Refine Your Search

Search Results

Viewing 1 to 9 of 9
Journal Article

A Centrally Managed Identity-Anonymized CAN Communication System*

2018-05-16
Abstract Identity-Anonymized CAN (IA-CAN) protocol is a secure CAN protocol, which provides the sender authentication by inserting a secret sequence of anonymous IDs (A-IDs) shared among the communication nodes. To prevent malicious attacks from the IA-CAN protocol, a secure and robust system error recovery mechanism is required. This article presents a central management method of IA-CAN, named the IA-CAN with a global A-ID, where a gateway plays a central role in the session initiation and system error recovery. Each ECU self-diagnoses the system errors, and (if an error happens) it automatically resynchronizes its A-ID generation by acquiring the recovery information from the gateway. We prototype both a hardware version of an IA-CAN controller and a system for the IA-CAN with a global A-ID using the controller to verify our concept.
Journal Article

Anomaly-Based Intrusion Detection Using the Density Estimation of Reception Cycle Periods for In-Vehicle Networks

2018-05-16
Abstract The automotive industry intends to create new services that involve sharing vehicle control information via a wide area network. In modern vehicles, an in-vehicle network shares information between more than 70 electronic control units (ECUs) inside a vehicle while it is driven. However, such a complicated system configuration can result in security vulnerabilities. The possibility of cyber-attacks on vehicles via external services has been demonstrated in many research projects. As advances in vehicle systems (e.g., autonomous drive) progress, the number of vulnerabilities to be exploited by cyber-attacks will also increase. Therefore, future vehicles need security measures to detect unknown cyber-attacks. We propose anomaly-based intrusion detection to detect unknown cyber-attacks for the Control Area Network (CAN) protocol, which is popular as a communication protocol for in-vehicle networks.
Journal Article

Enhancement of Automotive Penetration Testing with Threat Analyses Results

2018-11-02
Abstract In this work, we present an approach to support penetration tests by combining safety and security analyses to enhance automotive security testing. Our approach includes a new way to combine safety and threat analyses to derive possible test cases. We reuse outcomes of a performed safety analysis as the input for a threat analysis. We show systematically how to derive test cases, and we present the applicability of our approach by deriving and performing test cases for a penetration test of an automotive electronic control unit (ECU). Therefore, we selected an airbag control unit due to its safety-critical functionality. During the penetration test, the selected control unit was installed on a test bench, and we were able to successfully exploit a discovered vulnerability, causing the detonation of airbags.
Journal Article

Parasitic Battery Drain Problems and AUTOSAR Acceptance Testing

2018-04-18
Abstract Battery Drain problems can occur in the vehicle due to improper network management between electronic control units (ECUs). Aim of this paper is to identify the factors that cause transmission and cease of transmission of a network management message of an ECU along with its application messages that controls the sleep/wake-up performance of other ECUs in the network. Strategy used here is, based on the root cause analysis of problems found in Display unit in vehicle environment, the functional CAN signals impacting sleep/wake-up behavior is re-mapped along with the state flow transition of AUTOSAR NM Algorithm. A re-defined test case design and simulation for vehicle model is created. Especially it focuses on validating the impact of functional CAN signals on DUT’s sleep/wake-up performance.
Journal Article

Integrated Driving and Braking Control Unit for Electric Bikes

2018-10-04
Abstract In this research, an integrated driving and braking control unit was developed for electric bikes. The unit integrates the driving and braking circuits in a module. Alternate commutation was used to design the driving and braking unit of a customized brushless direct-current hub motor (BLDCHM). The braking torque for the braking section is generated through alternating the duty cycle of the pulse-width-modulated (PWM) commands of the switching elements and phase sequence arrangement of the current conduction loops. The current conduction loops in the motor and switching elements is arranged to adjust the braking torque in a sophisticated way. The integrated design has been successfully tested in a commercialized electric bike with a BLDCHM.
Journal Article

CAN-Bus Remote Monitoring: Standalone CAN Sensor Reading and Automotive Diagnostics

2019-02-08
Abstract A vehicle may be a font of data for some applications in safety, maintenance, and entertainment systems, once its electronic control units are connected to each other by a Controller Area Network (CAN) bus. By plugging a compatible device on the vehicle onboard diagnostics interface, reading raw data or conducting automotive diagnostics by International Standardization Organization 15765 and Society of Automotive Engineers J1979 is possible. The usual low-cost CAN data acquisition devices do not allow the connection to a cloud service for remote monitoring. Looking at this issue, this work proposes a low-cost NodeMCU CAN shield for data acquisition which is able to read the CAN frame of a Steering Angle Sensor, in Scenario 1, and standardized information from a vehicle such as its speed, identification number, and engine coolant temperature by automotive diagnostics, in Scenario 2.
Journal Article

Vulnerability of FlexRay and Countermeasures

2019-05-23
Abstract The importance of in-vehicle network security has increased with an increase in automated and connected vehicles. Hence, many attacks and countermeasures have been proposed to secure the controller area network (CAN), which is an existent in-vehicle network protocol. At the same time, new protocols-such as FlexRay and Ethernet-which are faster and more reliable than CAN have also been proposed. European OEMs have adopted FlexRay as a control network that can perform the fundamental functions of a vehicle. However, there are few studies regarding FlexRay security. In particular, studies on attacks against FlexRay are limited to theoretical studies or simulation-based experiments. Hence, the vulnerability of FlexRay is unclear. Understanding this vulnerability is necessary for the application of countermeasures and improving the security of future vehicles. In this article, we highlight the vulnerability of FlexRay found in the experiments conducted on a real FlexRay network.
Journal Article

A Comprehensive Attack and Defense Model for the Automotive Domain

2019-01-17
Abstract In the automotive domain, the overall complexity of technical components has increased enormously. Formerly isolated, purely mechanical cars are now a multitude of cyber-physical systems that are continuously interacting with other IT systems, for example, with the smartphone of their driver or the backend servers of the car manufacturer. This has huge security implications as demonstrated by several recent research papers that document attacks endangering the safety of the car. However, there is, to the best of our knowledge, no holistic overview or structured description of the complex automotive domain. Without such a big picture, distinct security research remains isolated and is lacking interconnections between the different subsystems. Hence, it is difficult to draw conclusions about the overall security of a car or to identify aspects that have not been sufficiently covered by security analyses.
Journal Article

Accelerated Secure Boot for Real-Time Embedded Safety Systems

2019-07-08
Abstract Secure boot is a fundamental security primitive for establishing trust in computer systems. For real-time safety applications, the time taken to perform the boot measurement conflicts with the need for near instant availability. To speed up the boot measurement while establishing an acceptable degree of trust, we propose a dual-phase secure boot algorithm that balances the strong requirement for data tamper detection with the strong requirement for real-time availability. A probabilistic boot measurement is executed in the first phase to allow the system to be quickly booted. This is followed by a full boot measurement to verify the first-phase results and generate the new sampled space for the next boot cycle. The dual-phase approach allows the system to be operational within a fraction of the time needed for a full boot measurement while producing a high detection probability of data tampering.
X