HackCar: a test platform for attacks and defenses on a cost-contained automotive architecture (2405.05023v1)
Abstract: In this paper, we introduce the design of HackCar, a testing platform for replicating attacks and defenses on a generic automotive system without requiring access to a complete vehicle. This platform empowers security researchers to illustrate the consequences of attacks targeting an automotive system on a realistic platform, facilitating the development and testing of security countermeasures against both existing and novel attacks. The HackCar platform is built upon an F1-10th model, to which various automotive-grade microcontrollers are connected through automotive communication protocols. This solution is crafted to be entirely modular, allowing for the creation of diverse test scenarios. Researchers and practitioners can thus develop innovative security solutions while adhering to the constraints of automotive-grade microcontrollers. We showcase our design by comparing it with a real, licensed, and unmodified vehicle. Additionally, we analyze the behavior of the HackCar in both an attack-free scenario and a scenario where an attack on in-vehicle communication is deployed.
- Bosch. (1991) Can specification version 2.0.
- C. Miller and C. Valasek. (2014) Adventures in automotive networks and control units.
- Keen Security Lab of Tencent. (2016) Car hacking research: Remote attack tesla motors. [Online]. Available: http://keenlab.tencent.com/en/2016/09/19/Keen-Security-Lab-of-Tencent-Car-Hacking-Research-Remote-Attack-to-Tesla-Cars/
- M. Kneib and C. Huth, “Scission: Signal characteristic-based sender identification and intrusion detection in automotive networks,” in Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, ser. CCS ’18. New York, NY, USA: ACM, 2018, pp. 787–800. [Online]. Available: http://doi.acm.org/10.1145/3243734.3243751
- D. Stabili, L. Ferretti, M. Andreolini, and M. Marchetti, “Daga: Detecting attacks to in-vehicle networks via n-gram analysis,” IEEE Transactions on Vehicular Technology, vol. 10, p. 15, 2022.
- B. Groza, S. Murvay, A. van Herrewege, and I. Verbauwhede, “Libra-can: A lightweight broadcast authentication protocol for controller area networks,” in Cryptology and Network Security, J. Pieprzyk, A.-R. Sadeghi, and M. Manulis, Eds. Berlin, Heidelberg: Springer Berlin Heidelberg, 2012, pp. 185–200.
- R. Kurachi, Y. Matsubara, H. Takada, H. Ueda, and S. Horihata, “Cacan: Centralized authentication system in can (controller area network),” 2016.
- C. Miller and C. Valasek. (2015) Remote exploitation of an unaltered passenger vehicle. White paper of Blackhat US conference. [Online]. Available: http://illmatics.com/Remote%20Car%20Hacking.pdf
- S. Longari, C. A. Pozzoli, A. Nichelini, M. Carminati, and S. Zanero, “Candito: Improving payload-based detection of attacks on controller area networks,” in Cyber Security, Cryptology, and Machine Learning, S. Dolev, E. Gudes, and P. Paillier, Eds. Cham: Springer Nature Switzerland, 2023, pp. 135–150.
- S. Checkoway, D. McCoy, B. Kantor, D. Anderson, H. Shacham, S. Savage, K. Koscher, A. Czeskis, F. Roesner, and T. Kohno, “Comprehensive experimental analyses of automotive attack surfaces,” in Proceedings of the 20th USENIX Conference on Security, ser. SEC’11. Berkeley, CA, USA: USENIX Association, 2011, pp. 6–6. [Online]. Available: http://dl.acm.org/citation.cfm?id=2028067.2028073
- H. Lee, K. Choi, K. Chung, J. Kim, and K. Yim, “Fuzzing CAN packets into automobiles,” in 2015 IEEE 29th Int’l Conf. on Advanced Information Networking and Applications, March 2015.
- K.-T. Cho and K. G. Shin, “Error handling of in-vehicle networks makes them vulnerable,” in Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, ser. CCS ’16. New York, NY, USA: ACM, 2016, pp. 1044–1055. [Online]. Available: http://doi.acm.org/10.1145/2976749.2978302
- A. Palanca, E. Evenchick, F. Maggi, and S. Zanero, “A stealth, selective, link-layer denial-of-service attack against automotive networks,” in Detection of Intrusions and Malware, and Vulnerability Assessment - 14th International Conference, DIMVA 2017, Bonn, Germany, July 6-7, 2017, Proceedings, 2017, pp. 185–206. [Online]. Available: https://doi.org/10.1007/978-3-319-60876-1_9
- K. Cho and K. G. Shin, “Viden: Attacker identification on in-vehicle networks,” CoRR, vol. abs/1708.08414, 2017. [Online]. Available: http://arxiv.org/abs/1708.08414
- M. Gmiden, M. H. Gmiden, and H. Trabelsi, “An intrusion detection method for securing in-vehicle CAN bus,” in Int’l Conf. Sciences and Techniques of Automatic Control and Computer Engineering, 2016.
- D. Stabili and M. Marchetti, “Detection of missing CAN messages through inter-arrival time analysis,” in 2019 IEEE 90th Vehicular Technology Conf., Sep. 2019.
- N. Nowdehi, W. Aoudi, M. Almgren, and T. Olovsson, “CASAD: CAN-aware stealthy-attack detection for in-vehicle networks,” 2019.
- S. Kramer, D. Ziegenbein, and A. Hamann, “Real world automotive benchmarks for free,” in 6th International Workshop on Analysis Tools and Methodologies for Embedded and Real-time Systems (WATERS), vol. 130, 2015.
- H. Elmqvist, S. E. Mattsson, H. Olsson, J. Andreasson, M. Otter, C. Schweiger, and D. Brück, “Real-time simulation of detailed automotive models,” in Proceedings, 2003, pp. 29–38.
- T. Buranathiti and J. Cao, “Benchmark simulation results: automotive underbody cross member (benchmark 2),” in AIP Conference Proceedings, vol. 778, no. 1. American Institute of Physics, 2005, pp. 1004–1112.
- K. Gangel, Z. Hamar, A. Háry, Á. Horváth, G. Jandó, B. Könyves, D. Panker, K. Pintér, M. Pataki, M. Szalai et al., “Modelling the zalazone proving ground: a benchmark of state-of-the-art automotive simulators prescan, ipg carmaker, and vtd vires,” Acta Technica Jaurinensis, vol. 14, no. 4, pp. 488–507, 2021.
- I. Paranjape, A. Jawad, Y. Xu, A. Song, and J. Whitehead, “A modular architecture for procedural generation of towns, intersections and scenarios for testing autonomous vehicles,” in 2020 IEEE Intelligent Vehicles Symposium (IV), 2020, pp. 162–168.
- A. Wallace, S. Khastgir, X. Zhang, S. Brewerton, B. Anctil, P. Burns, D. Charlebois, and P. Jennings, “Validating simulation environments for automated driving systems using 3d object comparison metric,” in 2022 IEEE Intelligent Vehicles Symposium (IV), 2022, pp. 860–866.
- Z. Qiao, X. Sun, H. Loeb, and R. Mangharam, “Drive right: Shaping public’s trust, understanding, and preference towards autonomous vehicles using a virtual reality driving simulator,” in 2023 IEEE Intelligent Vehicles Symposium (IV), 2023, pp. 1–8.
- B. Ellies, C. Schenk, and P. Dekraker, “Benchmarking and hardware-in-the-loop operation of a 2014 mazda skyactiv 2.0 l 13: 1 compression ratio engine,” SAE Technical Paper, Tech. Rep., 2016.
- Y. Shao, M. A. M. Zulkefli, Z. Sun, and P. Huang, “Evaluating connected and autonomous vehicles using a hardware-in-the-loop testbed and a living lab,” Transportation Research Part C: Emerging Technologies, vol. 102, pp. 121–135, 2019.
- M. Abboush, D. Bamal, C. Knieke, and A. Rausch, “Hardware-in-the-loop-based real-time fault injection framework for dynamic behavior analysis of automotive software systems,” Sensors, vol. 22, no. 4, p. 1360, 2022.
- M. Pechinger, G. Schröer, K. Bogenberger, and C. Markgraf, “Hardware in the loop test using infrastructure based emergency trajectories for connected automated driving,” in 2020 IEEE Intelligent Vehicles Symposium (IV), 2020, pp. 357–362.
- P. Scheffe and B. Alrifaee, “A scaled experiment platform to study interactions between humans and cavs,” in 2023 IEEE Intelligent Vehicles Symposium (IV), 2023, pp. 1–6.
- D. Stabili, F. Pollicino, and A. Rota, “A benchmark framework for can ids,” in Italian Conference on Cybersecurity 2021 (ITASEC), April 2021, pp. 233–245.
- F. Pollicino, D. Stabili, and M. Marchetti, “Performance comparison of timing-based anomaly detectors for controller area network: A reproducible study,” ACM Trans. Cyber-Phys. Syst., jun 2023, just Accepted. [Online]. Available: https://doi.org/10.1145/3604913
- D. Stabili, R. Romagnoli, M. Marchetti, B. Sinopoli, and M. Colajanni, “A multidisciplinary detection system for cyber attacks on powertrain cyber physical systems,” Future Generation Computer Systems, vol. 144, pp. 151–164, 2023. [Online]. Available: https://www.sciencedirect.com/science/article/pii/S0167739X23000602
- Traxxas. (2024) Ford Fiesta ST Rally 1:10 model. [Online]. Available: https://traxxas.com/products/models/electric/ford-fiesta-st-rally
- Hokuyo Automatic USA Corporation. (2024) UST-10LX. [Online]. Available: https://hokuyo-usa.com/products/lidar-obstacle-detection/ust-10lx
- NVIDIA. (2024) Jetson Nano Developer Kit. [Online]. Available: https://developer.nvidia.com/embedded/jetson-nano-developer-kit
- Open Robotics. (2024) Robot Operating System v2. [Online]. Available: https://github.com/ros2
- Infineon. (2024) AURIX Family - TC297TA. [Online]. Available: https://www.infineon.com/cms/en/product/microcontroller/32-bit-tricore-microcontroller/32-bit-tricore-aurix-tc2xx/aurix-family-tc297ta-adas/
- TRAMPA Boards. (2024) VESC 6 MkVI. [Online]. Available: https://trampaboards.com/vesc-6-mkvi--the-amazing-trampa-vesc-6-mkvi--gives-maximum-power-original-p-27536.html
- CANIS Automotive Labs. (2024) CANPico. [Online]. Available: https://canislabs.com/canpico/
- ——. (2024) CANHack. [Online]. Available: https://github.com/kentindell/canhack
- M. Marchetti and D. Stabili, “Anomaly detection of CAN bus messages through analysis of ID sequences,” in IEEE Proc. Intelligent Vehicles Symp., June 2017.
- D. Stabili, R. Romagnoli, M. Marchetti, B. Sinopoli, and M. Colajanni, “Exploring the consequences of cyber attacks on powertrain cyber physical systems,” 2022.