Computer experts at the German Research Center for ArTIficial Intelligence (DFKI) and the Center for IT Security and Privacy (CISPA) are working on an application that blocks hackers from attacking cars and in software. With the help of the supplier, the app can be integrated into any car at will.
In order to remotely brake a vehicle that travels at speeds of more than 100 kilometers per hour, US security researcher Stephen Checkoway can do so with just one car music player software and a smartphone connected to it. "If the software is not connected to the car network connected by the CAN bus on that midsize sedan, then Checkoway wants to crack the driving system is not that easy." Stefan Nuernberger, who led the intelligent systems lab at DFKI, explained.
In order to avoid the installation of a lengthy and complex forest-like communication cable bus structure in a car, the automotive industry can communicate with each other using only one transmission cable. So in 1983, the CAN bus was developed. The CAN bus not only couples a number of sensors, such as for speed control, but also couples actuators such as servo motors. Control devices such as parking assistance also transmit their commands over the bus. "But from an information security perspective, this also has a negative effect: once a device connected to the bus is controlled by an attacker, it can masquerade as a different device and falsify the transmitted information," Nuernberger explained.
Therefore, Nuernberger is working with ChrisTIan Rossow, a professor of information security at the University of Saarland, to ensure that devices such as emergency brakes connected to the CAN bus confirm the true identity of the sender or the authenticity of the information. The software "VaTICAN" they developed for this purpose is able to do this because only legitimate sending devices can attach a compliant authentication code when sending a message.
This makes the safety check described below possible: the emergency brake assist system issues an instruction to the brake system as before, and then it calculates a safety verification code indicating only the current legal identity of the data packet based on a security key and sends it. Give the brake system. At the same time, the brake system calculates a safety verification code and compares it with the verification code sent on the CAN bus. If the two verification codes are the same, the brake system confirms that the command is true and performs the relevant action. Nuernberger said: "The brake system indirectly knows that the command comes from the brake assist system, because if it is not the brake assist system, there will be no correct verification code calculated and sent out."
Researchers are also investigating ways to deal with other attacks, such as logging and retransmitting information on the bus (called replay attacks), by adding a timestamp to the message. If the information is not immediate, then the information may be problematic. "Additional calculations only cost information transmission for 2 milliseconds." Nuernberger said after testing vaTICAN on Volkswagen Passat. This is acceptable for control programs that require immediate response. “When the packet is delayed by 2 milliseconds, the braking distance of a vehicle traveling at 130 km/h will be extended by 7 cm.†The researchers have demonstrated these methods at an international conference in Santa Barbara, California. Their software is free to use and downloaded via the Internet.
Gilbert Translator's Postscript: I feel that this article will be helpful for studying smart driving. However, in practical applications, whether the supplementary verification of auxiliary or automatic emergency brakes will bring side effects, or whether a more perfect solution can be adopted, I think it is necessary for researchers and the automobile manufacturing industry to continue to explore.
Universal Screen Protector, TPU Screen Protector, Hydrogel Protective Film, Protective Film, Hydrogel Screen Protector, TPU Protective Film
Shenzhen Jianjiantong Technology Co., Ltd. , https://www.tpuprotector.com