHITHI - VANET ppt.pptx
SAHITHI - VANET ppt.pptx
 
Identifying parameters for Code Offloading as a practical solution to optimiz...
Identifying parameters for Code Offloading as a practical solution to optimiz...Identifying parameters for Code Offloading as a practical solution to optimiz...
Identifying parameters for Code Offloading as a practical solution to optimiz...
 
Software defined vehicles,automotive standards (safety, security), agile cont...
Software defined vehicles,automotive standards (safety, security), agile cont...Software defined vehicles,automotive standards (safety, security), agile cont...
Software defined vehicles,automotive standards (safety, security), agile cont...
 
Inter vehicle communication
Inter vehicle communicationInter vehicle communication
Inter vehicle communication
 
Vehicular ad hoc network - VANET
Vehicular ad hoc network - VANETVehicular ad hoc network - VANET
Vehicular ad hoc network - VANET
 
Current state of automotive network security
Current state of automotive network securityCurrent state of automotive network security
Current state of automotive network security
 
Embedded Systems in Automotive
Embedded Systems in Automotive Embedded Systems in Automotive
Embedded Systems in Automotive
 
Fast and Scalable Authentication for Vehicular Internet of Things
Fast and Scalable Authentication for Vehicular Internet of ThingsFast and Scalable Authentication for Vehicular Internet of Things
Fast and Scalable Authentication for Vehicular Internet of Things
 
Connecting vehicles, highways and telecommunications
Connecting vehicles, highways and telecommunicationsConnecting vehicles, highways and telecommunications
Connecting vehicles, highways and telecommunications
 
Iaetsd zigbee for vehicular communication systems
Iaetsd zigbee for vehicular communication systemsIaetsd zigbee for vehicular communication systems
Iaetsd zigbee for vehicular communication systems
 
Passenger Counting / People Counting Applications and Devices
Passenger Counting / People Counting Applications and DevicesPassenger Counting / People Counting Applications and Devices
Passenger Counting / People Counting Applications and Devices
 
Is cybersecurity protection of commercial vehicles harder?
Is cybersecurity protection of commercial vehicles harder?Is cybersecurity protection of commercial vehicles harder?
Is cybersecurity protection of commercial vehicles harder?
 
Future Intelligent Mobility with Adaptive AUTOSAR - Transforming Vehicle E/E A
Future Intelligent Mobility with Adaptive AUTOSAR - Transforming Vehicle E/E AFuture Intelligent Mobility with Adaptive AUTOSAR - Transforming Vehicle E/E A
Future Intelligent Mobility with Adaptive AUTOSAR - Transforming Vehicle E/E A
 
Vehicle Diagnostics and Communication.pdf
Vehicle Diagnostics and Communication.pdfVehicle Diagnostics and Communication.pdf
Vehicle Diagnostics and Communication.pdf
 

Recently uploaded

Rainfall intensity duration frequency curve statistical analysis and modeling...
Rainfall intensity duration frequency curve statistical analysis and modeling...Rainfall intensity duration frequency curve statistical analysis and modeling...
Rainfall intensity duration frequency curve statistical analysis and modeling...
bijceesjournal
 
Certificates - Mahmoud Mohamed Moursi Ahmed
Certificates - Mahmoud Mohamed Moursi AhmedCertificates - Mahmoud Mohamed Moursi Ahmed
Certificates - Mahmoud Mohamed Moursi Ahmed
Mahmoud Morsy
 
Welding Metallurgy Ferrous Materials.pdf
Welding Metallurgy Ferrous Materials.pdfWelding Metallurgy Ferrous Materials.pdf
Welding Metallurgy Ferrous Materials.pdf
AjmalKhan50578
 
学校原版美国波士顿大学毕业证学历学位证书原版一模一样
学校原版美国波士顿大学毕业证学历学位证书原版一模一样学校原版美国波士顿大学毕业证学历学位证书原版一模一样
学校原版美国波士顿大学毕业证学历学位证书原版一模一样
171ticu
 
Null Bangalore | Pentesters Approach to AWS IAM
Null Bangalore | Pentesters Approach to AWS IAMNull Bangalore | Pentesters Approach to AWS IAM
Null Bangalore | Pentesters Approach to AWS IAM
Divyanshu
 
Data Control Language.pptx Data Control Language.pptx
Data Control Language.pptx Data Control Language.pptxData Control Language.pptx Data Control Language.pptx
Data Control Language.pptx Data Control Language.pptx
ramrag33
 
4. Mosca vol I -Fisica-Tipler-5ta-Edicion-Vol-1.pdf
4. Mosca vol I -Fisica-Tipler-5ta-Edicion-Vol-1.pdf4. Mosca vol I -Fisica-Tipler-5ta-Edicion-Vol-1.pdf
4. Mosca vol I -Fisica-Tipler-5ta-Edicion-Vol-1.pdf
Gino153088
 
cnn.pptx Convolutional neural network used for image classication
cnn.pptx Convolutional neural network used for image classicationcnn.pptx Convolutional neural network used for image classication
cnn.pptx Convolutional neural network used for image classication
SakkaravarthiShanmug
 
spirit beverages ppt without graphics.pptx
spirit beverages ppt without graphics.pptxspirit beverages ppt without graphics.pptx
spirit beverages ppt without graphics.pptx
Madan Karki
 
People as resource Grade IX.pdf minimala
People as resource Grade IX.pdf minimalaPeople as resource Grade IX.pdf minimala
People as resource Grade IX.pdf minimala
riddhimaagrawal986
 
An Introduction to the Compiler Designss
An Introduction to the Compiler DesignssAn Introduction to the Compiler Designss
An Introduction to the Compiler Designss
ElakkiaU
 
Curve Fitting in Numerical Methods Regression
Curve Fitting in Numerical Methods RegressionCurve Fitting in Numerical Methods Regression
Curve Fitting in Numerical Methods Regression
Nada Hikmah
 
Redefining brain tumor segmentation: a cutting-edge convolutional neural netw...
Redefining brain tumor segmentation: a cutting-edge convolutional neural netw...Redefining brain tumor segmentation: a cutting-edge convolutional neural netw...
Redefining brain tumor segmentation: a cutting-edge convolutional neural netw...
IJECEIAES
 
哪里办理(csu毕业证书)查尔斯特大学毕业证硕士学历原版一模一样
哪里办理(csu毕业证书)查尔斯特大学毕业证硕士学历原版一模一样哪里办理(csu毕业证书)查尔斯特大学毕业证硕士学历原版一模一样
哪里办理(csu毕业证书)查尔斯特大学毕业证硕士学历原版一模一样
insn4465
 
原版制作(Humboldt毕业证书)柏林大学毕业证学位证一模一样
原版制作(Humboldt毕业证书)柏林大学毕业证学位证一模一样原版制作(Humboldt毕业证书)柏林大学毕业证学位证一模一样
原版制作(Humboldt毕业证书)柏林大学毕业证学位证一模一样
ydzowc
 
IEEE Aerospace and Electronic Systems Society as a Graduate Student Member
IEEE Aerospace and Electronic Systems Society as a Graduate Student MemberIEEE Aerospace and Electronic Systems Society as a Graduate Student Member
IEEE Aerospace and Electronic Systems Society as a Graduate Student Member
VICTOR MAESTRE RAMIREZ
 
Use PyCharm for remote debugging of WSL on a Windo cf5c162d672e4e58b4dde5d797...
Use PyCharm for remote debugging of WSL on a Windo cf5c162d672e4e58b4dde5d797...Use PyCharm for remote debugging of WSL on a Windo cf5c162d672e4e58b4dde5d797...
Use PyCharm for remote debugging of WSL on a Windo cf5c162d672e4e58b4dde5d797...
shadow0702a
 
Applications of artificial Intelligence in Mechanical Engineering.pdf
Applications of artificial Intelligence in Mechanical Engineering.pdfApplications of artificial Intelligence in Mechanical Engineering.pdf
Applications of artificial Intelligence in Mechanical Engineering.pdf
Atif Razi
 
Advanced control scheme of doubly fed induction generator for wind turbine us...
Advanced control scheme of doubly fed induction generator for wind turbine us...Advanced control scheme of doubly fed induction generator for wind turbine us...
Advanced control scheme of doubly fed induction generator for wind turbine us...
IJECEIAES
 
BRAIN TUMOR DETECTION for seminar ppt.pdf
BRAIN TUMOR DETECTION for seminar ppt.pdfBRAIN TUMOR DETECTION for seminar ppt.pdf
BRAIN TUMOR DETECTION for seminar ppt.pdf
LAXMAREDDY22
 

Recently uploaded (20)

Rainfall intensity duration frequency curve statistical analysis and modeling...
Rainfall intensity duration frequency curve statistical analysis and modeling...Rainfall intensity duration frequency curve statistical analysis and modeling...
Rainfall intensity duration frequency curve statistical analysis and modeling...
 
Certificates - Mahmoud Mohamed Moursi Ahmed
Certificates - Mahmoud Mohamed Moursi AhmedCertificates - Mahmoud Mohamed Moursi Ahmed
Certificates - Mahmoud Mohamed Moursi Ahmed
 
Welding Metallurgy Ferrous Materials.pdf
Welding Metallurgy Ferrous Materials.pdfWelding Metallurgy Ferrous Materials.pdf
Welding Metallurgy Ferrous Materials.pdf
 
学校原版美国波士顿大学毕业证学历学位证书原版一模一样
学校原版美国波士顿大学毕业证学历学位证书原版一模一样学校原版美国波士顿大学毕业证学历学位证书原版一模一样
学校原版美国波士顿大学毕业证学历学位证书原版一模一样
 
Null Bangalore | Pentesters Approach to AWS IAM
Null Bangalore | Pentesters Approach to AWS IAMNull Bangalore | Pentesters Approach to AWS IAM
Null Bangalore | Pentesters Approach to AWS IAM
 
Data Control Language.pptx Data Control Language.pptx
Data Control Language.pptx Data Control Language.pptxData Control Language.pptx Data Control Language.pptx
Data Control Language.pptx Data Control Language.pptx
 
4. Mosca vol I -Fisica-Tipler-5ta-Edicion-Vol-1.pdf
4. Mosca vol I -Fisica-Tipler-5ta-Edicion-Vol-1.pdf4. Mosca vol I -Fisica-Tipler-5ta-Edicion-Vol-1.pdf
4. Mosca vol I -Fisica-Tipler-5ta-Edicion-Vol-1.pdf
 
cnn.pptx Convolutional neural network used for image classication
cnn.pptx Convolutional neural network used for image classicationcnn.pptx Convolutional neural network used for image classication
cnn.pptx Convolutional neural network used for image classication
 
spirit beverages ppt without graphics.pptx
spirit beverages ppt without graphics.pptxspirit beverages ppt without graphics.pptx
spirit beverages ppt without graphics.pptx
 
People as resource Grade IX.pdf minimala
People as resource Grade IX.pdf minimalaPeople as resource Grade IX.pdf minimala
People as resource Grade IX.pdf minimala
 
An Introduction to the Compiler Designss
An Introduction to the Compiler DesignssAn Introduction to the Compiler Designss
An Introduction to the Compiler Designss
 
Curve Fitting in Numerical Methods Regression
Curve Fitting in Numerical Methods RegressionCurve Fitting in Numerical Methods Regression
Curve Fitting in Numerical Methods Regression
 
Redefining brain tumor segmentation: a cutting-edge convolutional neural netw...
Redefining brain tumor segmentation: a cutting-edge convolutional neural netw...Redefining brain tumor segmentation: a cutting-edge convolutional neural netw...
Redefining brain tumor segmentation: a cutting-edge convolutional neural netw...
 
哪里办理(csu毕业证书)查尔斯特大学毕业证硕士学历原版一模一样
哪里办理(csu毕业证书)查尔斯特大学毕业证硕士学历原版一模一样哪里办理(csu毕业证书)查尔斯特大学毕业证硕士学历原版一模一样
哪里办理(csu毕业证书)查尔斯特大学毕业证硕士学历原版一模一样
 
原版制作(Humboldt毕业证书)柏林大学毕业证学位证一模一样
原版制作(Humboldt毕业证书)柏林大学毕业证学位证一模一样原版制作(Humboldt毕业证书)柏林大学毕业证学位证一模一样
原版制作(Humboldt毕业证书)柏林大学毕业证学位证一模一样
 
IEEE Aerospace and Electronic Systems Society as a Graduate Student Member
IEEE Aerospace and Electronic Systems Society as a Graduate Student MemberIEEE Aerospace and Electronic Systems Society as a Graduate Student Member
IEEE Aerospace and Electronic Systems Society as a Graduate Student Member
 
Use PyCharm for remote debugging of WSL on a Windo cf5c162d672e4e58b4dde5d797...
Use PyCharm for remote debugging of WSL on a Windo cf5c162d672e4e58b4dde5d797...Use PyCharm for remote debugging of WSL on a Windo cf5c162d672e4e58b4dde5d797...
Use PyCharm for remote debugging of WSL on a Windo cf5c162d672e4e58b4dde5d797...
 
Applications of artificial Intelligence in Mechanical Engineering.pdf
Applications of artificial Intelligence in Mechanical Engineering.pdfApplications of artificial Intelligence in Mechanical Engineering.pdf
Applications of artificial Intelligence in Mechanical Engineering.pdf
 
Advanced control scheme of doubly fed induction generator for wind turbine us...
Advanced control scheme of doubly fed induction generator for wind turbine us...Advanced control scheme of doubly fed induction generator for wind turbine us...
Advanced control scheme of doubly fed induction generator for wind turbine us...
 
BRAIN TUMOR DETECTION for seminar ppt.pdf
BRAIN TUMOR DETECTION for seminar ppt.pdfBRAIN TUMOR DETECTION for seminar ppt.pdf
BRAIN TUMOR DETECTION for seminar ppt.pdf
 

Wfcs2019

  • 1. Model-based simulation and threat analysis of in-vehicle networks Alexios Lekidis, Ion Barosan WFCS 2019 Sundsvall, 28/05/2019
  • 2. Outline • Connected cars evolution • Security risks and challenges • CARSEC: In-vehicle network simulation and risk assessment environment • Case-study: Evaluation on a Toyota Prius architecture • Conclusions and perspectives
  • 3. Car historical evolution 1886 2000 2020 R&D area: 1966-1995 Embedded area: 1995- 2002 Infotainment area: 2007- 2012
  • 4. 1886 2005 2020 Embedded area: 1995- 2002 V2X area: 2012- ongoing Infotainment area: 2007- 2012 Car historical evolution
  • 5. 1886 2005 2020 Embedded area: 1995- 2002 V2X area: 2012- ongoing Infotainment area: 2007- 2012 New mobility area: 2020- onwards Car historical evolution
  • 6. In-vehicle software complexity Complexity and V2X connectivity increase threat/hazard surface
  • 7. Tackling complexity through data visibility • OBD-II added for troubleshooting and diagnostics (i.e. observing vehicle characteristics as engine, temperature) • OBD-II standard mandatory for all vehicles - 01 0C - 7E8 04 41 0C 10 C5 - 7EA 04 41 0C 10 80 RPM value length Request RPM OBD-II
  • 8. In-vehicle network architecture: V2X area central gateway Instrument cluster Climate control Door locking Head Unit Audio Video Navigation Telephone Steering control Air Bag control Breaking system Engine control Transmission control Power train sensors MOST protocolCAN LINCAN/FlexRay OBUTCUHead Unit OBD-II • Head Unit: Vehicle entertainment system • On-board Unit (OBU): Enabling V2X communication • Telematics Control Unit (TCU): Vehicle tracking • Gateway: Central vehicle data access • On Board Diagnostics (OBD): Status diagnostics
  • 9. In-vehicle network architecture: V2X area central gateway Instrument cluster Climate control Door locking Head Unit Audio Video Navigation Telephone Steering control Air Bag control Breaking system Engine control Transmission control Power train sensors MOST protocolCAN LINCAN/FlexRay OBUTCUHead Unit OBD-II Critical systems • Head Unit: Vehicle entertainment system • On-board Unit (OBU): Enabling V2X communication • Telematics Control Unit (TCU): Vehicle tracking • Gateway: Central vehicle data access • On Board Diagnostics (OBD): Status diagnostics
  • 10. Outline • Connected cars evolution • Security risks and challenges • CARSEC: In-vehicle network simulation and risk assessment environment • Case-study: Evaluation on a Toyota Prius architecture • Conclusions and perspectives
  • 11. Connected car security risks • Vital risks to vehicle passengers • Various incidents over the last years Crysler’s Jeep Cherokee CIA’s Vault 7 Bosch Drivelog dongle
  • 13. Attack scenario OBDII Central Gateway Head Unit Brake Control Unit Telematics Control Unit • Sniff the telematics system IP address • Random generator of Bluetooth PIN / WiFi WPA password
  • 14. Central Gateway Brake Control Unit Head Unit Telematics Control Unit • Move to safety Bus from telematics system Attack scenario OBDII
  • 15. OBDII Central Gateway Brake Control Unit Head Unit Telematics Control Unit • Disengage brakes or kill engine Attack scenario Challenges: • Accessing the attack impact • Detecting the anomaly in the embedded system
  • 16. Outline • Connected cars evolution • Security risks and challenges • CARSEC: In-vehicle network simulation and risk assessment environment • Case-study: Evaluation on a Toyota Prius architecture • Conclusions and perspectives
  • 18. Behavior learning • Network fingerprinting – Network communication baseline for driving or parking mode – Captures cyclic messages between ECUs periodic • Manual scenario execution – Captures asynchronous actions inside the vehicle (e.g. driver switching on/off the engine) – Extends the communication baseline with dynamic messages Outcome: 1) Data flow patterns 2) Correlation between certain messages
  • 20. Data model (in DBC) Data model filling
  • 21. OMNET++ simulation environment • Open-source discrete event simulation framework • Progressive system construction from component-based modules • Network Editor (NED): Module editing • Initial configuration file (INI): Network data exchange definitions • In-vehicle protocol simulation through FiCo4OMNeT library – CAN, FlexRay support
  • 22. OMNET++: CAN node (NED) • Data transmitter (sourceApp): CAN frame transmission • Output buffer (bufferOut): Temporal frame storage and scheduling for Bus transmission Input buffer (bufferIn): Temporal frame storage and forwarding to the data receiver • Data receiver (sinkApp): CAN frame reception and physical vehicle actions • Hardware clock (canClock): Node clock for frame scheduling • Data logger (pcapRecorder): Traffic logging
  • 23. OMNET++: CAN node (INI) • idDataFrames: Message identifiers of the node • periodicityDataFrames: Message periodicity • dataLengthDataFrames: Data length • payloadDataFrames: Message payload • initialDataFrameOffset: CAN message scheduling offset Challenges: 1) Configuration changes require manual simulation restart 2) User actions cannot be modeled (e.g. driving mode)
  • 24. Dynamic vehicle behavior • Added functionality: – Dynamic changes in the model’s INI configuration while the simulation is active – Dynamic calculation of bit-stuffing based on the exchanged data • Technique: Distribution fitting on the data logged while driving • Outcome: Payload values chosen based on the probability law of the fitted distribution
  • 25. Model validation • Tool for automatic validation of the simulation accuracy against the real vehicle behavior – Different operation modes (i.e. parking or driving) • Relying on network traffic (i.e. pcap, log files) • Comparison on: 1) Packet level 2) Communication flow OMNET++ simulated traffic OBDII vehicle traffic CANvalidator Verdict OK NOK
  • 26. Outline • Connected cars and their underlying security risks • Challenges in in-vehicle network simulation • CARSEC: In-vehicle network simulation and risk assessment environment • Case-study: Evaluation on a Toyota Prius architecture • Conclusions and perspectives
  • 27. Data logging from the Toyota Prius • Vehicle available within TU/e premises from A-Team • CANtact to OBD-II due to buffer overflow in ELM327
  • 28. Network and threat analysis on a Toyota Prius Goal: Real-time analysis of operational errors or security aspects Outcome: In-vehicle impact analysis and feedback for enhancements
  • 29. Simulated attacks Attack class Description Denial Of Service Network flooding with certain frame ID Frame injection Inserting known/unknown frame ID Diagnostic messages Extract diagnostic info from ECUs allowing to reprogram them Masquerade / impersonation attack ECU spoofing or frame replay Fuzzing Iterative transmission of random or partially random packets Suspension Prevent frame transmission from a specific ECU Source: Common threats based on in-vehicle security state-of-the-art Purpose: Use simulation to avoid non recoverable errors from attacks on the in- vehicle architecture
  • 30. Simulated attacks Attack class Description Denial Of Service Network flooding with certain frame ID Frame injection Inserting known/unknown frame ID Diagnostic messages Extract diagnostic info from ECUs allowing to reprogram them Masquerade / impersonation attack ECU spoofing or frame replay Fuzzing Iterative transmission of random or partially random packets Suspension Prevent frame transmission from a specific ECU Three categories of attacks: 1) Not feasible 2) Feasible but no impact on vehicle functionality 3) Feasible with impact on vehicle functionality, but requiring adequate in-vehicle network knowledge
  • 31. Attack impact on vehicle functionality Attack start • Impact: Confusing indicator in the dashboard • Generating error frames on the Bus • Errors lead to error active/passive mode
  • 32. Attack impact on the in-vehicle network - Initial increase in the amount of messages - Frequency-based detection for identifying the anomaly - For persistent attacks the Bus gradually balances the message load - Attack detection becomes very difficult
  • 33. Conclusion • Early-stage detection of operational errors and security threats in the in-vehicle architecture • Impact and risk assessment for the addition of new features • Applied to a Toyota Prius vehicle within TU/e premises – State-of-the-art attacks to examine alternations of the vehicle behavior Future work • Automate the preliminary in-vehicle learning/data filling step • Use of OBD-II: 1) allows to learn only CAN and LIN network data 2) limits the network data if manufacturer firewall is used
  • 34. Thank you for your attention Further info: a.lekidis@tue.nl, i.barosan@tue.nl