Attack AND Defense Playground For Automotive System


Modern cars have microcontrollers that use the Controller Area Network (CAN) to perform safety and luxury functions. 

However, vehicle hijacking can occur through message injection attacks because the CAN network lacks the security of drive-by-wire systems such as speed control, consequently posing a risk to life. 

Despite the efforts of researchers to propose solutions like intrusion detection, encryption, and authentication to enhance CAN’s security features, many previous works have not taken into account practical constraints in auto-making.

Free Webinar on Live API Attack Simulation: Book Your Seat | Start protecting your APIs from hackers

The following cybersecurity analysts present HackCar, a cost-effective and fully configurable test platform for evaluating attacks and defenses on automotive architectures:-

  • Dario Stabili
  • Filip Valgimigli
  • Edoardo Torrini
  • Mirco Marchetti

However, there are difficulties for several investigators who want to access actual automobile platforms when analyzing security risks in existing car systems due to investment barriers.

HackCar : Attack AND Defense Playground

HackCar is built on a stripped F1-10th model, HackCar replicates in-vehicle networks and allows implementing real-world scenarios like compromising an autonomous forward-collision avoidance system. 

By open-sourcing HackCar’s specifications, designs, and prototype boards, it enable researchers to replicate and expand on this secure, safe, and budget-friendly platform for comprehensively testing vehicle system security without prohibitive investments. 

Researchers’ main contribution is facilitating crucial automotive cybersecurity research previously restricted by access limitations.

HackCar comprises the following main components:-

  • The sensing system for obstacle detection (LiDAR or stereo cameras)
  • Multiple on-board controllers for sensor data analysis (Sensing System Controller)
  • Actuator management (Main Controller Unit)
  • Attack replication (Attack Controller)
  • Anomaly detection (Detection Controller)
  • An in-vehicle CAN network facilitating communication among controllers using standardized data frames

This architecture replicates a real vehicle’s operational scenarios like autonomous and manual emergency braking while enabling security evaluation through attack implementation and defensive monitoring across the integrated sensing, computational, and network layers.

Overview of the HackCar test platform(Source – Arxiv)

The threat model considers an attacker with in-vehicle network access able to inject malicious CAN messages but not compromise existing ECUs. 

Researchers experimentally evaluate an attack subverting the autonomous emergency braking system by having the Attack Controller intercept and overwrite RPM messages, preventing the platform from stopping. 

Validation involves analyzing CAN bus utilization compared to a reference vehicle, focusing on frequent drive-by-wire related messages, and scrutinizing attack consequences observed in CAN communication. 

Results confirm that HackCar replicates realistic attack behaviors impacting the autonomous driving functionality.

Researchers presented HackCar, a configurable test platform for prototyping attacks and defenses on automotive systems. 

Implemented using an F1-10th model with multiple automotive-grade microcontrollers, HackCar replicates sensing systems for ADAS features, a main controller for autonomous driving, an attacker component for injecting malicious messages on the in-vehicle network, and a detection system to evaluate defensive solutions. 

Validation tests confirm HackCar accurately models realistic vehicle behavior while enabling security research by demonstrating attack consequences in a controlled, cost-effective environment without requiring full vehicle access. 

HackCar facilitates crucial automotive cybersecurity studies that were previously challenging due to platform limitations.

Is Your Network Under Attack? - Read CISO’s Guide to Avoiding the Next Breach - Download Free Guide



Source link