automotive cyber security: challenges and...
TRANSCRIPT
Automotive Cyber Security:
Challenges and Opportunities
Presented By:
Fred Barez
San Jose State University
IEEE Computer Society Santa Clara Valley Section
October 20, 2015
Presentation Outline
Mechanical Engineering Department Hybrid & Electric Vehicle Technology Lab
Automotive Cyber Security
VW Emission Manipulation
SJSU ME Department Projects
Questions and Answers
Mechanical Engineering Department
Hybrid & Electric Vehicle Technology Lab
Sponsors:
Automotive Cyber Security
Jeep/Fiat-Chrysler recalls 1.4M vehicles to prevent hacking, San Jose Mercury News(7/25/15)
Putting the recent wave of car hack hysteria in perspective, Forbes(8/10/15)
The web-connected car is cool, until hackers cut your brakes, New York Times(7/23/15)
Volkswagen hid a car hacking flaw for two years, CNN(8/14/15)
Car hacked via a laptop, CBS’s 60 Minutes(2/8/15)
Hackers remotely kill a Jeep on highway, W-I-R-E-D Magazine(7/24/15)
Cyber security is the body of technologies, products and protocols designed to protect vehicle
network from attacks.
Recently In the News
From Personal Computers (PCs) to
Internet of Things (IoT)
1975, Personal Computers were introduced.
1988, First commercial cyber attack(Morris Worm).
1988, BMW 8-Series introduced ECUs.
1991, Norton Anti-Virus Software by Symantec was introduced.
1994, Yahoo started.
1994, the word ‘cyber security’ was introduced.
1996, Commercialization of the WWW.
1998, Google started.
1999, Concept of IoT was introduced.
2000, ZoneAlarm Firewall was introduced for personal computers.
2004, MicroSoft introduced Firewall in MS-Windows XP.
2009, GM introduced emergency reporting system (On-Star) .
2011, IoT became viral.
Modern Vehicles: Computers on Wheels
Automotive Cyber Security
Connected vehicle Ecosystem
If anything connected via internet, such as a vehicle, can be hacked
Modern vehicles have over 70 ECUs and more than 150 sensors
Sensors and ECUs communicate through In-Vehicle Network (IVN)
Sensors in a vehicle are an integrated system of mobile, cloud, social and Big Data
analytics. Big data requires fast network and fast computational tools
Collected data from sensors are transferred to ECU through IVN, and via internet to
the clouds.
Vehicle Manufacturers will have access to such analytics for quality and design
improvements.
Modern In-Vehicle Network:70+ ECUs(or CPUs)
In-Vehicle Networking (IVN) Protocols
LIN: Local Interconnect Network
Low data-rate functions
Up to 20 kbits/s, limited to 12 nodes.
CAN: Controlled Area Network
Medium speed data transmission
40 kbits/s to 1 Mbits/s, 40+ devices
FlexRay:
For safety-critical applications
1 Mbits/s to 10 Mbits/s
MOST: Media Oriented Systems Transport
High speed data-rates
12 Mbits/s to 22 Mbits/s
CAN bus and Vehicle Hacking
Get Access To CAN bus (through internet or additional hardware)
Flowing data can be read and understood from CAN bus
Inject hacking commands or Block commands for targeted peripherals
Interrupt ECU operations by memory overflow with random data injection
Examples:
Jeep Chrysler
Faulty Multimedia feature(smart connect) that gave access to CAN bus
commands to remotely control through a mobile network.
Toyota Prius 2010
Through additional Hardware connected to CAN diagnostics port.
CAN bus Overview
What is CAN bus?
Controller Area Network (CAN) is a fast serial bus designed to provide an efficient,
reliable and economical link to communicate with several devices such as ECUs
CAN bus was developed in 1983 and is currently used in all vehicles
Why Is it used in automotives?
It is Real time(Up to 1Mbits/s)
Embedded level protocol
Supports 40+ ECU devices on single bus.
Standard protocols (ISO & SAE)
CAN bus Network in a Vehicle
Typical CAN bus Network
OBD-II
CAN bus Protocol
CBS 60 Minutes Program(2 minutes)
Hackers remotely kill a Jeep on highway(5 minutes)
Reasons why cyber security is a major
concern and its Sources
Concerns:
Wide spread use of new software and hardware platforms
Easy access to software and hardware products
Sophisticated attacks with specific targets
Sources:
Mobile Devices: increase in the use of smart phones and devices
The cloud: A single port of entry accessible from anywhere
Social Media: Easy access to data on smart devices
Accessibility to hacking software and hardware tools
Installation of third-party (non-OEM) devices
Automotive Cyber Security Challenges
We live in an increasingly networked world.
Cyber attacks have increased drastically over the past decades exposing
vehicles to disrupting functionality.
Internet of Things (IoT) used in today’s vehicles is a powerful tool in transforming
our lives to enjoy a greater driver/passenger experience.
If vehicles are connected via internet then, they are vulnerable to cyber threats
or hacking.
Cyber security is the body of technologies, products and protocols designed to
protect vehicle network from attacks.
Automotive Cyber Security: Opportunities
Increase security in mobile devices, cloud computing, restrict the use of hacking
software and hardware tools, government involvement.
Implementation of existing IT security protocols.
Remote lock of mobile and smart devices
Restrict OBD-II devices to one way communication
Encryption of data and use of anti-malware/anti-virus software in CAN bus design
Education and certification of professionals in automotive cyber security.
Conclusions
If a vehicle is connected to the internet, it is hackable!
There is no solution to eliminate cyber attacks however, we can only try
to minimize such threats
Raise awareness about automotive cyber security
Utilize system hardware and software to monitor, detect and block cyber attacks
VW Software Manipulation
500,000 VW Diesel Vehicles Recalled Due to Failed Emission Test
A West Virginia University study raised questions about emissions levels from light-
duty diesel Volkswagen vehicles during on-the-road testing.
What is it?
A hacking scheme to reduce pollution test results of VW diesel vehicles
How was it done?
Software manipulation in ECU to improve fuel economy vs excessive Emission.
VW Software Manipulation
Road emission tests were conducted
using a portable measurement
system to characterize various
pollutants including NOx from tail
pipe and data from engine ECU
Engine ECU controls:
Fuel inlet
Fuel to air ratio
Fuel Economy
Engine inlet/outlet valves
Exhausted emissions
Diesel Fuel to Pollution Generation
Function of a NOx trap
The exhaust pollution were to pass through a NOx Trap to ‘absorb’ and trap’ the Nitrogen Oxide.
Unburned fuel works as catalyst for NOx trap.
The more fuel consumed, the more NOx is trapped, less pollution exhausted.
But VW wanted to show less fuel consumed to demonstrate improved fuel economy to consumers.
How is it manipulated?
Engineers manipulated the software to control
fuel/air ratio such that exhausted pollution levels
would be different under EPA test conditions vs road
tested using:
Movement of steering wheel
Speed
Atmospheric Pressure
How long the engine was on
SJSU ME Department Projects
Vehicle Collision Avoidance
Vehicle Cyber Hacking
Other SJSU Projects
Project Demo
SJSU: Vehicle Collision Avoidance
Original RC vehicle • Introduced Beagle-Bone Black Micro Computer.
• IR & Ultrasonic Sensors.
• Algorithm written in Shell script & ‘C’ to control
9V DC motors (Honda & Mazda).
SJSU: Vehicle Hacking
• Same Hardware with added WiFi transmitter/receiver to connect to internet through
a mobile hotspot
• Get access to Beagle-Bone Black through any device within the network (Using SSH
protocol)
SJSU: Sustainable Vehicles
Solar Powered QuadraCycle with Front
Wheel Hub Motors
Human & Electric Powered Hybrid Tricycle
SJSU: Hybrid Vehicle Demonstrator & Battery
Characterization
Hybrid Vehicle demonstrator
to show the operation and
transition from electric to ICE
Rechargeable (Lithium Polymer) battery
characterization and thermal management
station
SJSU: Other Project Videos
Sustainable Electric Bicycle Solar Powered QuadaCycle All Wheel Drive-Electric
Utility Vehicle
SJSU: Current Project
Application of wearable
devices to communicate with
E-bikes to actuate hub motors
based on rider’s heart rate
monitoring
Acknowledgement: Rushabh Desai
Thank You
Questions?
Project Demo