Category: Articles

Exploitation of TAPPS results

Exploitation forms a key aspect of the TAPPS project in order to achieve impact on an individual partner level, on a joint cooperative level, as well as on an European level. In order to maximize this impact, exploitation and eco-system building activities are planned and performed during the course of the project.

The project aims to produce results that correspond to a Technology Readiness Level of TRL 4 to 6, which implies that the project results can be demonstrated partly in a lab environment and partly in simulated real environments. In order to perform full exploitation of the project results, they must be further developed to an actual system completed and qualified through test and demonstration before they can be successfully deployed in a market environment. Although the realization of this actual exploitation is beyond the end of the lifetime of the TAPPS project, the careful planning of the Joint Key Exploitable Results (KERs) as well as Individual Key Exploitable Results must be performed during the project lifetime.

Considering the complexity of integrated platforms such as the platform developed in TAPPS, there is not one specific customer, but rather an environment of various stakeholders. The exploitation of the results is propelled through the alignment of these stakeholders, such as for example 3rd party developers, system integrators, and institutional parties.

The activities planned for the expoitaion phase of the TAPPS project ensure the uptake of results and will be refined during the project lifetime. In particular, the KERs will be further analyzed with regards to the following aspects:

  • Target customers/groups
  • Assets exploited
  • Possible services offered
  • Initial estimation of economic benefits
  • Concrete planned actions for exploiting assets during and after the project timeframe.

A new Demonstrator for the TAPPS Project

A new demonstrator was introduced in the TAPPS project after a request from the European Commision.

The new demonstartor is the implementation of the TAPPS platform in the context of an industrial production environment, specifically targeted at the deployment of distributed real-time control applications for the control on the shop floor. In production environments, criticality relates to both real-time criticality for robotics and machine control as well as mission-criticality, i.e. the availability (uptime) of the production environment is directly tied to financial gains and losses.

The goal of the demonstrator is to demonstrate the following TAPPS elements:

  • TAPPS development methodology for critical applications using 4DIAC
  • Installation of C-apps through the TAPPS marketplace and execution environments through XME.
  • Safe and secure isolation of R-apps, T-apps and C-apps deployed on the ARM Juno platform utilizing the safe and secure switch between normal and secure worlds.
  • Control of distributed CPS from the CEE utilizing TAPPS deterministic Ethernet.

The First Healthcare Demonstrator of the TAPPS Project

The healthcare demonstrator of the TAPPS Project is a new model of Health Trolley, specifically designed to assist healthcare professionals in daily patient care activities, such as pharma administration or application of medical aids and devices. The demo, elaborated for the month #20 of the project shows the implementation of the communication between the Critical World (where essential trolley functions run, namely drawer management) and the Trusted World (hosting mainly the application to assign therapies to patients). The tests have been performed using an experimental workbench, including the real trolley control board connected with three drawer locks and the HiKey board, where the TAPPS architecture is implemented. The first component is a PIC-based, custom control board for drawer management, which includes a UART interface – connected to the HiKey96 board – and up to 36 drawer locks.

According to the trusted toolchain, the Critical app to control the trolley drawers (namely, the Trolley Control Unit app) has been designed using 4DIAC, and then modeled as a Chromosome node to ensure a trusted communication with the outside world. The generated code is verified by the SMV model checker. Critical apps can be uploaded (as suppliers) and downloaded (as subscribers) on/from the marketplace. Moreover, a beta-version of a Trusted app has been developed to perform prescription and administration of drugs, medical devices and clinical consumables: this application includes a patients’ database and works to assign therapies and drawers. However, since drawer indexes are randomly generated, the match between drawers and patients is not transparent: the two Execution Environments (EE) are then isolated from each other, but a secured communication can be performed.

Tapps Workbench 2

The First Automotive Demonstrator of the TAPPS Project

The aim of the first automotive demonstrator, due at month M20 of the TAPPS Project, was to validate part of the technologies developed in TAPPS through the Energica Ego electric motorbike, that is potentially vulnerable through CAN bus. As described in previous post, the most dangerous types of attacks in the automotive industry involve three stages:

  • The first stage is to get into an ECU via attack surface (remote or physical).
  • The second stage is to jailbreak the ECU.
  • Third stage is to send messages from the compromised ECU to other ECUs in the vehicle (that control the physical actions of the vehicle), which turn those cyber physical systems (e.g. ECUs controlling the brakes, vehicle speed, etc.) to take actions not intended by the operator of the vehicle.

These types of attacks could cause accidents while a vehicle is in motion, unlock a vehicle’s doors to make it easier to steal, or make a vehicle inaccessible to the vehicle’s owner.

In order to validate different technologies developed in TAPPS, and how these technologies can stop cyber-attacks, an incremental approach has been followed. The initial automotive demo is focusing on the integration of security mechanisms for the off-chip network that stops the stage two of the automotive attack above described. Validating the secure CAN (sCAN) concept on the Trusted Dashboard (T-DASH), we demonstrate how a compromised ECU cannot anymore send meaningful messages to other ECUs.  In addition, this demonstrator shows the implementation of the Critical Execution Environment (CEE), implemented by an STM32 board, connected via a standard CAN to the other motorbike ECUs.

The demo set up consists of a novel T-DASH connected to the CAN network of the motorbike via a commodity and simple STM32 board. In this CAN network we also have another ECU that interacts with the outside world via a wired (e.g. USB, OBD etc.) or wireless (e.g. cellular, Bluetooth, etc.) network.  With regards to remote code execution, the later ECU provides an attack surface with one or more vulnerabilities. Finally, the sCAN technology consists of a software library that is executed within the Critical Execution Environment (CEE) of the T-DASH, with the objective to guarantee a secure and robust communication over the CAN.

The enclosure of T-DASH has been redesigned in order to host the STM32 board and it has been made in Rapid Prototyping Technology. The T-DASH has a 4.3” LCD-TFT display. The figure shows one driving page that is developed on the STM32 board with the emWin library. This Main Driving Page shows the main driving information. In particular, this screen displays the Regeneration icon, Power icon, Air temperature, Time, Motoring Map, Regeneration Map, State Of Charge, Motor Temperature, Ice Warning Lamp, Check Lamp, Speed, RPM, Trip, Range and Odometer.

The importance of the Security in the Automotive Sector

Automotive security is very important since most people use vehicles and understand the dangers of an attacker that can gain the control of the vehicle. This makes them prone not only to thefts but also to automated attacks that endanger passengers’ safety.  Due to the number of breaches that have occurred within the last few years, car-makers have started to take security into account in order to detect and mitigate possible vulnerabilities.

The examples of vehicle hacking are not confined to the U.S. vehicle fleet. In Europe, German Automotive Association (ADAC) found a flaw in BMW’s companion smartphone app for its ConnectedDrive platform that would enable hackers to modify the app to allow them to remotely unlock any BMW, MINI, or Rolls Royce models equipped with the technologies underpinning the OEM’s ConnectedDrive telematics platform. The need for security of hardware and software systems in cars is driven by the ever-increasing connectivity between the car and the external world, which includes not only telematics services and internet access, but also upcoming vehicle-to-vehicle or vehicle-to-infrastructure communication [1].

Since the number of wired and wireless attack surfaces has grown in modern vehicles, there are more opportunities than ever before for criminals to hack into vehicles. In many cases, researchers have performed the hacks reported on by the media, but there have also been a number of criminal hacks of vehicles, for example using various electronic means to bypass remote key-less entry systems and immobilizer systems in order to steal cars. Unfortunately for the automotive industry, the growing number of ECUs for different applications in vehicles — around 100 in a premium vehicle — and the number of outside devices and servers connecting to those vehicles, makes security a very complex issue to solve.

One of the biggest challenge is in balancing the cost of security versus the risk potential (and therefore financial risk) that the multitude of attack surfaces presents. The sheer number of attack surfaces, from wireless connections such as cellular, Bluetooth, Wi-Fi, and Dedicated Short-Range Communications (DSRC) to wired connections, such as SD cards and USB ports, has dramatically expanded within the last few years [2].

Securing attack surfaces is essential, for this reason, the TAPPS Project is developing scalable, cost-effective solution that enable the manufacturing of secure connected cars.



[2] Solutions and Services for the AUTOMOTIVE INDUSTRY TXT e-solutions S.p.A. 2015