Cyber Security for the Vehicles of Tomorrow

Lead Research Organisation: University of Birmingham
Department Name: School of Computer Science

Abstract

Connected and autonomous vehicles are set to revolutionise our transportation and re-shape our cities. They will prevent accidents, reduce parking space requirements, lower congestion and pollution. But in order to achieve this, they need several sensors and wireless interfaces which connect them with other vehicles, consumer devices, infrastructure and the Internet. This connectivity adds great functionality but it also introduces a myriad of security and privacy threats. Safety critical functionality in the vehicle is controlled by a multitude of Electronic Control Units (ECUs) which are fully programmable. As vehicles become more programmable, complex and interconnected, they also become more vulnerable to cyber attacks.


The main goal of this fellowship is to secure connected and autonomous vehicles, making them resilient to this type of attacks. We will achieve this goal by developing techniques to secure each component of the vehicle's electronic architecture: ensuring that each ECU only executes code that is suitably authenticated; using model learning techniques to develop a framework for automated security testing of ECUs in a way that it scales; securing the vehicle's sensors such as radar, lidar and optical cameras against signal spoofing, tampering and denial of service attacks which would cause them to output inaccurate readings; and improving the communication protocols between vehicles and between the vehicles and the infrastructure in order to provide authenticity, non-repudiation and privacy while complying with stringent real-time constraints.

Planned Impact

The frontiers are shifting in the automotive industry with the rapid emergence of next generation connected and autonomous vehicles and manufacturers are competing to be a market leader, with new technologies and business models. Whilst this engineering revolution shows no signs of abating, cyber security concerns are a primary inhibitor to widespread delivery and consumer adoption of the technology. In order to effectively tap into the \$1.5 trillion extra revenue per year that the connected and autonomous vehicles are predicted to generate (McKinsey report), the automotive sector needs to address the cyber security challenges that the future generation vehicles pose.

This fellowship will address the key issues in automotive security: how robust are the memory protection mechanisms on automotive ECUs and Hardware Security Modules (HSMs); how resilient to attack are the vehicle's sensors and their underlying data fusion algorithms; how can we automate security testing of ECUs in a way that it scales; and what are the trust anchors and cryptographic primitives for V2X communication that will enable secure and privacy-friendly collective sensing.

The immediate beneficiaries of the research in this fellowship are our industrial partners: ZF TRW and Security Innovation. They will be able to improve the security of their products based on the newly developed memory protection mechanisms; implement side-channel and fault-injection countermeasures in their security critical components; use our automated methods for testing the security of their ECUs; improve their sensors making them more robust against active attacks and adopt the key management and protocols for V2V and V2I communication. But the whole automotive industry will benefit as well as we mature these ideas and develop methodology for automotive security testing that is reproducible. Whenever we find new vulnerabilities in deployed products we will engage in responsible disclosure with the respective product manufacturer. By doing so we will help raising the bar for security practise across the whole sector, both in the UK and elsewhere.

This fellowship will also bring academia insight on the current state of automotive security and the challenges it faces. Researchers and practitioners in the area of automotive and hardware security and applied cryptography will benefit from our analysis methodology and our contributions to language-theoretic security. The tools that will be developed and released as open source will aid security analysts from both academia and industry, automating and systematising the difficult task of security testing of a specific implementation. Furthermore, having a robust, well-studied open source over-the-air firmware update implementation will be beneficial to the whole sector.

Society will benefit from this research as well. Securing ECU's memory will lead to less mileage fraud and car theft (given that a popular way of stealing cars is to program a new blank key to the car which is then used to drive away). But more importantly, it will lower the risk of cyber attacks targeting large number of vehicles or VIPs. Citizens will also benefit from enhanced privacy in V2X communication while having non-repudiation when false information is given to them. In emergency situations, every millisecond saved by our low-latency cryptographic protocols could make a critical difference.

This programme of research is cross-disciplinary in nature as it will integrate techniques from several domain areas such as cryptology, electrical engineering, physics, signal processing and radar. Some of the techniques from WP1 and WP2 will also be relevant to mobile phone and IoT security. The low-latency MAC from WP4 is of interest in its own and also has a myriad of applications in other areas such as military, avionics and wireless sensor networks.

Publications

10 25 50
publication icon
Hicks C (2018) Dismantling the AUT64 Automotive Cipher in Transactions on Cryptographic Hardware and Embedded Systems (TCHES)

publication icon
Lennert Wouters (2020) Dismantling DST80-based Immobiliser Systems in IACR Transactions on Cryptographic Hardware and Embedded Systems (TCHES)

publication icon
Van Bulck J (2019) A Tale of Two Worlds

 
Title Cyber security awareness month campaign 
Description Video produced for a social media campaign for cyber security awareness month. 
Type Of Art Film/Video/Animation 
Year Produced 2019 
Impact Increased engagement and awareness. 
URL https://www.youtube.com/watch?v=lWRT_TnEQdM
 
Title Video Animation 
Description A video animation showcasing the findings of our research and its impact on industry. 
Type Of Art Film/Video/Animation 
Year Produced 2019 
Impact Was used in business engagement events and social media to attract industry collaboration. 
URL https://www.youtube.com/watch?v=N2gHjZcj2wc
 
Description - We have identified a number of security flaws in implementations of automotive diagnostic standard protocols (such as XCP). This flaws would allow an attacker to reprogram most of the electrical components of a vehicle, with potentially serious security implications. (See impact for disclosure to the manufacturers.)

- We have developed new protocols for vehicle to vehicle and vehicle to infrastructure communication. Our protocols are standards compliant (ETSI and USDOT) and provide higher privacy assurances than previous proposals from both industry and academia.

- We have analysed the security of several Trusted Execution Environments (TEEs) as these can be used as a root of trust and identified several (dozens) critical vulnerabilities. Furthermore, we have developed a new type of attack, which we called Plundervolt, which is able to inject computation faults into a TEE by leveraging dynamic voltage scaling features of the processor. We have worked together with the affected manufacturers developing solutions which has led to several cooperations (See impact).

- We have identified security critical flaws in automotive immobilizers and remote keyless entry systems in vehicles by Toyota, Kia and Hyundai among others. This security flaws would have allowed a car thief to clone the vehicle's key. We are working together with the manufacturers (especially Toyota) to improve the security of their anti-theft devices.
Exploitation Route The security flaws identified by this project are serious. All of these have been responsibly disclosed to the affected manufacturers and they have or are taking measures to fix them. We have worked together with them developing countermeasures/fixes which are now deployed (more details in impact), to the benefit of society.

We hope that our proposals for vehicle to vehicle communication with influence the standarisation process which is currently ongoing (ETSI).
Sectors Electronics,Security and Diplomacy,Transport

URL http://www.wired.com/story/hackers-can-clone-millions-of-toyota-hyundai-kia-keys
 
Description The security flaws in automotive diagnostics and calibration protocols identified in "Beneath the Bonnet" have been disclosed to the affected manufacturers: Ford, Audi, Volvo, Fiat and VW. Most of these manufacturers have indicated that they shall address the issues in new vehicles as this requires a re-design of the protocol, as we propose in our paper. The security flaws identified in Toyota, Kia and Hyundai vehicle immobiliser systems have attracted some media attention (Wired, Arstechnica). We are working together with Toyota to find suitable mitigating measures for existing vehicles. Toyota does not plan to use the immobilizer analysed in new vehicles. The methodology introduced in our paper "A Tale of Two Worlds" revealed 35 vulnerabilities in 8 security-critical shielding-frameworks for Intel processors. By responsibly disclosing these vulnerabilities and working together with the affected manufacturers all of these vulnerabilities are now fixed. This resulted in numerous security patches for commercial products including the Intel SGX-SDK, Microsoft Open Enclave, Google Asylo, and the Rust compiler. In June 2019, we informed Intel about a new type of vulnerability in their processors, which we called Plundervolt. Since then, we have had an open dialog with Intel to which we facilitated proof of concept code and demonstrators. As a consequence of this disclosure process, last December, Intel has rolled out a new microcode update to all of their processors worldwide. This covers approximately 90% the of all computer processors (CPUs). This has also attracted substantial media attention.
First Year Of Impact 2019
Sector Digital/Communication/Information Technologies (including Software),Electronics,Security and Diplomacy,Transport
Impact Types Societal,Economic

 
Description BioLeak: Side-Channel Analysis of Fingerprint Matching Algorithms
Amount £114,000 (GBP)
Organisation Government Communications Headquarters (GCHQ) 
Sector Public
Country United Kingdom
Start 11/2018 
End 05/2022
 
Description FaultFinder: From Faulty Output to Fault Model - An Automated Approach
Amount £114,000 (GBP)
Organisation Government Communications Headquarters (GCHQ) 
Sector Public
Country United Kingdom
Start 11/2018 
End 05/2022
 
Description User-controlled hardware security anchors: evaluation and designs
Amount £486,082 (GBP)
Funding ID EP/R012598/1 
Organisation Engineering and Physical Sciences Research Council (EPSRC) 
Sector Public
Country United Kingdom
Start 02/2018 
End 01/2023
 
Description Google Asylo 
Organisation Google
Department Research at Google
Country United States 
Sector Private 
PI Contribution Disclosed vulnerabilities. Found instances of the problematic [user_check] attribute that lacked proper pointer validation, leaving critical vulnerabilities in the compiled enclave.
Collaborator Contribution -
Impact Improved security of products.
Start Year 2019
 
Description INTEL-SA-00289 
Organisation Intel Corporation
Department Intel Corporation (UK) Ltd
Country United Kingdom 
Sector Private 
PI Contribution Vulnerabilities disclosed. CVE-2019-11157
Collaborator Contribution -
Impact Improved security of products.
Start Year 2019
 
Description Intel SGX-SDK 
Organisation Intel Corporation
Department Intel Corporation (UK) Ltd
Country United Kingdom 
Sector Private 
PI Contribution Disclosed vulnerabilities, CVE-2018-3626 and CVE-2019-14565.
Collaborator Contribution -
Impact Improved security of product.
Start Year 2019
 
Description Intel SGX-SDK 
Organisation Intel Corporation
Department Intel Corporation (UK) Ltd
Country United Kingdom 
Sector Private 
PI Contribution Disclosed vulnerabilities, CVE-2018-3626 and CVE-2019-14565.
Collaborator Contribution -
Impact Improved security of product.
Start Year 2019
 
Description Microsoft Open Enclave 
Organisation Microsoft Research
Department Computer Vision
Country United Kingdom 
Sector Private 
PI Contribution Disclosed Vulnerabilities. CVE-2019-0876, CVE-2019-1369,and CVE-2019-1370.
Collaborator Contribution -
Impact Improved security of products.
Start Year 2019
 
Title Proof of concept code demonstrating security vulnerabilities in commercial products 
Description A tale of two worlds: Assessing the vulnerability of enclave shielding runtimes This github repository contains the source code accompanying our CCS'19 paper which methodologically analyzes interface sanitization vulnerabilities for 8 different enclave shielding runtimes across the ABI and API tiers. 
Type Of Technology Software 
Year Produced 2019 
Open Source License? Yes  
Impact Affected product manufacturers have used this code to reproduce our findings and confirm the vulnerabilities in their products. These helped them to assess their severity and also to draw a mitigation plan. 
URL https://github.com/jovanbulck/0xbadc0de
 
Description Article in Fox News 9 on vulnerabilities discovered in Medtronic cardiac devices 
Form Of Engagement Activity A press release, press conference or response to a media enquiry/interview
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Media (as a channel to the public)
Results and Impact Article featuring Medtronic cardiac devices effected by vulnerabilities detected.
Year(s) Of Engagement Activity 2019
URL https://www.fox9.com/news/medtronic-defibrillators-vulnerable-to-cybersecurity-threat
 
Description Business Standard article on potential cybersecurity vulnerabilities in some Medtronic products. 
Form Of Engagement Activity A press release, press conference or response to a media enquiry/interview
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Media (as a channel to the public)
Results and Impact Business Standard article on the vulnerabilities found in Implanted Cardiac Defibrillators discovered through our research.
Year(s) Of Engagement Activity 2019
URL https://www.business-standard.com/article/news-ians/medtronic-heart-devices-vulnerable-to-hacking-us...
 
Description Conexus Telemetry and Monitoring Accessories Security Bulletin 
Form Of Engagement Activity A press release, press conference or response to a media enquiry/interview
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Media (as a channel to the public)
Results and Impact Security bulletin featuring our disclosed potential cybersecurity vulnerabilities in some Medtronic products.
Year(s) Of Engagement Activity 2020
URL https://global.medtronic.com/xg-en/product-security/security-bulletins/conexus.html
 
Description Interviewed by Financial Times for article 
Form Of Engagement Activity A press release, press conference or response to a media enquiry/interview
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Media (as a channel to the public)
Results and Impact Interviewed by financial times on hacking smart devices to discover vulnerabilities.
Year(s) Of Engagement Activity 2019
URL https://www.ft.com/content/ba8c2f90-ca57-11e9-af46-b09e8bfe60c0
 
Description Interviewed by Wired.com for aritcle 
Form Of Engagement Activity A press release, press conference or response to a media enquiry/interview
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Media (as a channel to the public)
Results and Impact Interviewed by Wired.com for article on research outcomes.
Year(s) Of Engagement Activity 2020
URL https://www.wired.com/story/hackers-can-clone-millions-of-toyota-hyundai-kia-keys/
 
Description Invited talk `Beneath the Bonnet: A Breakdown of Automotive Diagnostic Security' at Cryptacus conference in Rennes. 
Form Of Engagement Activity A talk or presentation
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Professional Practitioners
Results and Impact Invited talk at the Cryptacus conference on vulnerabilities in automotive diagnostic services and their implications.
Year(s) Of Engagement Activity 2018
URL https://www.cryptacus.eu/en/conference/programme/
 
Description Invited talk at EU policymakers awareness meeting 
Form Of Engagement Activity A talk or presentation
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Policymakers/politicians
Results and Impact I gave a talk for EU policymakers on the most pressing issues surrounding automotive cyber security, the need for regulation and its challenges.
Year(s) Of Engagement Activity 2018
 
Description Research featured in NBC news article 
Form Of Engagement Activity A press release, press conference or response to a media enquiry/interview
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Media (as a channel to the public)
Results and Impact NBC News article discussing the defibrillator models, monitors and programmer units made by Medtronic that could be effected by the vulnerabilities discovered through our research.
Year(s) Of Engagement Activity 2019
URL https://www.nbcnews.com/health/health-news/hackers-could-take-over-some-implanted-defibrillators-fda...
 
Description Research featured in ZD Net 
Form Of Engagement Activity A press release, press conference or response to a media enquiry/interview
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Media (as a channel to the public)
Results and Impact Article published with the 35 vulnerabilities in 8 enclave SDKs from research project.
Year(s) Of Engagement Activity 2019
URL https://www.zdnet.com/article/manual-code-review-finds-35-vulnerabilities-in-8-enclave-sdks/
 
Description Reuters article on FDA announcement 
Form Of Engagement Activity A press release, press conference or response to a media enquiry/interview
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Media (as a channel to the public)
Results and Impact Reuters article featuring the FDA announcement issued warning of cybersecurity vulnerabilities found in some Medtronic devices.
Year(s) Of Engagement Activity 2019
URL https://www.reuters.com/article/us-medtronic-cyber-idUSKCN1R300H
 
Description SC Magazine article on potential cybersecurity vulnerabilities in some Medtronic products. 
Form Of Engagement Activity A magazine, newsletter or online publication
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Media (as a channel to the public)
Results and Impact SC Magazine article on the vulnerabilities found in Implanted Cardiac Defibrillators discovered through our research.
Year(s) Of Engagement Activity 2019
URL https://www.scmagazine.com/home/security-news/vulnerabilities/medtronic-defibrillators-vulnerable-to...
 
Description Tech Times article on potential cybersecurity vulnerabilities in some Medtronic products. 
Form Of Engagement Activity A press release, press conference or response to a media enquiry/interview
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Media (as a channel to the public)
Results and Impact Tech Times article on the vulnerabilities found in Implanted Cardiac Defibrillators discovered through our research.
Year(s) Of Engagement Activity 2019
URL https://www.techtimes.com/articles/240246/20190325/medtronic-admits-hackers-can-take-over-implanted-...
 
Description Telegraph article on major flaw in defibrillator implants 
Form Of Engagement Activity A magazine, newsletter or online publication
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Media (as a channel to the public)
Results and Impact Article reporting US Department of Homeland Security warning issues on devices found vulnerable through our research.
Year(s) Of Engagement Activity 2019
URL https://www.telegraph.co.uk/technology/2019/03/22/critical-flaw-could-let-hackers-control-lifesaving...
 
Description Wired article featured in Gizmodo 
Form Of Engagement Activity A press release, press conference or response to a media enquiry/interview
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Media (as a channel to the public)
Results and Impact Wired article featured in Gizmodo.
Year(s) Of Engagement Activity 2020
URL https://gizmodo.com/encryption-flaws-leave-millions-of-toyota-kia-and-hyu-1842132716
 
Description Wried article featured in Ars Technic 
Form Of Engagement Activity A press release, press conference or response to a media enquiry/interview
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Media (as a channel to the public)
Results and Impact Wired.com article featured in Ars Technica.
Year(s) Of Engagement Activity 2020
URL https://arstechnica.com/cars/2020/03/hackers-can-clone-millions-of-toyota-hyundai-and-kia-keys/?comm...