Hardware-based SoC real-time monitoring solution-EEWORLD

Collect

Summary

System-on-Chip (SoC) integrates all the computing components that power today’s Internet of Things ( IoT ), including connected vehicles and autonomous vehicles (CAVs). Their global connectivity and computing resources make them vulnerable to cyberattacks through various vectors, including wired (e.g., CAN , LIN) and wireless (e.g., Bluetooth , Wi-Fi ) communications. Therefore, CAVs represent a significant cybersecurity challenge. While current software monitoring solutions cannot detect cyberattacks, there are no hardware -based solutions to monitor the operation of the entire SoC in real time. In this paper, a solution containing a SoC field programmable gate array ( FPGA ) is proposed, which deploys a unique silicon intellectual property (IP) including a dedicated analytical CPU (central processing unit) that can not only intelligently monitor the SoC itself, but also monitor the internal automotive network in real time in parallel. The solution has been tested against three automotive-related infringement cases , highlighting the vulnerabilities of the Controller Area Network (CAN) and Advanced eXtensible Interface (AXI) bus networks. The results show that the proposed solution has the ability to successfully detect and prevent cyberattacks in the automotive sector.

I. Introduction

Modern cars consist of multiple networked computers , called electronic control units (ECUs), to implement a range of functions and features, including driving and powertrain control, connectivity, sensing, and body modules. These ECUs are interconnected via in-vehicle networks, including CAN. Therefore, modern cars are an example of a cyber-physical system (CPS). Modern cars are also subject to cyber attacks due to the combination of connectivity (through various interfaces) and complexity (design and functionality). With the trend of interconnected sensors , actuators, and devices, modern cars often have interfaces that can communicate with the outside world either wired (such as Universal Serial Bus ( USB )) or wirelessly (such as Bluetooth, WiFi, cellular). Therefore, the various computing systems embedded in modern cars can no longer be regarded as a closed network, and the opportunity for cyber attacks against embedded car networks has become a reality. It has been shown that some cyber attacks, if compromised, can seriously affect the safety of the vehicle.

The number of cyberattacks targeting cars has increased significantly over the past decade.

Attacks include hacking into various safety-critical systems of the vehicle, such as disabling brakes, stopping the engine and turning off the headlights, all of which put human lives at serious risk. Therefore, there is a need to strengthen the operational resilience of CAVs to minimize their impact on safety-critical IoT systems. However, existing software monitoring solutions suffer from several limitations. First, they typically take hundreds of milliseconds to process data from sensors. This is too slow for safety-critical applications that may be crucial to avoiding accidents. Second, they are significantly more vulnerable to hacker attacks. Third, their implementation is intrusive and interferes with the normal operation of the CAV. Finally, due to their limited access to data, they cannot monitor the entire system.

On the other hand, hardware-based SoC monitoring approaches can provide appropriate solutions to overcome these limitations because they are non-intrusive and configurable at runtime. For example, Siemens has developed a unique set of silicon IPs that enable hardware-based SoC monitoring. Backed by powerful machine learning models, they support system behavior learning, fast anomaly identification, detection alarms, and troubleshooting of fault causes.

In this paper, it is proposed to apply hardware-based SoC monitoring to the automotive sector to strengthen its cybersecurity standards. This approach will ensure that safety-critical IoT systems, such as CAVs, function as designed and intelligently protect occupants and digital infrastructure systems. Moreover, this also provides anomaly detection at line rate to avoid potentially fatal disasters such as car accidents and major socio-economic disruptions. To demonstrate the effectiveness of hardware-based SoC monitoring, we implemented three automotive cybersecurity infringement cases on a SoC FPGA embedded with Siemens IP. The infringement cases include mileage tampering, unauthorized access to the infotainment system and the car door lock unit memory. To this end, we will show how they can be detected, warned and mitigated.

This paper is organized as follows: In Section 2, the current state of automotive cyberattacks and their existing software-based solutions are reviewed. This is followed by one of several hardware-based exemplary solutions. Then, in Section 3, the structure of the SoC FPGA and its Siemens analysis IP are specified.

Section 4 introduces the implementation of three infringement cases. Then, the effectiveness of the hardware-based monitoring solution is demonstrated in Section 5. Finally, Section 6 concludes.

II. Related Work

In this section, I first review automotive cyberattacks in the literature and their existing software-based solutions. Then, I present an example of a hardware-based solution. Finally, I revisit existing automotive testbeds that can support the validation of these solutions.

A. Automotive Cybersecurity Attacks and Detection Methods

Attacks on CAN networks require an attacker to alter the packets broadcast. Attacks can disrupt the packet broadcast rate, for example, by flooding the network with fabricated packets to perform a denial of service (DoS), thereby disabling the vehicle or certain functions. Although immediately destructive, such crude attacks are considered relatively easy to detect. Attacks that attempt to control certain functions of the car or meaningfully change the representation of information may be more difficult to detect. For example, by broadcasting fabricated packets with misleading payloads. Such attacks may force the car into a dangerous situation, systematically change the performance or efficiency of the car, or manipulate it for financial gain or displeasure. These tricks may require fabricating seemingly legitimate packets from the attacking system disguised as a legitimate control unit.

The well-known attack on a Jeep Cherokee required the attacker to broadcast fabricated packets containing plausible speed data, thereby tricking the car's systems into thinking it was going slower -- which in turn allowed other features such as parking assistance to be activated. One problem with detecting such attacks is that the manipulated data values are still within the legal range, so may not appear to have overtly malicious intent.

Two common approaches to detecting attacks on any computer network, including CAN, are signature and anomaly approaches. Signature approaches compare traffic patterns with rule-based approaches. While these approaches may be accurate, it is assumed that they are able to determine, encode, and distribute evolving attack models. This is problematic for automotive CAN systems because: i) data derivation is usually confidential to the manufacturer; ii) cars have different locations, usage patterns, and lifecycles, which makes it difficult to maintain and update signature databases ; and, iii) attack scenarios are still emerging. Therefore, signature approaches for detecting CAN attacks are generally considered less favorable.

Anomaly methods attempt to identify anomalies in network traffic. The assumption is that anomalies are likely caused by attacks. Therefore, the main machine learning algorithms that can be applied in the field of network security focus on detecting anomalies or outliers. By definition, these data points are scarce in the collected dataset and are challenging or even impossible to label as anomalies.

For this reason, unsupervised models are often preferred over supervised classification or regression models, as no labeled data is required. On the other hand, while anomaly methods are more prone to inaccurate detections, such as false positives, they do not rely on known attack signatures, making them attractive for automotive CAN attack detection. Common detection methods include density techniques such as K-nearest neighbors, support vector mathematics, local outlier factor models, statistical methods, more complex deep learning neural network methods such as variational autoencoders , and many more. Many of these methods share a common feature of trying to learn statistical properties of the data in the absence of anomalies, or learn some dimensional mapping of said data and measure these properties against incoming real-time data that may contain anomalies. However, these methods often still assume access to the CAN dictionary (so that a specific statistical model can be designed), or rely on representative attack samples to train and formulate the model.

Besides CAN bus vulnerabilities, which are currently the main concern for automotive security, cyberattacks can also target automotive SoCs, such as AD AS, directly or indirectly. Automotive SoCs are connected to some non-secure hardware and at least one type of network or service. They store and exchange a large amount of user data, including sensitive information, such as mobile banking details or private messages. With the digitalization of the world, this cloud of data, including security-related data and private information makes the Internet of Things (IoT) an attractive area for attackers, which raises the need for security. Today, the security of automotive systems-on-chip (SoCs) for IoT is not a simple topic. In fact, SoCs are becoming more and more complex, they include many complex applications such as hardware acceleration, making these applications and the entire SoC secure is a huge challenge for the semiconductor industry, especially if their designers want to reduce area costs and power consumption; therefore, it is crucial to review and understand the exploitation of AXI interconnect vulnerabilities of SoCs.