Last month, we released the specification of a multi-component testbed representing a flexible and functional in-vehicle architecture for “real environment” trials to develop, test, validate and demonstrate automotive cybersecurity solutions.
Now, here at the Systems Security Group at the University of Coventry, we have been able to deploy the demonstrator to run some of the selected use cases to validate the Siemens solution.
In collaboration with representatives from the automotive industry, the Secure CAV team reviewed and created a shortlist of potential system attack threats for further investigation. The pervasive issue of odometer tampering was selected as the first hacking ‘abuse case’ to be investigated.
An odometer tampering attack attempts to disrupt the vehicle’s odometer value so that it no longer represents the true distance travelled by the vehicle. As a result, the rate at which the odometer increases can be reduced, or even ceases to increase at all. Such attacks are realised using a CAN filter explained in James Tyrrell’s earlier blog.
The frequency at which the odometer is updated both under normal operation and while being hacked is correlated with the speed of the vehicle. With the application of machine learning techniques, the mapping between these two variables can be learned and therefore predicted. In doing so, deviations from the normal mapping can provide evidence of an odometer tampering attack occurring within the car’s electronics system.
To visualise and assess the detection and mitigation procedure against the odometer tampering attack, we have emulated an instrument cluster in our testbed, using a RISC-V CPU on an FPGA platform (see Figure 1). The virtual instrument cluster receives CAN messages from the analytics software embedded on the FPGA, and hacked data from the car simulator. The graphical interface mimics the basic features of a real instrument cluster.
The main data shown on the cluster consists of the car and its engine speed, plus actual (hacked) odometer and the corrected odometer after the threat mitigation has been applied, and finally a warning signal to alert that hacking has been detected. The latter displays an exclamation sign in real time when the Siemens Embedded Analytics cybersecurity solution detects an anomaly. At the same time, the hacked data is also sent to a real instrument cluster where the real effect of the hack would be evident to the car’s driver.
From the displayed results and our recording of the CAN bus data, it is evident the Siemens Embedded Analytics solution has successfully detected and mitigated the odometer tampering hack.
In June, detection and mitigation of three more ‘abuse case’ namely as: OBDII, infotainment and door lock tampering will be integrated into the demonstrator. Stay tuned!