Automotive security

Last updated

Automotive security refers to the branch of computer security focused on the cyber risks related to the automotive context. The increasingly high number of ECUs in vehicles and, alongside, the implementation of multiple different means of communication from and towards the vehicle in a remote and wireless manner led to the necessity of a branch of cybersecurity dedicated to the threats associated with vehicles. Not to be confused with automotive safety.

Contents

Causes

The implementation of multiple ECUs (Electronic Control Units) inside vehicles began in the early '70s thanks to the development of integrated circuits and microprocessors that made it economically feasible to produce the ECUs on a large scale. [1] Since then the number of ECUs has increased to up to 100 per vehicle. These units nowadays control almost everything in the vehicle, from simple tasks such as activating the wipers to more safety-related ones like brake-by-wire or ABS (Anti-lock Braking System). Autonomous driving is also strongly reliant on the implementation of new, complex ECUs such as the ADAS, alongside sensors (lidars and radars) and their control units.

Inside the vehicle, the ECUs are connected with each other through cabled or wireless communication networks, such as CAN bus (controller area network), MOST bus (Media Oriented System Transport), FlexRay (Automotive Network Communications Protocol) or RF (radio frequency) as in many implementations of TPMSs (tire-pressure monitoring systems). Many of these ECUs require data received through these networks that arrive from various sensors to operate and use such data to modify the behavior of the vehicle (e.g., the cruise control modifies the vehicle's speed depending on signals arriving from a button usually located on the steering wheel).

Since the development of cheap wireless communication technologies such as Bluetooth, LTE, Wi-Fi, RFID and similar, automotive producers and OEMs have designed ECUs that implement such technologies with the goal of improving the experience of the driver and passengers. Safety-related systems such as the OnStar [2] from General Motors, telematic units, communication between smartphones and the vehicle's speakers through Bluetooth, Android Auto [3] and Apple CarPlay. [4]

Threat model

Threat models of the automotive world are based on both real-world and theoretically possible attacks. Most real-world attacks aim at the safety of the people in and around the car, by modifying the cyber-physical capabilities of the vehicle (e.g., steering, braking, accelerating without requiring actions from the driver [5] [6] ), while theoretical attacks have been supposed to focus also on privacy-related goals, such as obtaining GPS data on the vehicle, or capturing microphone signals and similar. [7]

Regarding the attack surfaces of the vehicle, they are usually divided in long-range, short-range, and local attack surfaces: [8] LTE and DSRC can be considered long-range ones, while Bluetooth and Wi-Fi are usually considered short-range although still wireless. Finally, USB, OBD-II and all the attack surfaces that require physical access to the car are defined as local. An attacker that is able to implement the attack through a long-range surface is considered stronger and more dangerous than the one that requires physical access to the vehicle. In 2015 the possibility of attacks on vehicles already on the market has been proven possible by Miller and Valasek, that managed to disrupt the driving of a Jeep Cherokee while remotely connecting to it through remote wireless communication. [9] [10]

Controller area network attacks

The most common network used in vehicles and the one that is mainly used for safety-related communication is CAN, due to its real-time properties, simplicity, and cheapness. For this reason the majority of real-world attacks have been implemented against ECUs connected through this type of network. [5] [6] [9] [10]

The majority of attacks demonstrated either against actual vehicles or in testbeds fall in one or more of the following categories:

Sniffing

Sniffing in the computer security field generally refers to the possibility of intercepting and logging packets or more generally data from a network. In the case of CAN, since it is a bus network, every node listens to all communication on the network. It is useful for the attacker to read data to learn the behavior of the other nodes of the network before implementing the actual attack. Usually, the final goal of the attacker is not to simply sniff the data on CAN, since the packets passing on this type of network are not usually valuable just to read. [8]

Denial of service

Denial of service (DoS) in information security is usually described as an attack that has the objective of making a machine or a network unavailable. DoS attacks against ECUs connected to CAN buses can be done both against the network, by abusing the arbitration protocol used by CAN to always win the arbitration, and targeting the single ECU, by abusing the error handling protocol of CAN. [11] In this second case the attacker flags the messages of the victim as faulty to convince the victim of being broken and therefore shut itself off the network. [11]

Spoofing

Spoofing attacks comprise all cases in which an attacker, by falsifying data, sends messages pretending to be another node of the network. In automotive security usually spoofing attacks are divided into masquerade and replay attacks. Replay attacks are defined as all those where the attacker pretends to be the victim and sends sniffed data that the victim sent in a previous iteration of authentication. Masquerade attacks are, on the contrary, spoofing attacks where the data payload has been created by the attacker. [12]

Real life automotive threat example

Security researchers Charlie Miller and Chris Valasek have successfully demonstrated remote access to a wide variety of vehicle controls using a Jeep Cherokee as the target. They were able to control the radio, environmental controls, windshield wipers, and certain engine and brake functions. [10]

The method used to hack the system was implementation of pre-programmed chip into the controller area network (CAN) bus. By inserting this chip into the CAN bus, he was able to send arbitrary message to CAN bus. One other thing that Miller has pointed out is the danger of the CAN bus, as it broadcasts the signal which the message can be caught by the hackers throughout the network.

The control of the vehicle was all done remotely, manipulating the system without any physical interaction. Miller states that he could control any of some 1.4 million vehicles in the United States regardless of the location or distance, the only thing needed is for someone to turn on the vehicle to gain access. [13]

The work by Miller and Valasek replicated earlier work completed and published by academics in 2010 and 2011 on a different vehicle. [14] The earlier work demonstrated the ability to compromise a vehicle remotely, over multiple wireless channels (including cellular), and the ability to remotely control critical components on the vehicle post-compromise, including the telematics unit and the car's brakes. While the earlier academic work was publicly visible, both in peer-reviewed scholarly publications [15] [16] and in the press, [17] the Miller and Valesek work received even greater public visibility.

Security measures

The increasing complexity of devices and networks in the automotive context requires the application of security measures to limit the capabilities of a potential attacker. Since the early 2000 many different countermeasures have been proposed and, in some cases, applied. Following, a list of the most common security measures: [8]

Legislation

In June 2020, the United Nations Economic Commission for Europe (UNECE) World Forum for Harmonization of Vehicle Regulations released two new regulations, R155 and R156, establishing "clear performance and audit requirements for car manufacturers" in terms of automotive cybersecurity and software updates. [21]

Notes

  1. "Trends in the Semiconductor Industry: 1970s". Semiconductor History Museum of Japan. Archived from the original on 27 June 2019. Retrieved 27 June 2019.
  2. "OnStar system website main page" . Retrieved 3 July 2019.
  3. "Android Auto website page" . Retrieved 3 July 2019.
  4. "Apple CarPlay website page" . Retrieved 3 July 2019.
  5. 1 2 Koscher, K.; Czeskis, A.; Roesner, F.; Patel, S.; Kohno, T.; Checkoway, S.; McCoy, D.; Kantor, B.; Anderson, D.; Shacham, H.; Savage, S. (2010). "Experimental Security Analysis of a Modern Automobile". 2010 IEEE Symposium on Security and Privacy. pp. 447–462. CiteSeerX   10.1.1.184.3183 . doi:10.1109/SP.2010.34. ISBN   978-1-4244-6894-2. S2CID   15241702.
  6. 1 2 "Comprehensive Experimental Analyses of Automotive Attack Surfaces | USENIX". www.usenix.org. 2011.
  7. 1 2 "Securing Vehicular On-Board IT Systems: The EVITA Project" (PDF). evita-project.org.
  8. 1 2 3 4 5 Le, Van Huynh; den Hartog, Jerry; Zannone, Nicola (1 November 2018). "Security and privacy for innovative automotive applications: A survey". Computer Communications. 132: 17–41. doi:10.1016/j.comcom.2018.09.010. ISSN   0140-3664. S2CID   53753547.
  9. 1 2 Greenberg, Andy (1 August 2016). "The Jeep Hackers Are Back to Prove Car Hacking Can Get Much Worse". Wired.
  10. 1 2 3 Greenberg, Andy (21 July 2015). "Hackers Remotely Kill a Jeep on the Highway—With Me in It". Wired. Retrieved 11 October 2020.
  11. 1 2 Palanca, Andrea; Evenchick, Eric; Maggi, Federico; Zanero, Stefano (2017). "A Stealth, Selective, Link-Layer Denial-of-Service Attack Against Automotive Networks". Detection of Intrusions and Malware, and Vulnerability Assessment. Lecture Notes in Computer Science. Vol. 10327. Springer International Publishing. pp. 185–206. doi:10.1007/978-3-319-60876-1_9. hdl: 11311/1030098 . ISBN   978-3-319-60875-4. S2CID   37334277.
  12. 1 2 Radu, Andreea-Ina; Garcia, Flavio D. (2016). "LeiA: A Lightweight Authentication Protocol for CAN" (PDF). Computer Security – ESORICS 2016. Lecture Notes in Computer Science. Vol. 9879. Springer International Publishing. pp. 283–300. doi:10.1007/978-3-319-45741-3_15. ISBN   978-3-319-45740-6.
  13. Miller, Charlie (December 2019). "Lessons learned from hacking a car". IEEE Design & Test. 36 (6): 7–9. doi:10.1109/MDAT.2018.2863106. ISSN   2168-2356. S2CID   207889056.
  14. "2021: The Fast and the Curious". 22 September 2021.
  15. "CiteSeerX". CiteSeerX. CiteSeerX   10.1.1.184.3183 .
  16. "Comprehensive Experimental Analyses of Automotive Attack Surfaces". 2011.
  17. Markoff, John (14 May 2010). "Cars' Computer Systems Called at Risk to Hackers". The New York Times.
  18. Lokman, Siti-Farhana; Othman, Abu Talib; Abu-Bakar, Muhammad-Husaini (2019-07-19). "Intrusion detection system for automotive Controller Area Network (CAN) bus system: a review". EURASIP Journal on Wireless Communications and Networking. 2019 (1): 184. doi: 10.1186/s13638-019-1484-3 . ISSN   1687-1499.
  19. Gmiden, Mabrouka; Gmiden, Mohamed Hedi; Trabelsi, Hafedh (December 2016). "An intrusion detection method for securing in-vehicle CAN bus". 2016 17th International Conference on Sciences and Techniques of Automatic Control and Computer Engineering (STA). Sousse, Tunisia: IEEE. pp. 176–180. doi:10.1109/STA.2016.7952095. ISBN   978-1-5090-3407-9. S2CID   19396874.
  20. Hoppe, Tobias; Kiltz, Stefan; Dittmann, Jana (2011-01-01). "Security threats to automotive CAN networks—Practical examples and selected short-term countermeasures". Reliability Engineering & System Safety. Special Issue on Safecomp 2008. 96 (1): 11–25. doi:10.1016/j.ress.2010.06.026. ISSN   0951-8320. S2CID   7830197.
  21. Nations, United Nations Economic Commission for EuropeInformation UnitPalais des; Geneva 10, CH-1211; Switzerl. "UN Regulations on Cybersecurity and Software Updates to pave the way for mass roll out of connected vehicles". www.unece.org. Retrieved 2020-11-10.{{cite web}}: CS1 maint: numeric names: authors list (link)

Related Research Articles

<span class="mw-page-title-main">Computer security</span> Protection of computer systems from information disclosure, theft or damage

Computer security, cyber security, digital security or information technology security is the protection of computer systems and networks from attacks by malicious actors that may result in unauthorized information disclosure, theft of, or damage to hardware, software, or data, as well as from the disruption or misdirection of the services they provide.

Simple Network Management Protocol (SNMP) is an Internet Standard protocol for collecting and organizing information about managed devices on IP networks and for modifying that information to change device behaviour. Devices that typically support SNMP include cable modems, routers, switches, servers, workstations, printers, and more.

In cryptography and computer security, a man-in-the-middle (MITM) attack is a cyberattack where the attacker secretly relays and possibly alters the communications between two parties who believe that they are directly communicating with each other, as the attacker has inserted themselves between the two parties.

A Controller Area Network is a vehicle bus standard designed to allow microcontrollers and devices to communicate with each other's applications without a host computer. It is a message-based protocol, designed originally for multiplex electrical wiring within automobiles to save on copper, but it can also be used in many other contexts. For each device, the data in a frame is transmitted serially but in such a way that if more than one device transmits at the same time, the highest priority device can continue while the others back off. Frames are received by all devices, including by the transmitting device.

Network security consists of the policies, processes and practices adopted to prevent, detect and monitor unauthorized access, misuse, modification, or denial of a computer network and network-accessible resources. Network security involves the authorization of access to data in a network, which is controlled by the network administrator. Users choose or are assigned an ID and password or other authenticating information that allows them access to information and programs within their authority. Network security covers a variety of computer networks, both public and private, that are used in everyday jobs: conducting transactions and communications among businesses, government agencies and individuals. Networks can be private, such as within a company, and others which might be open to public access. Network security is involved in organizations, enterprises, and other types of institutions. It does as its title explains: it secures the network, as well as protecting and overseeing operations being done. The most common and simple way of protecting a network resource is by assigning it a unique name and a corresponding password.

A replay attack is a form of network attack in which valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary who intercepts the data and re-transmits it, possibly as part of a spoofing attack by IP packet substitution. This is one of the lower-tier versions of a man-in-the-middle attack. Replay attacks are usually passive in nature.

An over-the-air update, also known as over-the-air programming, is an update to an embedded system that is delivered through a wireless network, such as Wi-Fi or a cellular network. These embedded systems include mobile phones, tablets, set-top boxes, cars and telecommunications equipment. OTA updates for cars and internet of things devices can also be called firmware over-the-air (FOTA). Various components may be updated OTA, including the device's operating system, applications, configuration settings, or parameters like encryption keys.

Internet security is a branch of computer security. It encompasses the Internet, browser security, web site security, and network security as it applies to other applications or operating systems as a whole. Its objective is to establish rules and measures to use against attacks over the Internet. The Internet is an inherently insecure channel for information exchange, with high risk of intrusion or fraud, such as phishing, online viruses, trojans, ransomware and worms.

A vehicle bus is a specialized internal communications network that interconnects components inside a vehicle. In electronics, a bus is simply a device that connects multiple electrical or electronic devices together. Special requirements for vehicle control such as assurance of message delivery, of non-conflicting messages, of minimum time of delivery, of low cost, and of EMF noise resilience, as well as redundant routing and other characteristics mandate the use of less common networking protocols. Protocols include Controller Area Network (CAN), Local Interconnect Network (LIN) and others. Conventional computer networking technologies are rarely used, except in aircraft, where implementations of the ARINC 664 such as the Avionics Full-Duplex Switched Ethernet are used. Aircraft that use AFDX include the B787, the A400M and the A380. Trains commonly use Ethernet Consist Network (ECN). All cars sold in the United States since 1996 are required to have an On-Board Diagnostics connector, for access to the car's electronic controllers.

<span class="mw-page-title-main">On-board diagnostics</span> Automotive engineering terminology

On-board diagnostics (OBD) is a term referring to a vehicle's self-diagnostic and reporting capability. In the United States, this self-diagnostic is a requirement to comply with Federal Emissions standards to detect failures that may increase the vehicle tailpipe emissions to more than 150% of the standard to which it was originally certified.

The Intelligent Platform Management Interface (IPMI) is a set of computer interface specifications for an autonomous computer subsystem that provides management and monitoring capabilities independently of the host system's CPU, firmware and operating system. IPMI defines a set of interfaces used by system administrators for out-of-band management of computer systems and monitoring of their operation. For example, IPMI provides a way to manage a computer that may be powered off or otherwise unresponsive by using a network connection to the hardware rather than to an operating system or login shell. Another use case may be installing a custom operating system remotely. Without IPMI, installing a custom operating system may require an administrator to be physically present near the computer, insert a DVD or a USB flash drive containing the OS installer and complete the installation process using a monitor and a keyboard. Using IPMI, an administrator can mount an ISO image, simulate an installer DVD, and perform the installation remotely.

<span class="mw-page-title-main">Wireless security</span> Aspect of wireless networks

Wireless security is the prevention of unauthorized access or damage to computers or data using wireless networks, which include Wi-Fi networks. The term may also refer to the protection of the wireless network itself from adversaries seeking to damage the confidentiality, integrity, or availability of the network. The most common type is Wi-Fi security, which includes Wired Equivalent Privacy (WEP) and Wi-Fi Protected Access (WPA). WEP is an old IEEE 802.11 standard from 1997. It is a notoriously weak security standard: the password it uses can often be cracked in a few minutes with a basic laptop computer and widely available software tools. WEP was superseded in 2003 by WPA, a quick alternative at the time to improve security over WEP. The current standard is WPA2; some hardware cannot support WPA2 without firmware upgrade or replacement. WPA2 uses an encryption device that encrypts the network with a 256-bit key; the longer key length improves security over WEP. Enterprises often enforce security using a certificate-based system to authenticate the connecting device, following the standard 802.11X.

Mutual authentication or two-way authentication refers to two parties authenticating each other at the same time in an authentication protocol. It is a default mode of authentication in some protocols and optional in others (TLS).

<span class="mw-page-title-main">Aircrack-ng</span> Software suite

Aircrack-ng is a network software suite consisting of a detector, packet sniffer, WEP and WPA/WPA2-PSK cracker and analysis tool for 802.11 wireless LANs. It works with any wireless network interface controller whose driver supports raw monitoring mode and can sniff 802.11a, 802.11b and 802.11g traffic. Packages are released for Linux and Windows.

Mobile security, or mobile device security, is the protection of smartphones, tablets, and laptops from threats associated with wireless computing. It has become increasingly important in mobile computing. The security of personal and business information now stored on smartphones is of particular concern.

The following outline is provided as an overview of and topical guide to computer security:

Automotive hacking is the exploitation of vulnerabilities within the software, hardware, and communication systems of automobiles.

Chris Valasek is a computer security researcher with Cruise Automation, a self-driving car startup owned by GM, and best known for his work in automotive security research. Prior to his current employment, he worked for IOActive, Coverity, Accuvant, and IBM. Valasek holds a Bachelors in Computer Science from University of Pittsburgh. He currently lives in Pittsburgh, Pennsylvania.

Network eavesdropping, also known as eavesdropping attack, sniffing attack, or snooping attack, is a method that retrieves user information through the internet. This attack happens on electronic devices like computers and smartphones. This network attack typically happens under the usage of unsecured networks, such as public wifi connections or shared electronic devices. Eavesdropping attacks through the network is considered one of the most urgent threats in industries that rely on collecting and storing data. Internet users use eavesdropping via the Internet to improve information security.

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.