Search Results

Externally-connected Electronic Control Units (ECUs) contain millions of lines of code, which may contain security vulnerabilities. Hackers may exploit these vulnerabilities to gain code execution privileges, which affect public safety. Traditional Cybersecurity solutions fall short in meeting automotive ECU constraints such as zero false positives, intermittent connectivity, and low performance impact. A desirable solution would be deterministic, require minimum resources, and protect against known and unknown security threats. We integrated Autonomous Security on a BeagleBone Black (BBB) system to evaluate the feasibility of mitigating Cybersecurity risks against potential threats. We identified key metrics that should be measured, such as level of security, ease of integration and system performance impact. In this paper, we describe the integration and evaluation process and present its results.

Today’s vehicles rely on multiple interconnected networks of Electronic Control Units (ECUs) that govern almost every automotive function - from engine timing and traction control to side-mirror adjustment and GPS. In-vehicle networks used for inter-ECU communication, most commonly the CAN bus, were not designed with cybersecurity in mind, and as a result, communication by corrupt devices connected to the bus is not authenticated. A multitude of attack vectors allow attackers to control a device on the bus; reports abound of successful hacking of vehicles, by exploiting vulnerable devices and by spoofing messages. Such remote-connectivity and physical-access exploit types must be prevented, to mitigate the threats of impersonation, eavesdropping, replay and reversing. We present the IVAS, In-Vehicle Authentication Scheme.