Security Risks in Automotive Control and Communication

Engine

A modern vehicle contains various modules, known as electronic control units (ECU) that are capable of monitoring different vehicle measurands, such as tire pressure or speedometer data, and also controlling different aspects of vehicle functionality, i.e. collision prevention or park assist modules. These ECUs communicate between one another over the underlying Controller Area Network (CAN) by sending CAN packets. The primary issue lies in that if an intruder is able to gain access to the CAN, they can then send arbitrary CAN packets to various ECUs, taking physical control of the vehicle in certain areas.

Security Analysis Team (SAT) at PITS lab has developed a risk analysis methodology to assess the risks inherently present in modern vehicle communication network due to limitations of the CAN standard. Their work identifies nodes along the CAN that hold the highest risk levels and assess the weight of their risk as a means to take appropriate measures toward mitigation. Their methodology incorporates an attack model that is used to model possible attack paths to uncover the nodes that bear the highest risks. The impact of an attack is analyzed from the safety and privacy perspective along with the necessary preconditions for a successful attack. Overall, the risk-based approach uses the probability of an attack and the impact of an attack as primary variables to assign risk-levels and accordingly, propose mitigation techniques.

chandra.png

Chandra is a PhD student who joined the PITS lab in 2017. As a graduate student at Kansas State University, his research is mostly focused on software and system security. One of his active research is on a novel code mutation approach to protect against code-injection and code-reuse attacks. His another research work includes the application of game-theory for optimal load balancing in a network by modelling the problem as a network congestion game with malicious players. 

As a part of his research, Chandra has had experience with different cryptographic algorithms, communication technologies and protocols, vulnerability analysis models, and vulnerability mitigation techniques. Apart from that, he has experience with developing an operating system kernel. Two of his notable projects includes C-Boot, a bootloader for x86 kernel, and Gamma Operating System, a multitasking operating system featuring a GUI, both of which he wrote from scratch. He possesses strong low-level programming skills (assembly and C) and has significant experience with Network Programming and Linux Operating Systems.

PhD Student

Chandra Sharma

sam.jpg

Sam is an undergraduate student who joined the PITS lab in the fall of 2018. In his second half of undergraduate study he has begun to concentrate his coursework on cyber-security when possible. This is based on an interest in the field due to its complexity and the associated challenges, as well as the cleverness of its applications.He is particularly interested vehicle security because of its application of security principles to a field that has previously had no need for them. Additionally, Sam has studied Mathematics and Physics extensively at Kansas State and enjoys each of these fields immensely.

Undergraduate Student

Samuel Moylan