Visible to the public Towards Bridging the Gap between Modern and Legacy Automotive ECUs: A Software-Based Security Framework for Legacy ECUs

TitleTowards Bridging the Gap between Modern and Legacy Automotive ECUs: A Software-Based Security Framework for Legacy ECUs
Publication TypeConference Paper
Year of Publication2019
AuthorsThangarajan, Ashok Samraj, Ammar, Mahmoud, Crispo, Bruno, Hughes, Danny
Conference Name2019 IEEE 2nd Connected and Automated Vehicles Symposium (CAVS)
Date Publishedsep
KeywordsAutomated Secure Software Engineering, automotive electronics, Automotive engineering, composability, Computer architecture, Cyber Attacks, cyberattack, diagnostics security services, electronic engineering computing, Embedded systems, hardware-based security modules, insecure legacy ECUs, legacy automotive ECUs, microcontrollers, modern automotive architectures, pubcrawl, pure software-based approaches, Resiliency, secure software updates, security of data, Software, software-based security framework, software-based virtualization, Standards
AbstractModern automotive architectures are complex and often comprise of hundreds of electronic control units (ECUs). These ECUs provide diverse services including infotainment, telematics, diagnostics, advanced driving assistance, and many others. The availability of such services is mainly attained by the increasing connectivity with the external world, thus expanding the attack surface. In recent years, automotive original equipment manufacturers (OEMs) and ECU suppliers have become cautious of cyber attacks and have begun fortifying the most vulnerable systems, with hardware-based security modules that enable sandboxing, secure boot, secure software updates and end-to-end message authentication. Nevertheless, insecure legacy ECUs are still in-use in modern vehicles due to price and design complexity issues. Legacy ECUs depend on simple microcontrollers, that lack any kind of hardware-based security. This makes it essential to bridge the gap between modern and legacy ECUs through software-based security by which cyber attacks can be mitigated, thus enhancing the security of vehicles. This paper provides one more step towards highly secure vehicles by introducing a lightweight software- based security framework which provides legacy ECUs with software-based virtualization and protection features along with custom security services. We discuss the motivation for pure software-based approaches, explore the various requirements and advantages obtained, and give an initial insight of the design rationale. Furthermore, we provide a proof of concept implementation and evaluation with a demonstrative use case illustrating the importance of such framework in delivering new diagnostics security services to legacy ECUs.
Citation Keythangarajan_towards_2019