Advancing Vehicle Security Research

Cybersecurity researchers are hard at work assessing and enhancing the security and resilience of communications in modern vehicles. Most vehicles have a Controller Area Network (CAN) bus that facilitates communication between the embedded systems that control numerous features of the car, yet is largely unsecured

Exploring Machine Learning Approaches to Validate Authenticity of Vehicle Events 

Since vehicle manufacturers treat their vehicle CAN bus identifiers and message payloads as a trade secret and given the safety requirements necessary for a moving vehicle, a generalized solution for improving cybersecurity in vehicle networks has proven to be a unique challenge. Despite these challenges, there is increasing interest in concepts such as autonomous vehicles for passengers, freight transportation, and smart cities needing cybersecurity. Currently, open source solutions provide some functionality in a piecemeal fashion; however, nothing applicable across manufacturers (except for federally mandated diagnostic codes) has emerged.

The Strategic Security Sciences cyber team working on this problem have led a cross-directorate effort, coordinating with experts in machine learning and data science from the Mathematics and Computer Science (MCS) division and automotive expertise from the Energy Security (ES) division. This coalition has taken a two-pronged approach by exploring machine learning to validate authenticity of vehicle events (such as pressing the brake pedal) and by developing a simulation framework for vehicle networks. This work promotes the concept of sensor fusion which would allow for the correlation of sensor data in real-time across the vehicle. Furthermore, this machine learning work will tightly couple with a simulation environment to facilitate vehicles CAN buses visualizations in real time and allow for analysis of attacks and defenses with no risk of damage or personal harm.

A prototype software simulation environment for vehicle network emulation provides the ability to playback recorded messages utilizing CAN utilities. This allows a user to walk through a real time recording of real-time CAN messages and see what is happening. The future version of this will include the ability to identify electronic control units affected by each message and message injection capabilities.

The current machine learning focus is twofold: identify individual signals across the bus and associate them to their respective electronic control units and identify the signals that comprise each type of action and its effects (pedal press, wheel speed/angular velocity, etc.). Researchers have identified viable methods for pairwise comparison utilizing discrete correlation functions and look to expand this comparison by using MCS computing facilities to identify larger sets of signals that comprise vehicle actions.

The Secure Inclusion of Charging Infrastructure within Building Energy Management Systems

The Argonne Smart Plaza provides infrastructure which encompasses networked Building Energy Management Systems which monitor and record activities from all electrical activity within the building as well as the Level 2/DC Fast Charging Stations and solar canopies located within its parking lot. This infrastructure allows us to examine the interactions between all the components within this ecosystem and how the different protocols, such as Open Charge Point Protocol version 1.6/2.0 or ISO 15118, can be integrated in a secure way. ES has built a Node Red framework to support a website that tracks historic and current energy usage within the Smart Plaza. This provides an excellent basis to model how the different interactions occur within the whole system.

Various Vehicle Attack Surfaces 

DC Fast and extreme fast charging infrastructure provides rapid charging for hybrid and electric vehicles; however, we must ensure that the consequences of their compromise do not cause catastrophic effects. This DOE Vehicle Technology Office project comprises work from Argonne, Pacific Northwest National Laboratory, and Sandia National Laboratories to evaluate and depict the threats to this infrastructure and possible consequences of compromise. Argonne provides charging infrastructure for this project (BTCPower, Bosch/Chargepoint, and Tritium DC Fast Chargers) as well as cyber security expertise with information technology systems, controller area network communications, and ISO 15118 implementation. Argonne has performed forensic, open source, and network analysis which identified attack vectors allowing remote access to charging control systems.

The modern automobile may have as many as 70 electronic control units (ECU) for various subsystems. Typically, the biggest processor is the engine control unit. Others are used for transmission, airbags, antilock braking/ABS, cruise control, electric power steering, audio systems, power windows, doors, mirror adjustment, battery and recharging systems for hybrid/electric cars, etc. Some of these form independent subsystems, but communications among others are essential. 
Lead Researcher:
Roland Varriale