Event

SRM Research Seminar – Authentic Execution for Automotive Control Networks

  • Conférencier  Jan Tobias Muehlberg, imec-DistriNet, KU Leuven, Belgium

  • Lieu

    Room 3.370, Maison du Savoir, Belval Campus, 2, avenue de l'Université, L-4365 Esch-sur-Alzette

    LU

Vehicular communication networks, specifically CAN, have been subject to a growing number of attacks that put the safety of passengers at risk. This results in both lawsuits and manufacturers recalling millions of vehicles. Recent standardisation efforts, i.e. AUTOSAR, suggest message authentication to protect CAN from network-level attackers. Yet, (1) current cars do not implement authentication and (2) established attack schemes suggest that we must consider stronger attackers with code execution abilities on critical control units.

In this talk I will present VulCAN, a generic solution to provide efficient and standard compliant message authentication and software component attestation in automotive control networks. VulCAN builds upon the idea of “authentic execution”, which utilises trusted computing primitives to provide a notion of end-to-end security for distributed applications on shared heterogeneous infrastructures. Authentic execution guarantees authenticity and integrity, and the secure control of I/O devices by mutually authenticated distributed application modules. In the context of vehicular control networks, this combination results in strong security guarantees that go beyond the standardised requirements. In particular, we protect against network attackers but also against substantially stronger adversaries capable of arbitrary code execution on electronic control units. We have implemented VulCAN on top of Sancus, a lightweight open-source trusted computing platform that we develop to secure critical applications in embedded control systems and the IoT. I will discuss the limitations and open research questions for the approach.

Jan Tobias Muehlberg works as a research manager at imec-DistriNet, KU Leuven (BE). He is active in the fields of software security, formal verification and validation of software systems, specifically for embedded systems and low-level operating system components. Tobias is particularly interested in security architectures for safety-critical embedded systems and for the Internet of Things.

Before joining KU Leuven, Tobias worked as a researcher at the University of Bamberg (DE), obtained a Ph.D. from the University of York (UK) and worked as a researcher at the University of Applied Sciences in Brandenburg (DE), where he also acquired his Masters degree.

The SRM seminars are the joint seminars of the Security and Trust of Software Systems and Applied Security and Information Assurance research groups, supported by the Laboratory of Algorithmics, Cryptology and Security and the Interdisciplinary Centre for Security, Reliability and Trust.