Cyber-physical systems (CPS) are highly integrated mechanisms in which one or more subsystems are monitored and controlled by software, possibly with a high degree of autonomy and minimal external inputs coming from users. A prominent example of widespread cyber-physical systems are modern passenger vehicles, that are composed by many mechanical parts controlled by Electronic Control Units (ECUs), which are programmed to perform different tasks in the automotive system. Mechanisms controlled through ECUs range from simple tasks activated by drivers, such as windshield wipers or power windows, to completely automated, complex and real-time systems, such as engine control, power steering, Electronic Stability Program (ESP) or the Anti-lock Braking System (ABS). These software-driven safety-relevant features are extremely effective in reducing the overall number of car accidents and fatalities. However, they also open new avenue for cyber-attackers, that can now explore (and possibly exploit) a wide range of software-based attacks against the control logic implemented by ECUs. These threats are also magnified by the current trend toward an increasing connectivity of modern vehicles. It is now common even for low-tier vehicles to integrate Bluetooth connectivity with smartphones (hence an indirect connection to the Internet) or direct Internet connectivity through cellular networks. Similar threats are not only theoretical. Recent research and media reports showcased several cyber-attacks against recent, unmodified licensed vehicles, which exploited cellular connections to penetrate the automotive network and obtain remote control over the engine, brakes and power steering systems. These recent works exposed different vulnerabilities of the networking protocols and communication buses enabling communication among safety-relevant ECUs. These systems are based on outdated standards, that have been designed for simpler ECUs and completely isolated networks, and do not provide any security guarantee. This thesis proposes many solutions for improving the cyber-security of the internal network communications of modern vehicles, and addresses the whole cyber-security lifecycle ranging from the prevention of cyber-attacks to their detection in operational vehicles and up to the proposal of automatic countermeasure that can mitigate the physical consequences of cyber-attacks. Prevention of cyber-attacks requires the adoption of secure protocols that include integrity and authentication guarantees for safety-relevant in-vehicle communications. In this field this thesis explores the trade-offs among different strategies for the management and distribution of cryptographic material, taking into consideration the full lifecycle of a modern vehicle. Attack detection represents the main focus of this thesis, that proposes several novel intrusion detection algorithms specifically designed for the detection of realistic cyber-attacks against modern internal vehicle networks. All the proposed intrusion detection algorithms have been validated through experiments carried out over real communications among ECUs, gathered from modern unmodified vehicles. The proposed algorithms meet the hard computational and memory constraints of common automotive ECUs. To overcome the limitations caused by the lack of public specifications of internal communications in real vehicles, this thesis also proposes a novel algorithm for automatic reverse-engineering of automotive data-frames that allows to apply more fine-grained intrusion detection algorithms. Finally, the thesis proposes a novel strategy for reacting to a detected cyber-attack by leveraging the limp-home mode (a protection mechanism already implemented by ECUs) in the service of cybersecurity.

I sistemi cyber-fisici sono meccanismi integrati in cui uno o più sottosistema è monitorato e controllato da software, possibilmente con un alto grado di autonomia e minime interazioni con l'esterno e con gli utenti. Un esempio largamente diffuso di questi sistemi cyber-fisici sono i moderni autoveicoli, che sono composti da parti meccaniche controllate da centraline elettroniche, le quali sono programmate per eseguire diversi compiti nel sistema. I meccanismi controllati dalle centraline possono essere semplici, come le spazzole lavacristalli o i finestrini elettrici, o più complessi sistemi automatizzati e a tempo reale, quale il controllo motore, lo sterzo elettrico, il controllo elettronico della stabilità, o il sistema di antibloccaggio dei freni. Queste funzionalità software relative alla sicurezza fisica sono estremamente efficaci nel ridurre il numero di incidenti stradali ed il relativo numero di vittime. D’altro canto, permetto agli hacker di esplorare (e sfruttare) un ampio spettro di attacchi basati sul software contro le logiche implementate sulle centraline. Queste minacce sono amplificate dal continuo aumento della connettività dei veicoli. Al giorno d'oggi è comune trovare integrazione tra Bluetooth e telefoni anche su veicoli di fascia bassa, che possono anche offrire accesso diretto a Internet tramite connessione dati mobile. Queste minacce non sono solo teoriche. Recenti ricerche e inchieste giornalistiche hanno dimostrato diversi attacchi informatici ai danni di moderni autoveicoli, sfruttando la rete dati mobile per penetrare la rete interna del veicolo e controllare il motore, i freni e lo sterzo da remoto. Questi recenti studi hanno evidenziato le diverse vulnerabilità dei protocolli di comunicazione e delle reti che permettono alle centraline di comunicare tra loro. Questi sistemi di comunicazione sono basati su standard obsoleti, per centraline con minori capacità computazionali e per reti isolate, non fornendo alcuna garanzia di sicurezza. Questa tesi propone diverse soluzioni per aumentare la sicurezza informatica della rete di comunicazione interna dei veicoli moderni, e indirizza il ciclo di vita completo della sicurezza del veicolo partendo dalla prevenzione fino alla rilevazione di attacchi, proponendo inoltre un metodo automatico per contrastare eventuali conseguenze sull'incolumità fisica a seguito di attacchi informatici. La prevenzione di attacchi informatici richiede l'adozione di protocolli sicuri che includano garanzie di integrità autenticazione per comunicazioni interne al veicolo riguardanti la sicurezza fisica. In questo campo, questa tesi esplora I compromessi tra le diverse strategie per la gestione e la distribuzione di materiale criptografico, considerando il ciclo di vita completo del moderno autoveicolo. La rilevazione di attacchi rappresenta l'argomento principale di questa tesi, la quale propone diversi algoritmi di rilevazione di attacchi pensati appositamente per rilevare anomalie di traffico nelle reti interne dei moderni autoveicoli. Tutti gli algoritmi proposti sono stati testati e validati con esperimenti condotti su traffico reale tra centraline. Gli algoritmi proposti osservano i requisiti stringenti di memoria e di potenza computazionale delle moderne centraline. Per sopperire alla mancanza pubblica delle specifiche delle reti interne, questa tesi propone un algoritmo per l'estrazione automatica di informazioni da messaggi automotive, che permette di applicare metodologie di rilevazione di intrusioni più dettagliate. Infine, questa tesi propone una tecnica di risposta alla rilevazione di attacchi informatici che sfrutta il la modalità limp (un meccanismo di protezione già presente nelle centraline) per reagire ad attacchi informatici.

Sicurezza informatica per reti di comunicazione interne di autoveicoli moderni / Dario Stabili , 2020 Mar 09. 32. ciclo, Anno Accademico 2018/2019.

Sicurezza informatica per reti di comunicazione interne di autoveicoli moderni

Stabili, Dario
2020

Abstract

Cyber-physical systems (CPS) are highly integrated mechanisms in which one or more subsystems are monitored and controlled by software, possibly with a high degree of autonomy and minimal external inputs coming from users. A prominent example of widespread cyber-physical systems are modern passenger vehicles, that are composed by many mechanical parts controlled by Electronic Control Units (ECUs), which are programmed to perform different tasks in the automotive system. Mechanisms controlled through ECUs range from simple tasks activated by drivers, such as windshield wipers or power windows, to completely automated, complex and real-time systems, such as engine control, power steering, Electronic Stability Program (ESP) or the Anti-lock Braking System (ABS). These software-driven safety-relevant features are extremely effective in reducing the overall number of car accidents and fatalities. However, they also open new avenue for cyber-attackers, that can now explore (and possibly exploit) a wide range of software-based attacks against the control logic implemented by ECUs. These threats are also magnified by the current trend toward an increasing connectivity of modern vehicles. It is now common even for low-tier vehicles to integrate Bluetooth connectivity with smartphones (hence an indirect connection to the Internet) or direct Internet connectivity through cellular networks. Similar threats are not only theoretical. Recent research and media reports showcased several cyber-attacks against recent, unmodified licensed vehicles, which exploited cellular connections to penetrate the automotive network and obtain remote control over the engine, brakes and power steering systems. These recent works exposed different vulnerabilities of the networking protocols and communication buses enabling communication among safety-relevant ECUs. These systems are based on outdated standards, that have been designed for simpler ECUs and completely isolated networks, and do not provide any security guarantee. This thesis proposes many solutions for improving the cyber-security of the internal network communications of modern vehicles, and addresses the whole cyber-security lifecycle ranging from the prevention of cyber-attacks to their detection in operational vehicles and up to the proposal of automatic countermeasure that can mitigate the physical consequences of cyber-attacks. Prevention of cyber-attacks requires the adoption of secure protocols that include integrity and authentication guarantees for safety-relevant in-vehicle communications. In this field this thesis explores the trade-offs among different strategies for the management and distribution of cryptographic material, taking into consideration the full lifecycle of a modern vehicle. Attack detection represents the main focus of this thesis, that proposes several novel intrusion detection algorithms specifically designed for the detection of realistic cyber-attacks against modern internal vehicle networks. All the proposed intrusion detection algorithms have been validated through experiments carried out over real communications among ECUs, gathered from modern unmodified vehicles. The proposed algorithms meet the hard computational and memory constraints of common automotive ECUs. To overcome the limitations caused by the lack of public specifications of internal communications in real vehicles, this thesis also proposes a novel algorithm for automatic reverse-engineering of automotive data-frames that allows to apply more fine-grained intrusion detection algorithms. Finally, the thesis proposes a novel strategy for reacting to a detected cyber-attack by leveraging the limp-home mode (a protection mechanism already implemented by ECUs) in the service of cybersecurity.
Defending internal network communications of modern vehicles from cyber-attacks
9-mar-2020
MARCHETTI, Mirco
COLAJANNI, Michele
File in questo prodotto:
File Dimensione Formato  
main.pdf

Open Access dal 09/03/2023

Descrizione: tesi di dottorato
Dimensione 2.28 MB
Formato Adobe PDF
2.28 MB Adobe PDF Visualizza/Apri
Pubblicazioni consigliate

Licenza Creative Commons
I metadati presenti in IRIS UNIMORE sono rilasciati con licenza Creative Commons CC0 1.0 Universal, mentre i file delle pubblicazioni sono rilasciati con licenza Attribuzione 4.0 Internazionale (CC BY 4.0), salvo diversa indicazione.
In caso di violazione di copyright, contattare Supporto Iris

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11380/1200613
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus ND
  • ???jsp.display-item.citation.isi??? ND
social impact