🌟 🎄️️ 🎅️️ ❄️️️ 🎁​️️ ☃️​️️ 🏂🏿​️️ 🐧​️️ ⛷️​️️ 🥶​️️ ❄️​️️ ❄️​️️ ❄️​️️ 🌟 🎄️️ 🎅️️ ❄️️️ 🎁​️️ ☃️​️️ 🏂🏿​️️ 🐧​️️ ⛷️​️️ 🥶​️️ ❄️​️️ ❄️​️️ ❄️​️️ 🌟 🎄️️ 🎅️️ ❄️️️ 🎁​️️ ☃️​️️ 🏂🏿​️️ 🐧​️️ ⛷️​️️ 🥶​️️ ❄️​️️ ❄️​️️ ❄️​️️

Security, Edge and Cloud Lab

Dario Stabili

Assistant Professor
stabili

Department of Engineering "Enzo Ferrari"
University of Modena and Reggio Emilia
Via Vivarelli, 10
41125 - Modena, Italy
Tel.: +39 0592056273
E-mail: dario.stabili[AT]unimore.it
GPG Key: 0x9923C81814840139

Curriculum Vitae (last update: July 2022) Italian (Extended) English (Short)

Research Interests

  • Automotive Cyber-Security
  • Misbehaviour Detection in C-ITS
  • Reverse Engineering and Digital Forensics
  • Embdedded Systems Security

Publications

Journals
Pollicino, F.; Stabili, D.; Marchetti, M.
ACM TRANSACTIONS ON CYBER-PHYSICAL SYSTEMS
Abstract

This work presents an experimental evaluation of the detection performance of eight different algorithms for anomaly detection on the Controller Area Network (CAN) bus of modern vehicles based on the analysis of the timing or frequency of CAN messages. This work solves the current limitations of related scientific literature, which is based on a private dataset and lacks open implementations and a detailed description of the detection algorithms. These drawbacks prevent the reproducibility of published results, making it impossible to compare a novel proposal against related work, thus hindering the advancement of science. This article solves these issues by publicly releasing implementations and labeled datasets and by describing unbiased experimental comparisons.

Year: 2024 | Pages: 1 - 24

ISSN: 2378-962X | DOI: 10.1145/3604913

Stabili, D.; Ferretti, L.; Andreolini, M.; Marchetti, M.
IEEE TRANSACTIONS ON VEHICULAR TECHNOLOGY
Abstract

Recent research showcased several cyber-attacks against unmodified licensed vehicles, demonstrating the vulnerability of their internal networks. Many solutions have already been proposed by industry and academia, aiming to detect and prevent cyber-attacks targeting in-vehicle networks. The majority of these proposals borrow security algorithms and techniques from the classical ICT domain, and in many cases they do not consider the inherent limitations of legacy automotive protocols and resource-constrained microcontrollers. This paper proposes DAGA, an anomaly detection algorithm for in-vehicle networks exploiting n-gram analysis. DAGA only uses sequences of CAN message IDs for the definition of the n-grams used in the detection process, without requiring the content of the payload or other CAN message fields. The DAGA framework allows the creation of detection models characterized by different memory footprints, allowing their deployment on microcontrollers with different hardware constraints. Experimental results based on three prototype implementations of DAGA showcase the trade off between hardware requirements and detection performance. DAGA outperforms the state-of-the-art detectors on the most performing microcontrollers, and can execute with lower performance on simple microcontrollers that cannot support the vast majority of IDS approaches proposed in literature. As additional contributions, we publicly release the full dataset and our reference DAGA implementations.

Year: 2022 | Pages: 11540 - 11554

ISSN: 0018-9545 | DOI: 10.1109/TVT.2022.3190721

Pollicino, F.; Stabili, D.; Ferretti, L.; Marchetti, M.
IEEE TRANSACTIONS ON VEHICULAR TECHNOLOGY
Abstract

Cooperative Intelligent Transportation Systems (C-ITS) improve driving experience and safety through secure Vehicular Ad-hoc NETworks (VANETs) that satisfy strict security and performance constraints. Relevant standards, such as the IEEE 1609.2, prescribe network-efficient cryptographic protocols to reduce communication latencies through a combination of the Elliptic Curve Qu-Vanstone (ECQV) implicit certificate scheme and the Elliptic Curve Digital Signature Algorithm (ECDSA). However, literature lacks open implementations and performance evaluations for vehicular systems. This paper assesses the applicability of IEEE 1609.2 and of ECQV and ECDSA schemes to C-ITSs. We release an open implementation of the standard ECQV scheme to benchmark its execution time on automotive-grade hardware. Moreover, we evaluate its performance in real road and traffic scenarios and show that compliance with strict latency requirements defined for C-ITS requires computational resources that are not met by many automotive-grade embedded hardware platforms. As a final contribution, we propose and evaluate novel heuristics to reduce the number of signatures to be verified in real C-ITS scenarios.

Year: 2021 | Pages: 12946 - 12959

ISSN: 0018-9545 | DOI: 10.1109/TVT.2021.3122333

Dagan, Tsvika; Montvelisky, Yuval; Marchetti, Mirco; Stabili, Dario; Colajanni, Michele; Wool, Avishai
SAE INTERNATIONAL JOURNAL OF TRANSPORTATION CYBERSECURITY AND PRIVACY
Abstract

This article describes both a concept and an implementation of vehicle safe-mode (VSM) - a mechanism that may help reduce the damage of an identified cyberattack to the vehicle, its driver, the passengers, and its surroundings. Unlike other defense mechanisms that try to block the attack or simply notify of its existence, the VSM mechanism responds to a detected intrusion by limiting the vehicle’s functionality to safe operations and optionally activating additional security countermeasures. This is done by adopting ideas from the existing mechanism of Limp-mode that was originally designed to limit the damage of a mechanical, or an electrical, malfunction and let the vehicle “limp back home” in safety. Like Limp-mode, the purpose of safe-mode is to limit the vehicle from performing certain functions when conditions arise that could render full operation dangerous: Detecting a malfunction in the Limp-mode case is analogous to detecting an active cybersecurity breach in the safe-mode case, and the reactions should be analogous as well. The authors demonstrate that the VSM can be implemented, possibly even as an aftermarket add-on: to do so the authors developed a proof-of-concept (PoC) system and actively tested it in real time on an operating vehicle. Once activated, the authors' VSM system restricts the vehicle to Limp-mode behavior by guiding it to remain in low gear, taking into account the vehicle’s speed and the driver’s actions. The authors' system does not require any changes to the electronic control units (ECUs), or to any other part of the vehicle, beyond connecting the safe-mode manager (SMManager) to the correct bus. The authors note that their system can rely upon any deployed anomaly-detection system to identify the potential attack. The authors point out that restricting the vehicle to Limp-mode-like behavior by an aftermarket system is just an example. If a car manufacturer would integrate such a system into a vehicle, they would have many more options, and the resulting system would probably be safer and with a better human-machine interface.

Year: 2020 | Pages: 19 - 39

ISSN: 2572-1046 | DOI: 10.4271/11-02-02-0006

Marchetti, M.; Stabili, D.
IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY
Abstract

Security analytics and forensics applied to in-vehicle networks are growing research areas that gained relevance after recent reports of cyber-attacks against unmodified licensed vehicles. However, the application of security analytics algorithms and tools to the automotive domain is hindered by the lack of public specifications about proprietary data exchanged over in-vehicle networks. Since the controller area network (CAN) bus is the de-facto standard for the interconnection of automotive electronic control units, the lack of public specifications for CAN messages is a key issue. This paper strives to solve this problem by proposing READ: A novel algorithm for the automatic Reverse Engineering of Automotive Data frames. READ has been designed to analyze traffic traces containing unknown CAN bus messages in order to automatically identify and label different types of signals encoded in the payload of their data frames. Experimental results based on CAN traffic gathered from a licensed unmodified vehicle and validated against its complete formal specifications demonstrate that the proposed algorithm can extract and classify more than twice the signals with respect to the previous related work. Moreover, the execution time of signal extraction and classification is reduced by two orders of magnitude. Applications of READ to CAN messages generated by real vehicles demonstrate its usefulness in the analysis of CAN traffic.

Year: 2019 | Pages: 1083 - 1097

ISSN: 1556-6013 | DOI: 10.1109/TIFS.2018.2870826

Conferences
Stabili, D.; Bocchi, T.; Valgimigli, F.; Marchetti, M.
19th International Workshop on Security, IWSEC 2024
Abstract

Consumer IP cameras are now the most widely adopted solution for remote monitoring in various contexts, such as private homes or small offices. While the security of these devices has been scrutinized, most approaches are limited to relatively shallow network-based analyses. In this paper, we discuss a methodology for the security analysis and identification of remotely exploitable vulnerabilities in IP cameras, which includes static and dynamic analyses of executables extracted from IP camera firmware. Compared to existing methodologies, our approach leverages the context of the target device to focus on the identification of malicious invocation sequences that could lead to exploitable vulnerabilities. We demonstrate the application of our methodology by using the Tenda CP3 IP camera as a case study. We identified five novel CVEs, with CVSS scores ranging from 7.5 to 9.8. To partially automate our analysis, we also developed a custom tool based on Ghidra and rhabdo-mancer.

Year: 2024 | Pages: 195 - 210

ISSN: 0302-9743 | DOI: 10.1007/978-981-97-7737-2_11

Venturi, A.; Galli, D.; Stabili, D.; Marchetti, M.
8th Italian Conference on Cyber Security, ITASEC 2024
Abstract

Modern Network Intrusion Detection Systems (NIDS) involve Machine Learning (ML) algorithms to automate the detection process. Although this integration has significantly enhanced their efficiency, ML models have been found vulnerable to adversarial attacks, which alter the input data to fool the detectors into producing a misclassification. Among the proposed countermeasures, adversarial training appears to be the most promising technique; however, it demands a large number of adversarial samples, which typically have to be manually produced. We overcome this limitation by introducing a novel methodology that employs a Graph AutoEncoder (GAE) to generate synthetic traffic records automatically. By design, the generated samples exhibit alterations in the attributes compared to the original netflows, making them suitable for use as adversarial samples during the adversarial training procedure. By injecting the generated samples into the training set, we obtain hardened detectors with better resilience to adversarial attacks. Our experimental campaign based on a public dataset of real enterprise network traffic also demonstrates that the proposed method even improves the detection rates of the hardened detectors in non-adversarial settings.

Year: 2024 | Pages: n/a - n/a

ISSN: 1613-0073 | DOI: n/a

Zoccoli, G. G.; Stabili, D.; Marchetti, M.
100th IEEE Vehicular Technology Conference, VTC 2024-Fall
Abstract

In this paper we present RealCAN, a real-time capable extension of the canplayer tool available in can-utils, a collection of utilities for interacting with Controller Area Network bus systems on Linux-based operating systems. In particular, RealCAN addresses the main limitation of working with fixed time intervals while replaying previously collected CAN traces with the canplayer tool, allowing developers, engineers and researchers to replay CAN traffic data by maintaining the original time difference between consecutive messages. Performance benchmarks of RealCAN demonstrate its effectiveness in meeting strict timing requirements for critical applications in both simulated environment and real CAN test setups.

Year: 2024 | Pages: n/a - n/a

ISSN: 1550-2252 | DOI: 10.1109/VTC2024-Fall63153.2024.10757619

Gambigliani Zoccoli, G.; Stabili, D.; Marchetti, M.
98th IEEE Vehicular Technology Conference, VTC 2023-Fall
Abstract

With the increasing adoption of Vehicular Ad Hoc Networks (VANETs) for the development of Cooperative Intelligent Transportation Systems (C-ITS) many concerns regarding privacy and anonymity in VANETs have been raised by security researchers and practitioners, highlighting the need for effective mechanisms to protect sensitive information exchanged by connected vehicles. One of the first concerns is related to the vehicle's identifier, a field contained in the messages sent from the vehicle and that can be used to track the vehicle across the infrastructure, with consequent severe implications on the privacy of the driver. Consequently, VANET communications leverage short-lived pseudonyms instead of persistent vehicle's identifiers, aiming to enhance the privacy of the vehicle. Pseudonym change schemes proposed in the literature are effective in masking the real sender of a given message, but they do not guarantee privacy against attackers that can monitor and correlate multiple messages among themselves. This paper evaluates 5 different pseudonym change mechanisms against a realistic threat model. Our results demonstrate that it is possible for a realistic attacker to reliably track multiple vehicles, with minor differences across different pseudonym change schemes.

Year: 2023 | Pages: 1 - 6

ISSN: 1550-2252 | DOI: 10.1109/VTC2023-Fall60731.2023.10333561

Zoccoli, G. G.; Pollicino, F.; Stabili, D.; Marchetti, M.
21st IEEE International Symposium on Network Computing and Applications, NCA 2022
Abstract

This paper proposes SixPack v2, an enhanced version of the SixPack attack that allows to evade even state-of-the-art misbehavior detection systems. As the original SixPack, SixPack v2 is a dynamic attack targeting other C-ITS entities by simulating the sudden activation of the braking system with consequent activation of the Anti-lock Braking System. SixPack v2 achieves better evasion by improving the main phases of the attack (FakeBrake, Recovery, and Rejoin) through a novel path-reconstruction algorithm that generates a more realistic representation of the real vehicle trajectory. We experimentally evaluate the evasion capabilities of SixPack v2 using the F2MD framework on the LuSTMini city scenario, and we compared the detection performance of the F2MD framework on both versions of SixPack. Results show that SixPack v2 evades detection with a significantly higher likelihood with respect to the initial version of the attack, even against the latest version of F2MD.

Year: 2022 | Pages: 243 - 249

ISBN: 979-8-3503-9730-7 | DOI: 10.1109/NCA57778.2022.10013565

Venturi, A.; Stabili, D.; Pollicino, F.; Bianchi, E.; Marchetti, M.
21st IEEE International Symposium on Network Computing and Applications, NCA 2022
Abstract

This paper presents a comparative analysis of different Machine Learning-based detection algorithms designed for Controller Area Network (CAN) communication on three different datasets. This work focuses on addressing the current limitations of related scientific literature, related to the quality of the publicly available datasets and to the lack of public implementations of the detection solutions presented in literature. Since these issues are preventing the reproducibility of published results and their comparison with novel detection solutions, we remark that it is necessary that all security researchers working in this field start to address them properly to advance the current state-of-the-art in CAN intrusion detection systems. This paper strives to solve these issues by presenting a comparison of existing works on publicly available datasets.

Year: 2022 | Pages: 81 - 88

ISBN: 979-8-3503-9730-7 | DOI: 10.1109/NCA57778.2022.10013527

Pollicino, F.; Ferretti, L.; Stabili, D.; Marchetti, M.
20th IEEE International Symposium on Network Computing and Applications, NCA 2021
Abstract

The transportation sector is undergoing rapid changes to reduce pollution and increase life quality in urban areas. One of the most effective approaches is flexible car rental and sharing to reduce traffic congestion and parking space issues. In this paper, we envision a flexible car sharing framework where vehicle owners want to make their vehicles available for flexible rental to other users. The owners delegate the management of their vehicles to intermediate services under certain policies, such as municipalities or authorized services, which manage the due infrastructure and services that can be accessed by users. We investigate the design of an accountable solution that allow vehicles owners, who want to share their vehicles securely under certain usage policies, to control that delegated services and users comply with the policies. While monitoring users behavior, our approach also takes care of users privacy, preventing tracking or profiling procedures by other parties. Existing approaches put high trust assumptions on users and third parties, do not consider users' privacy requirements, or have limitations in terms of flexibility or applicability. We propose an accountable protocol that extends standard delegated authorizations and integrate it with Security Credential Management Systems (SCMS), while considering the requirements and constraints of vehicular networks. We show that the proposed approach represents a practical approach to guarantee accountability in realistic scenarios with acceptable overhead.

Year: 2021 | Pages: 1 - 7

ISBN: 9781665495509 | DOI: 10.1109/NCA53618.2021.9685942

Pollicino, F.; Stabili, D.; Bella, G.; Marchetti, M.
93rd IEEE Vehicular Technology Conference, VTC 2021-Spring
Abstract

This paper presents SixPack, a cyber attack to VANET communications that is able to go undetected by the current state-of-the-art anomaly detectors. The SixPack attack is a dynamic attack conducted by an insider attacker who modifies the content of the Basic Safety Messages to pretend a sudden activation of the braking system with the consequent activation of the Anti-lock Braking System, and create a fake representation of the vehicle. The attacker then rejoins the fake representation of the vehicle with the real one, avoiding the current state-of-the-art anomaly detectors. We experimentally evaluated the evasion capabilities of the SixPack attack using the F2MD test framework on the LuST and LuSTMini city scenarios, demonstrating the ability of the attacker to generate a high percentage of false positives that prevent the attack from being detected consistently.

Year: 2021 | Pages: 1 - 6

ISSN: 1550-2252 | DOI: 10.1109/VTC2021-Spring51267.2021.9448656

Pollicino, F.; Stabili, D.; Ferretti, L.; Marchetti, M.
92nd IEEE Vehicular Technology Conference, VTC 2020-Fall
Abstract

Emerging Cooperative Intelligent Transportation Systems (C-ITS) enable improved driving experience and safety guarantees, but require secure Vehicular Ad-hoc NETworks (VANETs) that must comply to strict performance constraints. Specialized standards have been defined to these aims, such as the IEEE 1609.2 that uses network-efficient cryptographic protocols to reduce communication latencies. The reduced latencies are achieved through a combination of the Elliptic Curve Qu-Vantstone (ECQV) implicit certificate scheme and the Elliptic Curve Digital Signature Algorithm (ECDSA), to guarantee data integrity and authenticity. However, literature lacks implementations and evaluations for vehicular systems. In this paper, we consider the IEEE 1609.2 standard for secure VANETs and investigate the feasibility of ECQV and ECDSA schemes when deployed in C-ITSs. We propose a prototype implementation of the standard ECQV scheme to evaluate its performance on automotive-grade hardware. To the best of our knowledge, this is the first open implementation of the scheme for constrained devices that are characterized by low computational power and low memory. We evaluate its performance against C-ITS communication latency constraints and show that, although even highly constrained devices can support the standard, complying with stricter requirements demands for higher computational resources.

Year: 2020 | Pages: 1 - 6

ISSN: 1550-2252 | DOI: 10.1109/VTC2020-Fall49728.2020.9348712

Stabili, D.; Marchetti, M.
90th IEEE Vehicular Technology Conference, VTC 2019 Fall
Abstract

Recent cyber-attacks to real vehicles demonstrated the risks related to connected vehicles, and spawned several research effort aimed at proposing algorithms and architectural solutions to improve the security of these vehicles. Most of the documented attacks to the connected vehicles require the injection of maliciously forged messages to subvert the normal behaviour of the electronic microcontrollers. More recently, researchers discovered that by abusing error isolation mechanisms of the Controller Area Network (CAN), one of the protocols deployed for in-vehicle networking, it is possible to isolate a microcontroller from the vehicle internal network (namely bus-off attack), with possible severe implication on both safety and security. This vulnerability has already been exploited for gaining remote control of a vehicle, by driving a targeted microcontroller in bus-off and impersonating it through the injection of malicious messages on the CAN bus. This paper strives to counter bus-off attacks by proposing an algorithm for the detection of missing messages from the in- vehicle CAN bus. Bus-off attacks to in-vehicle network are simulated by removing messages from valid CAN traces recorded from an unmodified licensed vehicle. Experimental evaluations of our proposal and comparisons with previous work demonstrate that the proposed algorithms outperforms other detection algorithms, achieving almost perfect detection (F-score equal or near to 1.0) across different tests.

Year: 2019 | Pages: 1 - 7

DOI: 10.1109/VTCFall.2019.8891068

Burzio, G.; Cordella, G. F.; Colajanni, M.; Marchetti, M.; Stabili, D.
2018 International Conference of Electrical and Electronic Technologies for Automotive, AUTOMOTIVE 2018
Abstract

The concordant vision of the future automotive landscape foresees vehicles that are always connected to infrastructure and Cloud services, and that are equipped with autonomous driving or advanced driver assistance systems. It is clear that in a similar scenario cybersecurity of modern and future vehicles is paramount. With connected autonomous vehicles the protection from external attack will be an essential requirement, motivated by the outstanding safety implications of an autonomous vehicles remotely controlled by an attacker or a malware. However, the automotive industry still lacks reliable and repeatable methods to assess the cybersecurity level of modern cars. This paper has a twofold contribution. First, it describes the ongoing effort of regulatory bodies within the European Union toward the definition of cybersecurity certification schemes. Second, it outlines the main requirements of a cybersecurity ranking approach that is suitable for certifying the security level of connected vehicles. Since improved cybersecurity guarantees will come at the expense of increased complexity and costs, the proposed ranking approach allows to assess whether the cybersecurity level is appropriate by considering the potential safety risks of a successful attack to the ranked system or subsystem.

Year: 2018 | Pages: 1 - 6

ISBN: 9788887237382 | DOI: 10.23919/EETA.2018.8493180

Stabili, D.; Ferretti, L.; Marchetti, M.
4th IEEE International Conference on Smart Computing, SMARTCOMP 2018
Abstract

Modern vehicles are complex cyber physical systems where communication protocols designed for physically isolated networks are now employed to connect Internet-enabled devices. This unforeseen increase in connectivity creates novel attack surfaces, and exposes safety-critical functions of the vehicle to cyber attacks. As standard security solutions are not applicable to vehicles due to resource constraints and compatibility issues, research is proposing tailored approaches to cope with existing systems and to design next generations vehicles. In this paper we focus on solutions based on cryptographic protocols to protect in-vehicle communications and prevent unauthorized manipulation of the vehicle behaviors. Existing proposals consider vehicles as monolithic systems and evaluate performance and costs of the proposed solutions without considering the complex life-cycle of automotive components and the multifaceted automotive ecosystem that includes a large number of actors. The main contribution of this paper is a study of the impact of security solutions by considering vehicles life-cycle. We model existing proposals and highlight their impacts on vehicles production and maintenance operations by taking into consideration interactions among multiple players. Finally, we give insights on the requirements of architectures for secure intra-vehicular protocols.

Year: 2018 | Pages: 452 - 457

ISBN: 9781538647059 | DOI: 10.1109/SMARTCOMP.2018.00045

Dagan, Tsvika; Marchetti, Mirco; Stabili, Dario; Colajanni, Michele; Avishai, Wool
2017 Embedded Security in Cars conference (ESCAR Europe 2017)
Abstract

This paper describes a concept for vehicle safe-mode, that may help reduce the potential damage of an identified cyber-attack. Unlike other defense mechanisms, that try to block the attack or simply notify of its existence, our mechanism responds to the detected breach, by limiting the vehicle’s functionality to relatively safe operations, and optionally activating additional security counter-measures. This is done by adopting the already existing mechanism of Limp-mode, that was originally designed to limit the potential damage of either a mechanical or an electrical malfunction and let the vehicle “limp back home” in relative safety. We further introduce two modes of safe-modemoperation: In Transparent-mode, when a cyber-attack is detected the vehicle enters its pre-configured Limp-mode; In Extended-mode we suggest to use custom messages that offer additional flexibility to both the reaction and the recovery plans. While Extended-mode requires modifications to the participating ECUs, Transparent-mode may be applicable to existing vehicles since it does not require any changes in the vehicle’s systems—in other words, it may even be deployed as an external component connected through the OBD-II port. We suggest an architectural design for the given modes, and include guidelines for a safe-mode manager, its clients, possible reactions, and recovery plans. We note that our system can rely upon any deployed anomaly-detection system to identify the potential attack.

Year: 2017 | Pages: n/a - n/a

DOI: n/a

Stabili, Dario; Marchetti, Mirco; Colajanni, Michele
IEEE 2017 AEIT International Annual Conference - Infrastructures for Energy and ICT (AEIT 2017)
Abstract

Analysis of in-vehicle networks is an open research area that gained relevance after recent reports of cyber attacks against connected vehicles. After those attacks gained international media attention, many security researchers started to propose different algorithms that are capable to model the normal behaviour of the CAN bus to detect the injection of malicious messages. However, despite the automotive area has different constraint than classical IT security, many security research have been conducted by applying sophisticated algorithm used in IT anomaly detection, thus proposing solutions that are not applicable on current Electronic Control Units (ECUs). This paper proposes a novel intrusion detection algorithm that aims to identify malicious CAN messages injected by attackers in the CAN bus of modern vehicles. Moreover, the proposed algorithm has been designed and implemented with the very strict constraint of low-end ECUs, having low computational complexity and small memory footprints. The proposed algorithm identifies anomalies in the sequence of the payloads of different classes of IDs by computing the Hamming distance between consecutive payloads. Its detection performance are evaluated through experiments carried out using real CAN traffic gathered from an unmodified licensed vehicle.

Year: 2017 | Pages: 1 - 6

ISBN: 9788887237375 | DOI: n/a

Marchetti, Mirco; Stabili, Dario
28th IEEE Intelligent Vehicles Symposium, IV 2017
Abstract

This paper proposes a novel intrusion detection algorithm that aims to identify malicious CAN messages injected by attackers in the CAN bus of modern vehicles. The proposed algorithm identifies anomalies in the sequence of messages that flow in the CAN bus and is characterized by small memory and computational footprints, that make it applicable to current ECUs. Its detection performance are demonstrated through experiments carried out on real CAN traffic gathered from an unmodified licensed vehicle.

Year: 2017 | Pages: 1577 - 1583

ISBN: 9781509048045 | DOI: 10.1109/IVS.2017.7995934

Marchetti, Mirco; Stabili, Dario; Guido, Alessandro; Colajanni, Michele
IEEE 2nd International Forum on Research and Technologies for Society and Industry
Abstract

This paper evaluates the effectiveness of information-theoretic anomaly detection algorithms applied to networks included in modern vehicles. In particular, we focus on providing an experimental evaluation of anomaly detectors based on entropy. Attacks to in-vehicle networks were simulated by injecting different classes of forged CAN messages in traces captured from a modern licensed vehicle. Experimental results show that if entropy-based anomaly detection is applied to all CAN messages it is only possible to detect attacks that comprise a high volume of forged CAN messages. On the other hand, attacks characterized by the injection of few forged CAN messages attacks can be detected only by applying several independent instances of the entropy based anomaly detector, one for each class of CAN messages.

Year: 2016 | Pages: 429 - 434

ISBN: 9781509011315 | DOI: 10.1109/RTSI.2016.7740627


Ph.D. Thesis
Stabili, Dario
Abstract

Cyber-physical systems (CPS) are highly integrated mechanisms in which one or more subsystems are monitored and controlled by software, possibly with a high degree of autonomy and minimal external inputs coming from users. A prominent example of widespread cyber-physical systems are modern passenger vehicles, that are composed by many mechanical parts controlled by Electronic Control Units (ECUs), which are programmed to perform different tasks in the automotive system. Mechanisms controlled through ECUs range from simple tasks activated by drivers, such as windshield wipers or power windows, to completely automated, complex and real-time systems, such as engine control, power steering, Electronic Stability Program (ESP) or the Anti-lock Braking System (ABS). These software-driven safety-relevant features are extremely effective in reducing the overall number of car accidents and fatalities. However, they also open new avenue for cyber-attackers, that can now explore (and possibly exploit) a wide range of software-based attacks against the control logic implemented by ECUs. These threats are also magnified by the current trend toward an increasing connectivity of modern vehicles. It is now common even for low-tier vehicles to integrate Bluetooth connectivity with smartphones (hence an indirect connection to the Internet) or direct Internet connectivity through cellular networks. Similar threats are not only theoretical. Recent research and media reports showcased several cyber-attacks against recent, unmodified licensed vehicles, which exploited cellular connections to penetrate the automotive network and obtain remote control over the engine, brakes and power steering systems. These recent works exposed different vulnerabilities of the networking protocols and communication buses enabling communication among safety-relevant ECUs. These systems are based on outdated standards, that have been designed for simpler ECUs and completely isolated networks, and do not provide any security guarantee. This thesis proposes many solutions for improving the cyber-security of the internal network communications of modern vehicles, and addresses the whole cyber-security lifecycle ranging from the prevention of cyber-attacks to their detection in operational vehicles and up to the proposal of automatic countermeasure that can mitigate the physical consequences of cyber-attacks. Prevention of cyber-attacks requires the adoption of secure protocols that include integrity and authentication guarantees for safety-relevant in-vehicle communications. In this field this thesis explores the trade-offs among different strategies for the management and distribution of cryptographic material, taking into consideration the full lifecycle of a modern vehicle. Attack detection represents the main focus of this thesis, that proposes several novel intrusion detection algorithms specifically designed for the detection of realistic cyber-attacks against modern internal vehicle networks. All the proposed intrusion detection algorithms have been validated through experiments carried out over real communications among ECUs, gathered from modern unmodified vehicles. The proposed algorithms meet the hard computational and memory constraints of common automotive ECUs. To overcome the limitations caused by the lack of public specifications of internal communications in real vehicles, this thesis also proposes a novel algorithm for automatic reverse-engineering of automotive data-frames that allows to apply more fine-grained intrusion detection algorithms. Finally, the thesis proposes a novel strategy for reacting to a detected cyber-attack by leveraging the limp-home mode (a protection mechanism already implemented by ECUs) in the service of cybersecurity.

Year: 2020 | Pages: n/a - n/a

DOI: n/a

Academic Service

Program Committee
International Conference on Advances in Vehicular Systems, Technologies and Applications (VEHICULAR) 2022
IEEE Network Computing and Applications (NCA) 2020, 2021
Technical Program Committee
IEEE Network Computing and Applications 2019
International Conference on Advances in Vehicular Systems, Technologies and Applications (VEHICULAR) 2021
IEEE Vehicular Technology Conference 2019, 2020