A multidisciplinary detection system for cyber attacks on Powertrain Cyber Physical Systems

With the introduction of external connectivity to modern vehicles, both academic and industry security practitioners addressed the issues related to external communication interfaces exposing internal networks that are used to control the different vehicle's systems. Despite these issues are considered having little-to-no impact on the functioning of the vehicle itself due to their demand of physical connection, with the advent of cellular connectivity proof-of-concept and demonstrations of remote takeover of the vehicle have been showcased, raising awareness about the risks related to the introduction of external connectivity on the vehicle system. All these remote attacks demonstrated by security researchers exploited several vulnerabilities to gain remote access to the Controller Area Network (CAN), one of the most deployed in-vehicle communication protocol. In these works, the authors demonstrate how to exploit the drive-by-wire features of modern vehicles to jeopardize people inside and outside the vehicle. To address this issue, several researchers designed algorithms to detect the injection of malicious CAN messages. However, these solutions are focused on the only CAN communication, without considering all the other subsystems that can be used by an attacker to hijack the vehicular system.Due to their high complexity, modern vehicle can be seen as Cyber-Physical Systems, in which the physical system (i.e. the mechanics of the vehicle) are controlled via software hosted on microcon-trollers that communicate with each other via different communication protocols. Hence, to properly address the cybersecurity of a modern vehicle it is necessary to consider all the different aspects of the system, without focusing on a single one. In this work we investigate the capabilities of a multidisciplinary approach for anomaly detection based for securing the powertrain system of a generic vehicle. The experimental analysis presented in this paper is based on the model of a generic internal combustion engine and a speed controller, communicating via CAN. Four different detection methods from both control theory and computer security are tested against cyber attacks carried out from different contexts. Our threat model is composed by different attack scenarios representative of known cyber-attacks targeting modern vehicles. The experimental evaluation presented in this work highlights the strengths and weaknesses of each detection method against different attack scenarios carried out on the different components of our system.To the best of our knowledge, this is the first paper addressing the cyber security of the connected vehicle with a multidisciplinary approach.(c) 2023 Elsevier B.V. All rights reserved.