Vulnerability and Attackability analysis of automotive controllers using structural model of the system

The Ohio State University has developed a vulnerability analysis technique for connected and autonomous vehicles that assesses the vulnerability and attackability of the automotive controllers to determine the security of the system.

The Need

Automated vehicle technologies improve safety, assist drivers in difficult tasks, and improve the driving experience. However, particularly as we move towards full automation and connected vehicles, it can leave vehicles susceptible to attacks that exploit the vulnerabilities in the system, such as from improper network segmentation (improper gateway implementation in CAN) or open network components (OBD-II) or sensors exposed to external environments (GPS, cameras). With increasing focus on cybersecurity in the automotive industry, it is important to identify the security vulnerability of the system so that the integrity of the vehicles and the associated network can be maintained.

The Technology

Researchers at the Ohio State University have developed a vulnerability analysis technique for automotive controllers based on identifying structural properties. A security index of the system is derived based on the number of potential sensor and actuator vulnerabilities that can be exploited and the impact of attacks that exploit these vulnerabilities. The system’s security is then quantified with an overall attackability score based on the complexity of the attack and the number of sensors and actuators in the system that must be compromised for a successful attack to occur. This information can then determine solutions to increase the system’s security index.

Commercial Applications

  • Automated vehicle technologies
  • Connected and autonomous road vehicles

Benefits/Advantages

  • Characterizes the vulnerability and attackability of automotive controllers to aid in improving the security of the system
  • Uses the system's structural model to identify redundancies that could be used as residues to detect and isolate attacks
  • Can analyze the autonomous vehicle stack for the data-driven detection of faults/attacks

Patents

  • PCT/US2023/033278

Loading icon