Modern automotive architectures are complex and often comprise of hundreds of electronic control units (ECUs). These ECUs provide diverse services including infotainment, telematics, diagnostics, advanced driving assistance, and many others. The availability of such services is mainly attained by the increasing connectivity with the external world, thus expanding the attack surface. In recent years, automotive original equipment manufacturers (OEMs) and ECU suppliers have become cautious of cyber attacks and have begun fortifying the most vulnerable systems, with hardware-based security modules that enable sandboxing, secure boot, secure software updates and end-to-end message authentication. Nevertheless, insecure legacy ECUs are still in-use in modern vehicles due to price and design complexity issues. Legacy ECUs depend on simple microcontrollers, that lack any kind of hardware-based security. This makes it essential to bridge the gap between modern and legacy ECUs through software-based security by which cyber attacks can be mitigated, thus enhancing the security of vehicles. This paper provides one more step towards highly secure vehicles by introducing a lightweight software-based security framework which provides legacy ECUs with software-based virtualization and protection features along with custom security services. We discuss the motivation for pure software-based approaches, explore the various requirements and advantages obtained, and give an initial insight of the design rationale. Furthermore, we provide a proof of concept implementation and evaluation with a demonstrative use case illustrating the importance of such framework in delivering new diagnostics security services to legacy ECUs.

Towards bridging the gap between modern and legacy automotive ECUs: A software-based security framework for legacy ECUs / Thangarajan, A. S.; Ammar, M.; Crispo, B.; Hughes, D.. - CD-ROM. - (2019), pp. 1-5. (Intervento presentato al convegno 2nd IEEE Connected and Automated Vehicles Symposium, CAVS 2019 tenutosi a usa nel 2019) [10.1109/CAVS.2019.8887788].

Towards bridging the gap between modern and legacy automotive ECUs: A software-based security framework for legacy ECUs

Crispo B.;
2019-01-01

Abstract

Modern automotive architectures are complex and often comprise of hundreds of electronic control units (ECUs). These ECUs provide diverse services including infotainment, telematics, diagnostics, advanced driving assistance, and many others. The availability of such services is mainly attained by the increasing connectivity with the external world, thus expanding the attack surface. In recent years, automotive original equipment manufacturers (OEMs) and ECU suppliers have become cautious of cyber attacks and have begun fortifying the most vulnerable systems, with hardware-based security modules that enable sandboxing, secure boot, secure software updates and end-to-end message authentication. Nevertheless, insecure legacy ECUs are still in-use in modern vehicles due to price and design complexity issues. Legacy ECUs depend on simple microcontrollers, that lack any kind of hardware-based security. This makes it essential to bridge the gap between modern and legacy ECUs through software-based security by which cyber attacks can be mitigated, thus enhancing the security of vehicles. This paper provides one more step towards highly secure vehicles by introducing a lightweight software-based security framework which provides legacy ECUs with software-based virtualization and protection features along with custom security services. We discuss the motivation for pure software-based approaches, explore the various requirements and advantages obtained, and give an initial insight of the design rationale. Furthermore, we provide a proof of concept implementation and evaluation with a demonstrative use case illustrating the importance of such framework in delivering new diagnostics security services to legacy ECUs.
2019
2019 IEEE 2nd Connected and Automated Vehicles Symposium, CAVS 2019 - Proceedings
New York
Institute of Electrical and Electronics Engineers Inc.
978-1-7281-3616-5
Thangarajan, A. S.; Ammar, M.; Crispo, B.; Hughes, D.
Towards bridging the gap between modern and legacy automotive ECUs: A software-based security framework for legacy ECUs / Thangarajan, A. S.; Ammar, M.; Crispo, B.; Hughes, D.. - CD-ROM. - (2019), pp. 1-5. (Intervento presentato al convegno 2nd IEEE Connected and Automated Vehicles Symposium, CAVS 2019 tenutosi a usa nel 2019) [10.1109/CAVS.2019.8887788].
File in questo prodotto:
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11572/288977
 Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo

Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 4
  • ???jsp.display-item.citation.isi??? 1
  • OpenAlex ND
social impact