Attacking AUTOSAR using Software and Hardware Attacks

Pascal Nasahl; Niek Timmers

Attacking AUTOSAR using Software and Hardware Attacks

Pascal Nasahl, Niek Timmers

Institut für Angewandte Informationsverarbeitung und Kommunikationstechnologie (7050)

Publikation: Konferenzbeitrag › Paper › Begutachtung

Abstract

The AUTomotive Open System ARchitecture (AUTOSAR) development partnership is a world-wide initiative aiming to jointly develop and establish an open industry standard for automotive E/E software architectures. This standard is rapidly being adopted by the automotive industry and therefore
it is important to understand the attack surface of AUTOSAR-based electronic control units (ECU). In this paper we describe several scenarios how software and hardware attacks can compromise the security of AUTOSAR-based ECUs. We consider an attacker with physical access to the ECU who is capable
of exploiting both software and hardware vulnerabilities. We discuss how an attacker can use different attack techniques to exploit these vulnerabilities. Moreover, we describe a case study in full detail where we execute arbitrary code on an AUTOSAR-based demonstration ECU by performing a voltage
fault injection attack on the AUTOSAR communication stack.
Several automotive threats may materialize if an attacker is able
to execute arbitrary code on an ECU. For example, it will be possible to persistently modify the ECU’s functionality if its code is not authenticated using secure boot.

Originalsprache	englisch
Seitenumfang	7
Publikationsstatus	Veröffentlicht - 12 Juli 2019
Veranstaltung	escar USA - , USA / Vereinigte Staaten Dauer: 11 Juni 2019 → 12 Juni 2019

Konferenz

Konferenz	escar USA
Land/Gebiet	USA / Vereinigte Staaten
Zeitraum	11/06/19 → 12/06/19

Zugriff auf Dokument

Attacking AUTOSAR using Software and Hardware AttacksAkzeptiertes Autorenmanuskript, 210 KBLizenz: CC BY 4.0

Dieses zitieren

@conference{026d8db2197245c7ba207e6287b91876,

title = "Attacking AUTOSAR using Software and Hardware Attacks",

abstract = " The AUTomotive Open System ARchitecture (AUTOSAR) development partnership is a world-wide initiative aiming to jointly develop and establish an open industry standard for automotive E/E software architectures. This standard is rapidly being adopted by the automotive industry and thereforeit is important to understand the attack surface of AUTOSAR-based electronic control units (ECU). In this paper we describe several scenarios how software and hardware attacks can compromise the security of AUTOSAR-based ECUs. We consider an attacker with physical access to the ECU who is capableof exploiting both software and hardware vulnerabilities. We discuss how an attacker can use different attack techniques to exploit these vulnerabilities. Moreover, we describe a case study in full detail where we execute arbitrary code on an AUTOSAR-based demonstration ECU by performing a voltagefault injection attack on the AUTOSAR communication stack.Several automotive threats may materialize if an attacker is ableto execute arbitrary code on an ECU. For example, it will be possible to persistently modify the ECU{\textquoteright}s functionality if its code is not authenticated using secure boot.",

author = "Pascal Nasahl and Niek Timmers",

year = "2019",

month = jul,

day = "12",

language = "English",

note = "escar USA ; Conference date: 11-06-2019 Through 12-06-2019",

}

TY - CONF

T1 - Attacking AUTOSAR using Software and Hardware Attacks

AU - Nasahl, Pascal

AU - Timmers, Niek

PY - 2019/7/12

Y1 - 2019/7/12

N2 - The AUTomotive Open System ARchitecture (AUTOSAR) development partnership is a world-wide initiative aiming to jointly develop and establish an open industry standard for automotive E/E software architectures. This standard is rapidly being adopted by the automotive industry and thereforeit is important to understand the attack surface of AUTOSAR-based electronic control units (ECU). In this paper we describe several scenarios how software and hardware attacks can compromise the security of AUTOSAR-based ECUs. We consider an attacker with physical access to the ECU who is capableof exploiting both software and hardware vulnerabilities. We discuss how an attacker can use different attack techniques to exploit these vulnerabilities. Moreover, we describe a case study in full detail where we execute arbitrary code on an AUTOSAR-based demonstration ECU by performing a voltagefault injection attack on the AUTOSAR communication stack.Several automotive threats may materialize if an attacker is ableto execute arbitrary code on an ECU. For example, it will be possible to persistently modify the ECU’s functionality if its code is not authenticated using secure boot.

AB - The AUTomotive Open System ARchitecture (AUTOSAR) development partnership is a world-wide initiative aiming to jointly develop and establish an open industry standard for automotive E/E software architectures. This standard is rapidly being adopted by the automotive industry and thereforeit is important to understand the attack surface of AUTOSAR-based electronic control units (ECU). In this paper we describe several scenarios how software and hardware attacks can compromise the security of AUTOSAR-based ECUs. We consider an attacker with physical access to the ECU who is capableof exploiting both software and hardware vulnerabilities. We discuss how an attacker can use different attack techniques to exploit these vulnerabilities. Moreover, we describe a case study in full detail where we execute arbitrary code on an AUTOSAR-based demonstration ECU by performing a voltagefault injection attack on the AUTOSAR communication stack.Several automotive threats may materialize if an attacker is ableto execute arbitrary code on an ECU. For example, it will be possible to persistently modify the ECU’s functionality if its code is not authenticated using secure boot.

M3 - Paper

T2 - escar USA

Y2 - 11 June 2019 through 12 June 2019

ER -

Attacking AUTOSAR using Software and Hardware Attacks

Abstract

Konferenz

Zugriff auf Dokument

Fingerprint

Dieses zitieren