An official website of the United States government
Motivated by ample evidence in the automotive cybersecurity literature that the car brake ECUs can be maliciously reprogrammed, it has been shown that an adversary who can directly control the frictional brake actuators can induce wheel lockup conditions despite having a limited knowledge of the tire-road interaction characteristics~\cite{mohammadi2021acc}. In this paper, we investigate the destabilizing effect of such wheel lockup attacks on the lateral motion stability of vehicles from a robust stability perspective. Furthermore, we propose a quadratic programming (QP) problem that the adversary can solve for finding the optimal destabilizing longitudinal slip reference values.
more »
« less
Vehicle Lateral Motion Dynamics Under Braking/ABS Cyber-Physical Attacks
In face of an increasing number of automotive cyber-physical threat scenarios, the issue of adversarial destabilization of the lateral motion of target vehicles through direct attacks on their steering systems has been extensively studied. A more subtle question is whether a cyberattacker can destabilize the target vehicle lateral motion through improper engagement of the vehicle brakes and/or anti-lock braking systems (ABS). Motivated by such a question, this paper investigates the impact of cyber-physical attacks that exploit the braking/ABS systems to adversely affect the lateral motion stability of the targeted vehicles. Using a hybrid physical/dynamic tire-road friction model, it is shown that if a braking system/ABS attacker manages to continuously vary the longitudinal slips of the wheels, they can violate the necessary conditions for asymptotic stability of the underlying linear time-varying (LTV) dynamics of the lateral motion. Furthermore, the minimal perturbations of the wheel longitudinal slips that result in lateral motion instability under fixed slip values are derived. Finally, a real-time algorithm for monitoring the lateral motion dynamics of vehicles against braking/ABS cyber-physical attacks is devised. This algorithm, which can be efficiently computed using the modest computational resources of automotive embedded processors, can be utilized along with other intrusion detection techniques to infer whether a vehicle braking system/ABS is experiencing a cyber-physical attack. Numerical simulations in the presence of realistic CAN bus delays, destabilizing slip value perturbations obtained from solving quadratic programs on an embedded ARM Cortex-M3 emulator, and side-wind gusts demonstrate the effectiveness of the proposed methodology.
more »
« less
- Award ID(s):
- 2035770
- PAR ID:
- 10491964
- Publisher / Repository:
- IEEE
- Date Published:
- Journal Name:
- IEEE Transactions on Information Forensics and Security
- Volume:
- 18
- ISSN:
- 1556-6013
- Page Range / eLocation ID:
- 4100 to 4115
- Format(s):
- Medium: X
- Sponsoring Org:
- National Science Foundation
More Like this
-
-
Motivated by ample evidence in the automotive cybersecurity literature that the car brake ECUs can be maliciously reprogrammed, it has been shown that an adversary who can directly control the frictional brake actuators can induce wheel lockup conditions despite having a limited knowledge of the tire-road interaction characteristics [1]. In this paper, we investigate the destabilizing effect of such wheel lockup attacks on the lateral motion stability of vehicles from a robust stability perspective. Furthermore, we propose a quadratic programming (QP) problem that the adversary can solve for finding the optimal destabilizing longitudinal slip reference values.more » « less
-
Modern vehicles can be thought of as complex distributed embedded systems that run a variety of automotive applications with real-time constraints. Recent advances in the automotive industry towards greater autonomy are driving vehicles to be increasingly connected with various external systems (e.g., roadside beacons, other vehicles), which makes emerging vehicles highly vulnerable to cyber-attacks. Additionally, the increased complexity of automotive applications and the in-vehicle networks results in poor attack visibility, which makes detecting such attacks particularly challenging in automotive systems. In this work, we present a novel anomaly detection framework called LATTE to detect cyber-attacks in Controller Area Network (CAN) based networks within automotive platforms. Our proposed LATTE framework uses a stacked Long Short Term Memory (LSTM) predictor network with novel attention mechanisms to learn the normal operating behavior at design time. Subsequently, a novel detection scheme (also trained at design time) is used to detect various cyber-attacks (as anomalies) at runtime. We evaluate our proposed LATTE framework under different automotive attack scenarios and present a detailed comparison with the best-known prior works in this area, to demonstrate the potential of our approach.more » « less
-
Integration of the Internet of Things (IoT) in the automotive industry has brought benefits as well as security challenges. Significant benefits include enhanced passenger safety and more comprehensive vehicle performance diagnostics. However, current onboard and remote vehicle diagnostics do not include the ability to detect counterfeit parts. A method is needed to verify authentic parts along the automotive supply chain from manufacture through installation and to coordinate part authentication with a secure database. In this study, we develop an architecture for anti-counterfeiting in automotive supply chains. The core of the architecture consists of a cyber-physical trust anchor and authentication mechanisms connected to blockchain-based tracking processes with cloud storage. The key parameters for linking a cyber-physical trust anchor in embedded IoT include identifiers (i.e., serial numbers, special features, hashes), authentication algorithms, blockchain, and sensors. A use case was provided by a two-year long implementation of simple trust anchors and tracking for a coffee supply chain which suggests a low-cost part authentication strategy could be successfully applied to vehicles. The challenge is authenticating parts not normally connected to main vehicle communication networks. Therefore, we advance the coffee bean model with an acoustical sensor to differentiate between authentic and counterfeit tires onboard the vehicle. The workload of secure supply chain development can be shared with the development of the connected autonomous vehicle networks, as the fleet performance is degraded by vehicles with questionable replacement parts of uncertain reliability.more » « less
-
Commercial vehicles are a vital component of modern logistics and transportation, forming part of the critical infrastructure and representing safety-critical cyber-physical systems. Contemporary automotive operations are dominated by embedded computing systems that engage through standardized protocols, which constitute the infrastructure of vehicular communication networks. Within the commercial vehicle sector, these systems utilize high-level protocols that operate over the Controller Area Network (CAN) protocol for internal exchanges in medium and heavy-duty vehicles. The Unified Diagnostic Services (UDS) protocol, as described in International Standards Organization (ISO) 14229 (UDS) and ISO 15765 (Diagnostic Communication over CAN), plays a pivotal role by providing vital diagnostic capabilities. This research introduces four specific scenarios that expose deficiencies in the diagnostic protocol standards and how these can be manipulated to initiate attacks on in-vehicle computers within commercial vehicles, circumventing existing security frameworks. In the first three scenarios, we demonstrate three flaws within the ISO 14229 protocol standards. Following this, the fourth and final scenario elucidates a flaw unique to the ISO 15765 protocol standards. For the purpose of demonstration, test setups incorporating actual Electronic Control Units (ECUs) linked to a CAN bus were employed. Further experiments were performed using a fully equipped cab assembly from a 2018 Freightliner Cascadia truck, set up as a testing environment. The experimental outcomes demonstrate how attacks targeting these specific protocols can undermine the integrity of individual ECUs, leading to denial of service. Additionally, within the Freightliner Cascadia configuration, a network architecture typical of contemporary vehicles was observed, featuring a gateway unit that isolates internal ECUs from diagnostic interfaces. Although this gateway is engineered to prevent conventional message injection and spoofing attacks, it permits all diagnostic communications. This selective permeability inadvertently introduces a susceptibility to diagnostic protocol flaws, highlighting an essential area for security improvements within commercial vehicle networks. These insights are vital for engineers and developers tasked with integrating the diagnostic protocols into their network subsystems, underscoring the urgency for improved security provisions.more » « less
- Free Publicly Accessible Full Text
-
Accepted Manuscript
- Journal Article:
- https://doi.org/10.1109/TIFS.2023.3293424
