Securing Inter-Processor Communication in Automotive ECUs 2019-26-0363
Modern cars now comes with sophisticated telemetry which often involved connecting to the internet over mobile telephone networks or WiFi. The telemetry or cloud functions of the car is typically handled by Telematics Control Unit or the Infotainment System. The microcontrollers (Host Processor) powering the ECUs are very powerful and often have operating systems such as Linux or QNX to drive the large displays or perform modem functionalities. These powerful microcontrollers takes several seconds to startup and does not offer hard real-time performance both of which are critical to handle the vehicle CAN network. Hence, it is common to include a less powerful microcontroller to the ECU to perform the management of the vehicle CAN network. These smaller microcontroller (Vehicle Processor) can startup fast and provide hard real-time performance. The Host Processor and the Vehicle Processor are connected by the Inter-Processor Communication Link (IPCL) to exchange messages between them. This often overlooked communication link is also a security vulnerability in the vehicle. This has been made painfully obvious by the hacking of the 2015 Jeep vehicle which involved compromising the communication link and reprogramming the Vehicle Processor to take control of the Vehicle CAN bus. The paper analyses the threat vectors pertaining to the IPCL such as spying, spoofing, man-in-the-middle and replay attacks and provides solutions that addresses each of those threat with minimal impact to the performance of the communication link while ensuring the integrity and safety of the communication link.
Visteon Technical Services Center
Symposium on International Automotive Technology 2019