My research interests primarily include the security and privacy of vehicles. I worked on Automotive Ethernet Security, Intrusion Detection Systems during positions I held before my PhD. I also worked on an open-source automotive data collection platform called CarLab, as well as an automated CAN bus reverse engineering platform called LibreCAN. Currently I am focussing on privacy attacks and defenses of vehicular data to protect drivers' personal information.
Vehicle security attacks to date have all shared one very important feature – they all ultimately require write access to the CAN bus. But in order to do that, one has to know the message format of the CAN bus to inject meaningful data. All makes and models of vehicles have different message formats that are proprietary to the car manufacturer which hopes to prevent cybersecurity attacks on vehicles by not disclosing translation tables for CAN data. In order to cause targeted and intentional changes in vehicle behavior, malicious CAN injection attacks require knowledge of these translation tables.
Due to the growth of intelligent and self-driving vehicles, there are a multitude of data-driven applications such as user monitoring or traffic modeling and control. Each application often uses its own data-collection platform, leading to a scattered landscape of solutions for vehicular data-driven research and app development. We propose CarLab, a flexible and open vehicular data-collection platform which unifies this landscape of vehicular data-driven research and app development.
This project presents a context-aware intrusion detection system (CAID) framework capable to recognize manipulations of the physical system using cyber means. CAID uses sensor information to establish reference models of the physical system and then checks correctness of current sensor data against the reference models. Thereby, it establishes the notion of plausibility of a controller’s operation. CAID augments today’s cyber physical intrusion detection systems (IDS) by adding a physical model to the detection engine. The CAID framework has been evaluated in a vehicular setup using test vehicle. Telemetry data has been collected from a test vehicle that has then been chip-tuned with a commercially available chip-tuning tool to obtain manipulated data. CAID was able to recognize the chip tuning with a very high probability using an unsupervised Artificial Neural Network (ANN). This proof-of-concept could be the starting point to enhance current automotive IDS using the CAID framework in order to detect future automotive attacks to safety-critical systems.
The automotive industry experiences a major change as vehicles are gradually becoming a part of the Internet. Security concepts based on the closed-world assumption cannot be deployed anymore due to a constantly changing adversary model. Automotive Ethernet as future in-vehicle network and a new E/E Architecture have different security requirements than Ethernet known from traditional IT and legacy systems. In order to achieve a high level of security, a new multi-layer approach in the vehicle which responds to special automotive requirements has to be introduced. One essential layer of this holistic security concept is to restrict non-authorized access by the deployment of embedded firewalls.
This project addresses the introduction of automotive firewalls into the next-generation domain architecture with a focus on partitioning of its features in hardware and software. Based on the deployment of the firewall in the in-vehicle network, the corresponding adversary model and automotive requirements such as latency, jitter, CPU load and memory consumption are going to be discussed. Drivers behind these metrics are primarily safety concerns and cost and thus are relevant for both OEMs and hardware manufacturers. As a result, a reasonable implementation of an automotive firewall system has to be a trade-off between hardware and software in order to meet the above-named automotive requirements. We implemented the firewall on an Infineon AURIX TriCore and Altera Cyclone V FPGA to analyze these metrics. The paper shows the options and decision points to find an optimal partitioning between hardware and software for an automotive embedded firewall system.