CYBERSECURITY IN AUTOMOTIVE NETWORKS A presentation by Sebastian - - PowerPoint PPT Presentation

cybersecurity in automotive networks
SMART_READER_LITE
LIVE PREVIEW

CYBERSECURITY IN AUTOMOTIVE NETWORKS A presentation by Sebastian - - PowerPoint PPT Presentation

Oct 21, 2023 42 likes •185 views

CYBERSECURITY IN AUTOMOTIVE NETWORKS A presentation by Sebastian Wilczek & Arnold Buntsma Supervisor: Colin Schappin RP #51 Context ECUs History New attack vectors 2 How many ECUs does it take to control a modern vehicle? 3

slide-1
SLIDE 1

CYBERSECURITY IN AUTOMOTIVE NETWORKS

A presentation by Sebastian Wilczek & Arnold Buntsma

Supervisor: Colin Schappin RP #51

slide-2
SLIDE 2

Context

  • ECUs
  • History
  • New attack vectors

2

slide-3
SLIDE 3

How many ECUs does it take to control a modern vehicle?

3

slide-4
SLIDE 4

At least seventy!

And up to 200.

4

slide-5
SLIDE 5

Research Questions

➔ Which automotive communication protocols are used in production, forming the state of practice? ➔ What features are built into the protocols utilised in the automotive industry to provide security? ➔ What extensions can introduce security to the protocols? ➔ How do these extensions compare in terms of security, according to the CIA triad?

5

slide-6
SLIDE 6

Related Work

➔ Network Standards

Different protocols for vehicle networks Thomas Nolte et al. & Navet et al.

➔ Attacks on Protocols

Various attacks on different network types Nilsson et al. & Miller and Valasek ➔

Proposed Extension

Introduction of Security Cros and Chênevert & Kurachi et al.

6

slide-7
SLIDE 7
  • CAN
  • LIN
  • FlexRay
  • Ethernet
  • MOST

7

Protocols

slide-8
SLIDE 8

Extensions

Authentication and Payload

➔ CaCAN (Kurachi, R. et al.)

8 bits for authentication 56 bits for payload

➔ Hash Auth CAN (Cros, O. and Chênevert, G)

24 bits for authentication 40 bits for payload or not CAN-compliant ➔

Hash Auth FlexRay

28 bits for authentication 228 bits for payload

8

slide-9
SLIDE 9

Our experiments

Simulated in software

  • CANoe
  • CAN & FlexRay
  • Programmable ECUs

Hardware experiment (CAN)

  • Arduino Microcontrollers
  • CAN Bus
  • CAN Shields

9

slide-10
SLIDE 10

CIA Security

10

CAN CaCAN HashAuth FlexRay FR HashAuth Confidentiality

  • -
  • -
  • -
  • -
  • -

Integrity + - (CRC) + (8-bit) + + (24-bit) + - (CRC) + + (28-bit) Availability

  • -
  • -

+ + -

slide-11
SLIDE 11

11

slide-12
SLIDE 12

Conclusion

➔ CAN and FlexRay

Most used in industry

➔ Only basic integrity checks

Protocols not designed with security in mind ➔

Many proposals for CAN, none for FlexRay

Most behave similar

➔ Introduce Authenticity, Performance impact

Change in CIA

12

slide-13
SLIDE 13

Discussion

➔ Real life ECUs

Only tested on Arduinos

➔ Software optimization

Different hashing algorithms

➔ Number of extension

Scoped to two proposals

➔ FlexRay hardware

Using software only

13

slide-14
SLIDE 14
  • Automotive Ethernet
  • Proposals for FlexRay
  • ECU Measurements
  • Ethical Discussion

14

Future Work