Simulation Framework for Security Evaluations in Automotive Networks

Astract:

Security in modern automobiles is an increasingly interesting topic for researchers and manufacturers. Methods of attackers become and more more sophisticated allowing for remote access to cars without knowing the location of the car. Possible solutions to security problems range from exploit mitigation to developers’ awareness of best practices and security implications that are relevant to implementations. Analyzing the threat vectors requires to look at the network with all components implemented at their intended location. This is only possible after decisions on which ECUs are used and where inside the car, are already made. This work presents a simulation framework that can be used for continuous integration testing of bus connected ECUs. The usage scenarios are the visualization the message flows of attacks, the study of attacks, the execution and analysis of new attacks and the raising of awareness on how attackers can utilize flaws to gain access to specific ECUs or the network. Known threat vectors are analyzed to create a comprehensive list of entry points into vehicles. The simulator is the first, that focuses on the security of vehicular networks an integrates multiple automotive bus protocols. An abstract in-vehicle network model is created based on different existing vehicular networks, as well as a catalog of common ECUs. The simulation framework consist of two parts, the core simulation engine, which is built using the OMNeT++ simulator, and the web-based visualization interface. Executed attacks show, that the simulator is capable of handling complex multi-bus attacks.