More Like this

1. Fingerprinting ECUs to Implement Vehicular Security for Passenger Safety Using Machine Learning Techniques

   Bellaire, S. ; Bayer, M. ; Hafeez, A. ; Ud Daula Refat, R. ; Malik, H. ( September 2022 , IntelliSys 2022: Intelligent Systems and Applications)

   The Controller Area Network (CAN) protocol used in vehicles today was designed to be fast, reliable, and robust. However, it is inherently insecure due to its lack of any kind of message authentication. Despite this, CAN is still used extensively in the automotive industry for various electronic control units (ECUs) and sensors which perform critical functions such as engine control. This paper presents a novel methodology for in-vehicle security through fingerprinting of ECUs. The proposed research uses the fingerprints injected in the signal due to material imperfections and semiconductor impurities. By extracting features from the physical CAN signal and using them as inputs for a machine learning algorithm, it is possible to determine the sender ECU of a packet. A high classification accuracy of up to 100.0% is possible when every node on the bus has a sufficiently different channel length.
2. Fingerprinting ECUs to Implement Vehicular Security for Passenger Safety Using Machine Learning Techniques

   Bellaire, Samuel ; Bayer, Matthew ; Hafeez, Azeem ; Refat, Rafi Ud ; Malik, Hafiz ( September 2022 , Intelligence Systems (IntelliSys'22))

   The Controller Area Network (CAN) protocol used in vehicles today was designed to be fast, reliable, and robust. However, it is inherently insecure due to its lack of any kind of message authentication. Despite this, CAN is still used extensively in the automotive industry for various electronic control units (ECUs) and sensors which perform critical functions such as engine control. This paper presents a novel methodology for in-vehicle security through fingerprinting of ECUs. The proposed research uses the fingerprints injected in the signal due to material imperfections and semiconductor impurities. By extracting features from the physical CAN signal and using them as inputs for a machine learning algorithm, it is possible to determine the sender ECU of a packet. A high classification accuracy of up to 100.0% is possible when every node on the bus has a sufficiently different channel length.
3. Vulnerability of Controller Area Network to Schedule-Based Attacks

   https://doi.org/10.1109/RTSS52674.2021.00051  

   Hounsinou, Sena ; Stidd, Mark ; Ezeobi, Uchenna ; Olufowobi, Habeeb ; Nasri, Mitra ; Bloom, Gedare ( December 2021 , 2021 IEEE Real-Time Systems Symposium (RTSS))

   The secure functioning of automotive systems is vital to the safety of their passengers and other roadway users. One of the critical functions for safety is the controller area network (CAN), which interconnects the safety-critical electronic control units (ECUs) in the majority of ground vehicles. Unfortunately CAN is known to be vulnerable to several attacks. One such attack is the bus-off attack, which can be used to cause a victim ECU to disconnect itself from the CAN bus and, subsequently, for an attacker to masquerade as that ECU. A limitation of the bus-off attack is that it requires the attacker to achieve tight synchronization between the transmission of the victim and the attacker’s injected message. In this paper, we introduce a schedule-based attack framework for the CAN bus-off attack that uses the real-time schedule of the CAN bus to predict more attack opportunities than previously known. We describe a ranking method for an attacker to select and optimize its attack injections with respect to criteria such as attack success rate, bus perturbation, or attack latency. The results show that vulnerabilities of the CAN bus can be enhanced by schedulebased attacks.
4. Towards an Integrated Vehicle Management System in DriveOS

   https://doi.org/10.1145/3477013  

   Sinha, Soham ; West, Richard ( October 2021 , ACM Transactions on Embedded Computing Systems)

   Modern automotive systems feature dozens of electronic control units (ECUs) for chassis, body and powertrain functions. These systems are costly and inflexible to upgrade, requiring ever increasing numbers of ECUs to support new features such as advanced driver assistance (ADAS), autonomous technologies, and infotainment. To counter these challenges, we propose DriveOS, a safe, secure, extensible, and timing-predictable system for modern vehicle management in a centralized platform. DriveOS is based on a separation kernel, where timing and safety-critical ECU functions are implemented in a real-time OS (RTOS) alongside non-critical software in Linux or Android. The system enforces the separation, or partitioning, of both software and hardware among different OSes. DriveOS runs on a relatively low-cost embedded PC-class platform, supporting multiple cores and hardware virtualization capabilities. Instrument cluster, in-vehicle infotainment and advanced driver assistance system services are implemented in a Yocto Linux guest, which communicates with critical real-time services via secure shared memory. The RTOS manages a real-time controller area network (CAN) interface that is inaccessible to Linux services except via well-defined and legitimate communication channels. In this work, we integrate three Qt-based services written for Yocto Linux, running in parallel with a real-time longitudinal controller task and multiple CAN bus concentrators,more »for vehicular sensor data processing and actuation. We demonstrate the benefits and performance of DriveOS with a hardware-in-the-loop CARLA simulation using a real car dataset.« less
5. SIC ² : Securing Microcontroller Based IoT Devices with Low-cost Crypto Coprocessors

   https://doi.org/10.1109/ICPADS51040.2020.00057  

   Pearson, Bryan ; Zou, Cliff ; Zhang, Yue ; Ling, Zhen ; Fu, Xinwen ( December 2020 , 2020 IEEE 26th International Conference on Parallel and Distributed Systems (ICPADS))

   In this paper, we explore the use of microcontrollers (MCUs) and crypto coprocessors to secure IoT applications, and show how developers may implement a low-cost platform that provides protects private keys against software attacks. We first demonstrate the plausibility of format string attacks on the ESP32, a popular MCU from Espressif that uses the Harvard architecture. The format string attacks can be used to remotely steal private keys hard-coded in the firmware. We then present a framework termed SIC 2 (Securing IoT with Crypto Coprocessors), for secure key provisioning that protects end users' private keys from both software attacks and untrustworthy manufacturers. As a proof of concept, we pair the ESP32 with the low-cost ATECC608A cryptographic coprocessor by Microchip and connect to Amazon Web Services (AWS) and Amazon Elastic Container Service (EC2) using a hardware-protected private key, which provides the security features of TLS communication including authentication, encryption and integrity. We have developed a prototype and performed extensive experiments to show that the ATECC608A crypto chip may significantly reduce the TLS handshake time by as much as 82% with the remote server, and it may lower the total energy consumption of the system by up to 70%. Our results indicatemore »that securing IoT with crypto coprocessors is a practicable solution for low-cost MCU based IoT devices.« less