An official website of the United States government
Motivated by ample evidence in the automotive cybersecurity literature that the car brake ECUs can be maliciously reprogrammed, it has been shown that an adversary who can directly control the frictional brake actuators can induce wheel lockup conditions despite having a limited knowledge of the tire-road interaction characteristics [1]. In this paper, we investigate the destabilizing effect of such wheel lockup attacks on the lateral motion stability of vehicles from a robust stability perspective. Furthermore, we propose a quadratic programming (QP) problem that the adversary can solve for finding the optimal destabilizing longitudinal slip reference values.
more »
« less
Vehicle Lateral Motion Dynamics Under Braking/ABS Cyber-Physical Attacks
In face of an increasing number of automotive cyber-physical threat scenarios, the issue of adversarial destabilization of the lateral motion of target vehicles through direct attacks on their steering systems has been extensively studied. A more subtle question is whether a cyberattacker can destabilize the target vehicle lateral motion through improper engagement of the vehicle brakes and/or anti-lock braking systems (ABS). Motivated by such a question, this paper investigates the impact of cyber-physical attacks that exploit the braking/ABS systems to adversely affect the lateral motion stability of the targeted vehicles. Using a hybrid physical/dynamic tire-road friction model, it is shown that if a braking system/ABS attacker manages to continuously vary the longitudinal slips of the wheels, they can violate the necessary conditions for asymptotic stability of the underlying linear time-varying (LTV) dynamics of the lateral motion. Furthermore, the minimal perturbations of the wheel longitudinal slips that result in lateral motion instability under fixed slip values are derived. Finally, a real-time algorithm for monitoring the lateral motion dynamics of vehicles against braking/ABS cyber-physical attacks is devised. This algorithm, which can be efficiently computed using the modest computational resources of automotive embedded processors, can be utilized along with other intrusion detection techniques to infer whether a vehicle braking system/ABS is experiencing a cyber-physical attack. Numerical simulations in the presence of realistic CAN bus delays, destabilizing slip value perturbations obtained from solving quadratic programs on an embedded ARM Cortex-M3 emulator, and side-wind gusts demonstrate the effectiveness of the proposed methodology.
more »
« less
- Award ID(s):
- 2035770
- PAR ID:
- 10491964
- Publisher / Repository:
- IEEE
- Date Published:
- Journal Name:
- IEEE Transactions on Information Forensics and Security
- Volume:
- 18
- ISSN:
- 1556-6013
- Page Range / eLocation ID:
- 4100 to 4115
- Format(s):
- Medium: X
- Sponsoring Org:
- National Science Foundation
More Like this
-
-
Motivated by ample evidence in the automotive cybersecurity literature that the car brake ECUs can be maliciously reprogrammed, it has been shown that an adversary who can directly control the frictional brake actuators can induce wheel lockup conditions despite having a limited knowledge of the tire-road interaction characteristics~\cite{mohammadi2021acc}. In this paper, we investigate the destabilizing effect of such wheel lockup attacks on the lateral motion stability of vehicles from a robust stability perspective. Furthermore, we propose a quadratic programming (QP) problem that the adversary can solve for finding the optimal destabilizing longitudinal slip reference values.more » « less
-
Modern vehicles can be thought of as complex distributed embedded systems that run a variety of automotive applications with real-time constraints. Recent advances in the automotive industry towards greater autonomy are driving vehicles to be increasingly connected with various external systems (e.g., roadside beacons, other vehicles), which makes emerging vehicles highly vulnerable to cyber-attacks. Additionally, the increased complexity of automotive applications and the in-vehicle networks results in poor attack visibility, which makes detecting such attacks particularly challenging in automotive systems. In this work, we present a novel anomaly detection framework called LATTE to detect cyber-attacks in Controller Area Network (CAN) based networks within automotive platforms. Our proposed LATTE framework uses a stacked Long Short Term Memory (LSTM) predictor network with novel attention mechanisms to learn the normal operating behavior at design time. Subsequently, a novel detection scheme (also trained at design time) is used to detect various cyber-attacks (as anomalies) at runtime. We evaluate our proposed LATTE framework under different automotive attack scenarios and present a detailed comparison with the best-known prior works in this area, to demonstrate the potential of our approach.more » « less
-
Integration of the Internet of Things (IoT) in the automotive industry has brought benefits as well as security challenges. Significant benefits include enhanced passenger safety and more comprehensive vehicle performance diagnostics. However, current onboard and remote vehicle diagnostics do not include the ability to detect counterfeit parts. A method is needed to verify authentic parts along the automotive supply chain from manufacture through installation and to coordinate part authentication with a secure database. In this study, we develop an architecture for anti-counterfeiting in automotive supply chains. The core of the architecture consists of a cyber-physical trust anchor and authentication mechanisms connected to blockchain-based tracking processes with cloud storage. The key parameters for linking a cyber-physical trust anchor in embedded IoT include identifiers (i.e., serial numbers, special features, hashes), authentication algorithms, blockchain, and sensors. A use case was provided by a two-year long implementation of simple trust anchors and tracking for a coffee supply chain which suggests a low-cost part authentication strategy could be successfully applied to vehicles. The challenge is authenticating parts not normally connected to main vehicle communication networks. Therefore, we advance the coffee bean model with an acoustical sensor to differentiate between authentic and counterfeit tires onboard the vehicle. The workload of secure supply chain development can be shared with the development of the connected autonomous vehicle networks, as the fleet performance is degraded by vehicles with questionable replacement parts of uncertain reliability.more » « less
-
The landscape of automotive vehicle attack surfaces continues to grow, and vulnerabilities in the controller area network (CAN) expose vehicles to cyber-physical risks and attacks that can endanger the safety of passengers and pedestrians. Intrusion detection systems (IDS) for CAN have emerged as a key mitigation approach for these risks, but uniform methods to compare proposed IDS techniques are lacking. In this paper, we present a framework for comparative performance analysis of state-of-the-art IDSs for CAN bus to provide a consistent methodology to evaluate and assess proposed approaches. This framework relies on previously published datasets comprising message logs recorded from a real vehicle CAN bus coupled with traditional classifier performance metrics to reduce the discrepancies that arise when comparing IDS approaches from disparate sources.more » « less
- Free Publicly Accessible Full Text
-
Accepted Manuscript1.0
- Journal Article:
- https://doi.org/10.1109/TIFS.2023.3293424
