The First Automotive Demonstrator of the TAPPS Project

The aim of the first automotive demonstrator, due at month M20 of the TAPPS Project, was to validate part of the technologies developed in TAPPS through the Energica Ego electric motorbike, that is potentially vulnerable through CAN bus. As described in previous post, the most dangerous types of attacks in the automotive industry involve three stages:

  • The first stage is to get into an ECU via attack surface (remote or physical).
  • The second stage is to jailbreak the ECU.
  • Third stage is to send messages from the compromised ECU to other ECUs in the vehicle (that control the physical actions of the vehicle), which turn those cyber physical systems (e.g. ECUs controlling the brakes, vehicle speed, etc.) to take actions not intended by the operator of the vehicle.

These types of attacks could cause accidents while a vehicle is in motion, unlock a vehicle’s doors to make it easier to steal, or make a vehicle inaccessible to the vehicle’s owner.

In order to validate different technologies developed in TAPPS, and how these technologies can stop cyber-attacks, an incremental approach has been followed. The initial automotive demo is focusing on the integration of security mechanisms for the off-chip network that stops the stage two of the automotive attack above described. Validating the secure CAN (sCAN) concept on the Trusted Dashboard (T-DASH), we demonstrate how a compromised ECU cannot anymore send meaningful messages to other ECUs.  In addition, this demonstrator shows the implementation of the Critical Execution Environment (CEE), implemented by an STM32 board, connected via a standard CAN to the other motorbike ECUs.

The demo set up consists of a novel T-DASH connected to the CAN network of the motorbike via a commodity and simple STM32 board. In this CAN network we also have another ECU that interacts with the outside world via a wired (e.g. USB, OBD etc.) or wireless (e.g. cellular, Bluetooth, etc.) network.  With regards to remote code execution, the later ECU provides an attack surface with one or more vulnerabilities. Finally, the sCAN technology consists of a software library that is executed within the Critical Execution Environment (CEE) of the T-DASH, with the objective to guarantee a secure and robust communication over the CAN.

The enclosure of T-DASH has been redesigned in order to host the STM32 board and it has been made in Rapid Prototyping Technology. The T-DASH has a 4.3” LCD-TFT display. The figure shows one driving page that is developed on the STM32 board with the emWin library. This Main Driving Page shows the main driving information. In particular, this screen displays the Regeneration icon, Power icon, Air temperature, Time, Motoring Map, Regeneration Map, State Of Charge, Motor Temperature, Ice Warning Lamp, Check Lamp, Speed, RPM, Trip, Range and Odometer.