Securing Vehicle Electronic Control Unit (ECU) Communications and Stored Data by Md Swawibe Ul Alam A thesis submitted to the School of Computing in conformity with the requirements for the degree of Master of Science Queen's University Kingston, Ontario, Canada September 2018 Copyright c Md Swawibe Ul Alam, 2018 Abstract Nowadays, the automobile industry is integrating many new features into vehicles. To provide these features, various electronic systems are being added. These sys- tems are coordinated by different ECUs (Electronic Control Unit). Vehicle ECUs are internally connected through multiple communication buses. Any ECU connected to the bus can read or send data to other ECUs. As a result, if an adversary can compromise one of the ECUs, then the adversary will be able to access and exploit data of other important ECUs. The absence of confidentiality is the main reason for that. Furthermore, the absence of data integrity and authenticity make the commu- nications more vulnerable. In the past, it has been shown that an adversary can take control of the vehicle exploiting the inadequacy of CIA (Confidentiality, Integrity, and Authenticity). Moreover, an adversary can modify the stored data of an important ECU, if it is compromised. To solve these problems, we propose the use of symmetric key cryptography and elliptic curve-based Public Key Encryption (PKE) for ensuring confidentiality and the use of digital signature for ensuring integrity and authenticity. In addition, we propose the adoption of an identity-based access control in Mother ECUs (MECU, also known as a domain controller) to control the communication permissions. We also introduce Blockchain in vehicles to protect the stored data of ECUs. Finally, we integrate a watcher to monitor the stored data and report if it is i modified. We implement the proposed technique in two platforms, namely Docker and the ARM architecture-based Raspberry Pi Board. Our experiments show that the pro- posed technique can improve security in ECU communications. The watcher reports when an ECU data is modified which helps limit the damage when an ECU is com- promised. ii Acknowledgements I am grateful to my supervisor Professor Mohammad Zulkernine for his continu- ous support, guidance, patience, and motivation over the last two years at Queen's University. Without his help, this thesis would not have been possible. I would also like to dedicate this thesis to my parents and sister for their encour- agement, unconditional love, inspiration, motivation, and wisdom through my entire life. Finally, I would like to thank Dr. Clifford Liem for his guidance to my research during my internship and Dr. Shahrear Iqbal for his motivation during my experi- ments. I would also like to thank my colleagues at Queen's Reliable Software Technol- ogy Group (QRST) especially to Karim Lounis who have been more than supportive during this effort. iii Contents Abstracti Acknowledgements iii Contents iv List of Figures vii List of Tables ix Chapter 1: Introduction1 1.1 Motivation................................. 1 1.2 Problem Overview ............................ 3 1.3 Overview of the Proposed Approach................... 5 1.4 Contributions............................... 7 1.5 Organization of the Thesis........................ 8 Chapter 2: Background and Related Work9 2.1 Electronic Control Unit (ECU) ..................... 9 2.1.1 Mother ECU (MECU)...................... 10 2.2 In-Vehicle E/E-Architecture....................... 10 2.2.1 Current In-Vehicle E/E-Architecture .............. 10 2.2.2 Domain-Based In-Vehicle E/E-Architecture .......... 12 2.3 Cryptography............................... 13 2.3.1 Symmetric Key Cryptography.................. 13 2.3.2 Public Key Encryption (PKE).................. 14 2.3.3 Digital Signature......................... 15 2.4 Identity-Based Access Control...................... 15 2.5 Blockchain................................. 16 2.5.1 The Use of Blockchain in Bitcoin ................ 16 2.6 Related Work............................... 18 2.6.1 In-Vehicle Communication Security............... 18 iv 2.6.2 Use of Blockchain in Vehicles .................. 20 2.7 Summary ................................. 23 Chapter 3: ECU Communications and Data Security 25 3.1 Proposed Approach Overview...................... 25 3.2 Securing Vehicle ECU Communications................. 27 3.2.1 Structure of Lists......................... 27 3.2.2 Secure Communications between ECUs............. 29 3.2.2.1 Data Transaction Structure between ECUs . 31 3.2.3 Secure Communications from an ECU to an MECU . 32 3.3 Securing the Stored Data......................... 35 3.3.1 Storing Data in the Blockchain ................. 35 3.3.1.1 Data Transaction Structure from an MECU to the Leader.......................... 38 3.3.1.2 The Structure of Blocks................ 39 3.3.2 Data Monitoring by the Watcher ................ 40 3.3.3 Data Protection Without the Resource Consuming Algorithm 41 3.4 Major Challenges............................. 42 3.4.1 Transferring Data......................... 43 3.4.2 Choosing the Symmetric Key Cryptography.......... 44 3.4.3 The Use of Public Key Encryption ............... 45 3.4.4 Choosing the Digital Signature ................. 45 3.4.5 Using Blockchain in Vehicles................... 46 3.4.5.1 Resource Consuming Consensus Algorithm . 46 3.4.5.2 Latency of Transactions................ 47 3.4.5.3 Transaction Throughput of the Blockchain . 48 3.4.5.4 Resource Scarcity.................... 48 3.5 Summary ................................. 49 Chapter 4: Implementation and Evaluation 50 4.1 Initialization of ECUs and MECUs ................... 50 4.1.1 ECU Credential Initialization .................. 51 4.1.2 MECU Credential Initialization................. 51 4.1.3 Watcher Credential Initialization ................ 52 4.2 Implementation on the Docker...................... 52 4.2.1 Why Docker?........................... 53 4.2.2 Experimental Setup........................ 53 4.3 Implementation on the Raspberry Pi Board .............. 55 4.3.1 Why Raspberry Pi Board?.................... 55 4.3.2 Experimental Setup........................ 55 v 4.4 Security Experiments........................... 57 4.4.1 Data Confidentiality ....................... 57 4.4.2 Data Integrity and Authenticity................. 58 4.4.3 Identity-Based Access Control.................. 59 4.4.4 Security of the Stored Data ................... 61 4.5 Attack Protection Analysis........................ 62 4.5.1 Protection from Data Stealing.................. 63 4.5.2 Protection from Data Falsification................ 63 4.5.3 Protection from Control Override................ 63 4.5.4 Protection from Vehicle Degradation .............. 64 4.5.5 Protection from Remote Access Threats ............ 64 4.6 Performance Evaluation ......................... 65 4.6.1 End to End Delay on Docker .................. 66 4.6.2 End to End Delay on RPBs................... 66 4.6.3 Discussion of the End to End Delay............... 68 4.7 Summary ................................. 69 Chapter 5: Conclusion and Future Work 70 5.1 Conclusion................................. 70 5.2 Limitations ................................ 71 5.3 Future Work................................ 72 Bibliography 73 vi List of Figures 1.1 Overview of the proposed approach.................... 7 2.1 In-vehicle E/E-architecture of BMW 7 series............... 11 2.2 Domain-based in-vehicle E/E-architecture................ 13 2.3 Basic structure of a Bitcoin block..................... 17 3.1 The domain-based in-vehicle architecture after integrating the pro- posed approach............................... 26 3.2 The process of securing communications between ECUs. 29 3.3 The process of securing communications from an ECU to an MECU. 33 3.4 Data transaction structure from an ECU to an MECU. 35 3.5 The process of storing data in the Blockchain.............. 36 3.6 Data transaction structure from an MECU to the leader. 38 3.7 The Structure of Blocks.......................... 40 4.1 Docker container setup........................... 54 4.2 The experimental setup of RPBs..................... 56 4.3 Unencrypted data transmit from ECU2 to ECU1............ 57 4.4 Encrypted data transmit from ECU2 to ECU1. ............ 58 4.5 ECU1 rejects ECU2's data as the signature is not verified. 59 vii 4.6 MECU1 rejects ECU3's `Communication Request'. .......... 60 4.7 Watcher alert when a single block is compromised............ 61 4.8 Watcher alert when multiple blocks are compromised. 62 4.9 Average end to end delay of data transfer on Docker.......... 67 4.10 Average end to end delay of data transfer on RPBs........... 68 viii List of Tables 3.1 Request List. ............................... 27 3.2 Permission List............................... 28 3.3 State List.................................. 28 3.4 Data Transaction Structure between ECUs. .............. 31 4.1 Host Machine Specification........................ 54 ix 1 Chapter 1 Introduction 1.1 Motivation Modern vehicles are not just a combination of engine, chassis, body, and wheels. They are equipped with many sensors and electronic devices to assist drivers. By 2020, around 35 percent of total manufacturing costs for vehicles will be for electronics [63]. The vehicle industry is expanding exponentially and more features are being added to vehicles for safe driving. Most of these features are integrated as an electronic system or subsystem. To coordinate these electronic systems, vehicle manufacturers introduced Electronic Control Units