400 likes | 413 Views
Cyber Threats Facing Autonomous and Connected Vehicles: Future Challenges Simon Parkinson, Paul Ward, Kyle Wilson, and Jonathon Miller. A Review of the Above Document By: Robert James. Introduction.
E N D
Cyber Threats Facing Autonomous and Connected Vehicles: Future ChallengesSimon Parkinson, Paul Ward, Kyle Wilson, and Jonathon Miller A Review of the Above Document By: Robert James
Introduction “Connected and Autonomous Vehicles (CAVs) incorporate many different technologies to enable driverless, safe, and efficient transportation. Connection mechanisms support communication between vehicles and infrastructure, sharing of data such as position, and speed of movement, etc.”
Introduction “The development and commercial release of Connected and Autonomous Vehicles (CAVs) is largely driven by the desire to produce quicker, more reliable and and safer vehicles and more robust and resilient transportation infrastructure. Developing increasingly autonomous and connected vehicles inevitably requires an increase in computing resources.”
Introduction Currently there is considerable effort spent on identifying: • Vulnerabilities • Mitigation techniques • Potential impact
Red Ink Anyone? “The aim of the present research was to review the research on CAV related cyber security vulnerabilities and mitigation techniques, provide an overview of past and current research efforts, and to collate this research in to key areas of activity. The aim of this paper is to identify knowledge gaps that can subsequently be used to motivate a future a roadmap to addressing the cyber security related challenges. The paper is structured as follows: the following section provides and in-depth analysis of publicly available literature to identify cyber security related knowledge gaps.”
Literature Survey • Factors that motivated the authors work: • CAV technology is not mature. • Supply chain for vehicle parts makes use of a wide range of technologies. • Auto manufactures outsource a considerable amount of activity
Presentation Flow Slide 1. A. The Vehicle • Low-Level Sensors • GPS • Inertia Sensors • Tyre (Tire) Pressure Monitoring System (TPMS) • Light Detection And Ranging (LiDAR) • Camera and Infrared • Vehicle Control Units • Engine Control Units (ECDs)
Presentation Flow Slide 2. B. Human Aspects • Privacy • Behavioral Aspects C. Connection Infrastructure • Attack Types • Physical Access Vulnerabilities • Close Proximity Vulnerabilities • Remote Access Vulnerabilities
GPS • Spoofing • Jamming
GPSJamming • Drown out the GPS receiver with noise • GPS Jamming devices readily available
GPSProposed Technique for PreventingJamming and Spoofing • Use secondary measurement systems (GLONASS, BeiDou, Galileo, NAVIC) to monitor GPS signals for attacks.
Inertia Sensors Inertial Measurement units used to provide data for: • Velocity • Acceleration • Orientation
Inertia Sensors • CarShark • https://jalopnik.com/5539181/carshark-software-lets-you-hack-into-control-and-kill-any-car • https://www.popsci.com/cars/article/2010-05/researchers-hack-car-computers-shutting-down-brakes-engine-and-more
Inertia SensorsMitigation of Attacks Proposed techniques: • Encryption • Monitor sensor signal. • Additional sensors.
Engine Control Units • Regulate engine activity
Engine Control UnitsMitigation of Attacks • Encryption • https://warwick.ac.uk/fac/sci/eng/staff/saf/publications/date2015-mundhenk.pdf
Tyre (Tire)-Pressure Monitor Systems(TPMS) • Small device located on the valve of each tire. • Required in USA for all vehicles manufactured from 2007 on.
Light Detection and Ranging(LiDAR) • Generate map of vehicle’s environment. • Localization • Obstacle Avoidance • Navigation
LiDARAttacks • Susceptible to jamming, spoofing, and deceiving
LiDARAttack Mitigation • Multiple Wavelengths • CAV-to-CAV image sharing • Random probing
Camera and Infrared Systems • Obstacle detection • Object recognition
Camera and Infrared SystemsAttacks • Directed light • (natural or man made, intentional or unintentional)
Camera and Infrared SystemsAttack Mitigation • Additional cameras • Filters
Engine Control Units (ECU) • Powertrain • Safety Systems • Body Control • Data Communication
Engine Control Units (ECU)Key ECUs within a CAVThe following list, while not exhaustive, provides a level of importance in descending order. • Navigation control module (NCM) • Engine control module (ECM) • Electronic brake control module (EBCM) • Transmission control module (TCM) • Telematics module with remote commanding • Body control module (BCM) • Inflatable restraint module (IRM) • Vehicle vision system (VVS) • Remote door lock receiver • Heating, ventilation, and air conditioning (HVAC) • Instrument panel module • Radio and entertainment centre
Engine Control Units (ECU)Sample Exploits • http://www.nationaldefensemagazine.org/articles/2015/5/1/2015may-researchers-hack-into-driverless-car-system-take-control-of-vehicle • https://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/ • C. Vallance, Car Hack Uses Digital Radio Broadcast to Seize Control. https://www.bbc.com/news/technology-33622298 • Comprehensive Experimental Analyses of Automotive Attack Surfaces http://www.autosec.org/pubs/cars-usenixsec2011.pdf
Engine Control Units (ECU)Exploit Mitigation • Intrusion detection systems • Message Authentication Codes (MAC) • Author’s believe asymmetric encryption is the way to go.
Privacy Concerns • As with social internet sites it is possible that personal data from CAVs can be gathered and used…
Behavioral Aspects • How is a CAV to interact with human operator (of unknown technical expertise) in the event of system malfunction or intrusion detection?
CAV Connectivity to External Objects • Vehicle-to-Vehicle (V2V) • Vehicle-to-Infrastructure (V2I) • Vehicle-to-Internet Enabled Device (V2X)
CAV Connectivity IssuesAttack Types • Password and Key Attacks • Denial of Service • Network Protocol Attacks • Phishing • Rogue Updates
CAV Connectivity IssuesPhysical Access • On-Board Diagnostic Port • Media Systems
CAV Connectivity Issues Close Proximity Vulnerabilities • Bluetooth • Keyless Entry and Ignition Systems https://www.engadget.com/2018/10/22/tesla-model-s-theft-keyfob-hack/ • Signal Jamming for Connected Devices
CAV Connectivity Issues Remote Access Vulnerabilities • Radio (GPS, Digital Radio, Radio Data System, Traffic Message Channels) • Cellular and Internet-Enabled Exploits
Summary of Gaps in Knowledge and Their Potential Impact – Part 1
Summary of Gaps in Knowledge and Their Potential Impact – Part 2