Title Page
Abstract
Contents
Chapter 1. Introduction 14
Chapter 2. Intrusion detection system for automotive Ethernet 17
2.1. Preliminaries 19
2.1.1. Background of emerging automotive Ethernet 19
2.1.2. Automotive Ethernet and IEEE 1722 19
2.2. Threats in automotive Ethernet 21
2.3. System design 24
2.3.1. AVB packets 25
2.3.2. Adversary 26
2.3.3. Payload observations 27
2.3.4. Feature generator 30
2.3.5. CNN-based intrusion detection model 32
2.4. Experiment 33
2.4.1. Environment 33
2.4.2. AVTP intrusion dataset 34
2.4.3. Evaluation metrics 34
2.4.4. Choosing an optimal window size 35
2.4.5. Experiment results 36
2.4.6. Toward real-time detection 40
2.4.7. Intrusion detection without labels 42
2.5. Discussion 46
2.5.1. Dataset 46
2.5.2. Limitations 47
2.5.3. Remediation strategies 48
2.6. Related work 49
Chapter 3. Understanding the Impact and Implications of In-Vehicle Infotainment System Hacking with Automotive Grade Linux 51
3.1. Background 54
3.1.1. In-Vehicle Infotainment System 54
3.1.2. Related Work: Offensive Security Research against IVI Systems 56
3.1.3. Necessary and Scope 58
3.2. IVI System Hacking Competition 59
3.2.1. Experiment Testbed 60
3.2.2. Automotive Grade Linux 61
3.2.3. Competition Design 64
3.3. Evaluation 66
3.3.1. Vulnerability 67
3.3.2. Impact 71
3.3.3. Target Component 76
3.4. Implications of IVI System Hacking 77
3.4.1. Car Accident 78
3.4.2. Privacy and PII Leakage 78
3.4.3. Financial Damage 79
3.5. Discussion 80
3.5.1. Lessons Learned 80
3.5.2. Limitation 82
Chapter 4. Intrusion prevention system for connected vehicles 83
4.1. Architecture of intrusion prevention system 84
4.1.1. Overview 84
4.1.2. Topological structure of an in-vehicle network 85
4.1.3. In-vehicle programmable switch 86
4.1.4. External intrusion detection system in the detection plane 89
4.2. External intrusion detection system 90
4.2.1. Remote detection 90
4.2.2. Collaborative detection 91
4.3. Implementation guidelines for intrusion prevention systems 92
4.3.1. Overall procedure for the intrusion prevention system 92
4.3.2. Methodology of intrusion detection in an intrusion prevention system 93
4.3.3. Methodologies of intrusion prevention 97
4.3.4. Secure implementation of an intrusion prevention system 98
4.4. Use-case scenario 100
4.4.1. Secure in-vehicle firmware upgrade procedure 100
4.4.2. Incident response for connected vehicles 102
Chapter 5. Conclusion 104
References 106
Appendices 113
Appendix A. Automotive Ethernet Intrusion Dataset 113
Appendix B. Vulnerabilities 115
B.1. CVE-2022-24595 115
B.2. CVE-2022-24596 116
B.3. CVE-2022-24597 116
Table 2.1. Five active attacks on automotive Ethernet-based IVNs. 22
Table 2.2. Structure of the convolutional neural network and the output dimensions (where ω = 44) 32
Table 2.3. Model performance on the dataset depending on window size ω. The best outcome in each column is highlighted. The result shows that the optimal value of ω is... 36
Table 2.4. Classification results of five-fold cross-validation using dataset Dindoors[이미지참조] 37
Table 2.5. Test results using dataset Ddriving[이미지참조] 37
Table 2.6. Average inference time per sample for various devices 40
Table 2.7. 2D-Convolutional autoencoder 45
Table 3.1. Related works. 56
Table 3.2. IVI hacking competition schedule 60
Table 3.3. IVI services listening on TCP ports. 63
Table 3.4. Guideline to measure the attack score of submission (PoC exploit code). The AV, AC, PR and UI consider a vulnerability whereas the rest considers verified effects. 66
Table 3.5. The 35 final round submissions from the Teams A-G, evaluation results and attack scores. CI: command injection, RE: resource exhaustion, IEC: insecure external... 67
Table 3.6. List of verbs implemented in the IVI services that can be triggered by remote adversaries. 69
Table 3.7. Various impacts of IVI system hacking identified by the participants and the authors 73
Table 3.8. Three new vulnerabilities identified during the competition. The check- mark represents the affected context. 80
Table 4.1. In-vehicle network components in connected vehicles 87
Table 4.2. In-vehicle network components in connected vehicles 88
Table 4.3. List of messages between an in-vehicle programmable switch and a switch controller 88
Figure 1.1. Automotive Ethernet-based IVN and overview of the thesis. 16
Figure 2.1. Overview of in-vehicle automotive Ethernet topology along with possible packet injection attack scenarios. AVTP streams flow from the AVB talker to the AVB... 17
Figure 2.2. Structure of stream AVTPDU-Values of TPID, EtherType, and CD fields are set to 8100h, 22F0h, and 0b, respectively. 20
Figure 2.3. The model training strategy. 25
Figure 2.4. AVDECC (Audio Video/Discovery, Enumeration, Connection management, and Control) packets 26
Figure 2.5. Demonstration of a replay attack (captured from the BroadR-Reach network) 28
Figure 2.6. Visualization of 100 continuous stream AVTPDU payloads. The vertical bars in (b) and in (c) represent whether the stream is benign (blue) or injected (red). 29
Figure 2.7. Proposed feature generation process 30
Figure 2.8. ROC curve and AUC scores using test set Ddriving[이미지참조] 38
Figure 2.9. Visualization of four randomly selected samples (Xis). Two vertical lines represent ground-truths (left, Yi−ω+1,...,Yi) and predicted labels (right, Yi-ω+1',...,Yi'). Blue...[이미지참조] 39
Figure 2.10. Implementation of the real-time IDS designed to identify injected stream AVTPDUs in a BroadR-Reach network 41
Figure 2.11. Two rule-based detection strategies leveraging sequence mismatch on AVTP stream injection. 43
Figure 2.12. ROC curve for evaluation of AE (best threshold θ = 0.003908). 46
Figure 3.1. Cyber Security Challenge 2021: Infotainment System Hacking and Defense 51
Figure 3.2. High-level overview of IVI system and E/E architecture 55
Figure 3.3. Screenshots captured on AGL (v11.0.0 Kooky Koi) 61
Figure 3.4. Communication diagram of AGL 62
Figure 3.5. The attack surface and adversary with the experimental testbed. 65
Figure 3.6. Memory usage benchmark. The Raspberry Pi 4 is equipped with 8GB of RAM. An HTTP web server (IVI service) crashed when no free memory space has left. 70
Figure 3.7. Four exemplary impacts of IVI system hacking 72
Figure 3.8. Number of times each target was considered by the submissions. 77
Figure 4.1. Illustration of the intrusion prevention procedure 83
Figure 4.2. Overview of the proposed intrusion prevention system for connected vehicles 84
Figure 4.3. Configuration of an in-vehicle network and programmable switches 86
Figure 4.4. External intrusion detection system and its characteristics 90
Figure 4.5. Multiple external intrusion detection systems for hybrid detection 92
Figure 4.6. Event-driven detection method 94
Figure 4.7. Data-driven detection method 96
Figure 4.8. Example of applying three intrusion prevention methods 97
Figure 4.9. Procedure for in-vehicle electronic control unit firmware upgrade 101
Figure 4.10. Procedure for incident response for connected vehicles 102