Research Projects

  • S2-CAN

    S2-CAN: Sufficiently Secure Controller Area Network

    To defend against spoofing, replay and eavesdropping attacks, we developed S2-CAN to present a trade-off between security and performance on the CAN bus. It adds the security properties of confidentiality and authenticity to CAN messages without using cryptography. By using a modified version of LibreCAN to attack S2-CAN, we show that a secure CAN is possible with minimal overhead on ECU resources and latency.

  • Android_Automotive

    Security Analysis of Android Automotive

    In-vehicle infotainment (IVI) platforms are getting increasingly connected. Besides OEM apps and services, the next generation of IVI platforms such as Android Automotive are expected to offer integration of third-party apps. We draw attention to vulnerabilities in the system architecture of Android Automotive and propose mitigations.

  • SPy

    SPy: Car Steering Reveals Your Trip Route!

    In this project, we developed a privacy attack on novel vehicular data-collection platforms (such as Android Automotive). Exploiting the weak proposed permission model, we could show that vehicle location can be accurately inferred by merely using the steering wheel angle.

    Vehicular data-collection platforms as part of Original Equipment Manufacturers’ (OEMs’) connected telematics services are on the rise in order to provide diverse connected services to the users. They also allow the collected data to be shared with third-parties upon users’ permission. Under the current suggested permission model, we find these platforms leaking users’ location information without explicitly obtaining users’ permission. We analyze the accuracy of inferring a vehicle’s location from seemingly benign steering wheel angle (SWA) traces, and show its impact on the driver’s location privacy. By collecting and processing real-life SWA traces, we can infer the users’ exact traveled routes with up to 71% accuracy, which is much higher than the state-of-the-art.

  • LibreCAN

    LibreCAN: Automated CAN Message Translator

    In this project, we developed LibreCAN , a system to automatically translate most CAN messages with minimal effort. The protocol is designed to save security researchers the time and effort they spend manually reverse-engineering the CAN messaging format of each vehicle they study. This makes it easier to determine how new attacks can be used against a number of makes and models at once and design necessary defenses.

    Vehicle security attacks to date have all shared one very important feature – they all ultimately require write access to the CAN bus. But in order to do that, one has to know the message format of the CAN bus to inject meaningful data. All makes and models of vehicles have different message formats that are proprietary to the car manufacturer which hopes to prevent cybersecurity attacks on vehicles by not disclosing translation tables for CAN data. In order to cause targeted and intentional changes in vehicle behavior, malicious CAN injection attacks require knowledge of these translation tables.

  • CarLab

    CarLab: Framework for Vehicular Data Collection and Processing

    Collecting and monetizing data from vehicles is getting increasingly popular. In this project, we survey the field of vehicular data collection, describe the system architecture of CarLab and related research issues.

    Due to the growth of intelligent and self-driving vehicles, there are a multitude of data-driven applications such as user monitoring or traffic modeling and control. Each application often uses its own data-collection platform, leading to a scattered landscape of solutions for vehicular data-driven research and app development. We propose CarLab, a flexible and open vehicular data-collection platform which unifies this landscape of vehicular data-driven research and app development.

  • CAID

    Context-aware Intrusion Detection in Automotive Control Systems

    This project describes a method and framework to detect manipulations in automotive control systems. As the automotive industry is shifting towards employing software-based solutions, the incentives for attackers to manipulate automotive systems. The boundary where the cyber and physical world interface is particularly sensitive for security and safety. Manipulations in the computer system might have an uncontrollable impact in the physical environment and could lead to potentially dangerous situations.

    This project presents a context-aware intrusion detection system (CAID) framework capable to recognize manipulations of the physical system using cyber means. CAID uses sensor information to establish reference models of the physical system and then checks correctness of current sensor data against the reference models. Thereby, it establishes the notion of plausibility of a controller’s operation. CAID augments today’s cyber physical intrusion detection systems (IDS) by adding a physical model to the detection engine. The CAID framework has been evaluated in a vehicular setup using test vehicle. Telemetry data has been collected from a test vehicle that has then been chip-tuned with a commercially available chip-tuning tool to obtain manipulated data. CAID was able to recognize the chip tuning with a very high probability using an unsupervised Artificial Neural Network (ANN). This proof-of-concept could be the starting point to enhance current automotive IDS using the CAID framework in order to detect future automotive attacks to safety-critical systems.

  • Automotive Firewall

    HW/SW Co-Design of an Automotive Embedded Firewall

    In this project, we designed firewalls for the next-generation automotive E/E architecture. In order to meet automotive requirements, functionalities had to be split between hardware and software. An extensive evaluation shows the feasibility of this firewall design for the future domain architecture.

    The automotive industry experiences a major change as vehicles are gradually becoming a part of the Internet. Security concepts based on the closed-world assumption cannot be deployed anymore due to a constantly changing adversary model. Automotive Ethernet as future in-vehicle network and a new E/E Architecture have different security requirements than Ethernet known from traditional IT and legacy systems. In order to achieve a high level of security, a new multi-layer approach in the vehicle which responds to special automotive requirements has to be introduced. One essential layer of this holistic security concept is to restrict non-authorized access by the deployment of embedded firewalls.

    This project addresses the introduction of automotive firewalls into the next-generation domain architecture with a focus on partitioning of its features in hardware and software. Based on the deployment of the firewall in the in-vehicle network, the corresponding adversary model and automotive requirements such as latency, jitter, CPU load and memory consumption are going to be discussed. Drivers behind these metrics are primarily safety concerns and cost and thus are relevant for both OEMs and hardware manufacturers. As a result, a reasonable implementation of an automotive firewall system has to be a trade-off between hardware and software in order to meet the above-named automotive requirements. We implemented the firewall on an Infineon AURIX TriCore and Altera Cyclone V FPGA to analyze these metrics. The paper shows the options and decision points to find an optimal partitioning between hardware and software for an automotive embedded firewall system.