Cyber assurance test bed for heavy vehicle controls

  • 14-Sep-2016 07:47 EDT
8142 Figure 1.jpg

Figure 1. Physical layout of a basic test bed.

To help connect security researchers to heavy trucks, a remotely accessible test bed is prototyped by researchers at the University of Tulsa, Colorado State University and Synercon Technologies. The test bed relies on embedded Linux-based node controllers that can simulate the sensor inputs to heavy-vehicle electronic control units (ECUs). The node controller also monitors and affects the flow of network information between the ECUs and the vehicle communications backbone.

Heavy vehicles have differences from automobiles that create a distinctive threat environment. The first difference is that heavy vehicles deploy an SAE J1939 specified communication network, with open documentation for packet definition and transmission. Passenger vehicles use distinct, higher-level communication protocols that may be proprietary, and thus less open to the creation of attack vectors. The second difference is that J1939 introduces a newer set of protocols that must be run above the CAN (physical layer). Because the J1939 layers are modeled on the network OSI (Open Systems Interconnection) stack, many of these protocols resemble communication protocols used in computer networks. Thus, the attacks common on computer networks may be adapted to vehicular networks following J1939.

While the J1939 network is founded on the same base CAN protocol that passenger vehicles use, heavy trucks follow a more horizontal integration to allow for customization, which requires a more homogeneous network architecture than that seen in passenger vehicles. The third difference is regarding the universal usage of telematics and third-party devices. Fleet managers often install third-party telematics units to connect the truck and driver to a back office server and logistics management system. Thus, it is possible for a heavy vehicle to be subverted through a third-party system.

The design of the test bed includes access to heavy-vehicle electronic parts to minimize cost and maximize utility. The test bed must be able to interact with both the cyber and physical aspects of heavy vehicle systems; therefore, sensor simulation is needed to provide the modules in the test bed with simulated physical environments.

The test bed is designed to enable a researcher to log into a node and observe or affect network traffic on two ends of the controller. As shown in Figure 1, the common backbone connects different ECU nodes. Each node has at least one node controller and one ECU. Some nodes have a sensor simulator to mimic physical sensor values.

The test bed design starts with a communications backbone consisting of an SAE J1939-13 nine-pin connector and its signals. Within the test bed, every engine control module (ECM) has its own remotely accessible node controller. The node controller is a Beagle Bone Black connected to a communications circuit board. This hardware is connected to the backbone and the ECM that it is controlling.

Each node controller is physically connected to an Ethernet switch, which is connected to the remote user management system. Through this network connection, remote users can log in and affect or observe network traffic to and from the backbone and the ECM in the node. They can also issue commands to affect the sensor simulation system.

Requirements for design of the test bed were that it have full J1939 implementation. In addition, it had to allow researchers to fully interact with the ECUs, input experimental or historic data to determine ECU responses, view the results in real time via live-updating charts and tables, inject their own J1939 messages onto the CAN network to simulate attacks, and record any traffic generated by an experiment for analysis.

The test bed architecture shown in Figure 2 consists of five layers: Web Interface, Experiment Processing framework, Experiment Logic framework, CAN Data Processor, and Database. The sequence diagram, shown in Figure 3, depicts the flow of functionality of the remote interface. To demonstrate the utility of the test bed, sample experiments were conducted for seed/key exchange, as well as intrusion detection.

Future study is planned to determine whether real-time constraints can be satisfied by the intrusion detection system (IDS) mechanism. Additional work will investigate the usefulness of the sampling techniques for real-time IDS. Researchers also plan to evaluate the IDS against the standard metrics proposed for IP networks. The eventual goal is to provide a repository of IDSs for J1939 traffic and provide a database of types of attacks detected, requirements needed to deploy the specific IDS, and performance under the given metrics.

This article is based on SAE technical paper 2016-01-8142 authored by Jeremy Daily, Rose Gamble, Stephen Moffitt, Conner Raines, Paul Harris, and Jannah Miran of University of Tulsa; Indrakshi Ray, Subhojeet Mukherjee, and Hossein Shirazi of Colorado State University; and James Johnson of Synercon Technologies. The paper will be presented at the SAE 2016 Commercial Vehicle Engineering Congress.

Share
HTML for Linking to Page
Page URL
Grade
Rate It
4.00 Avg. Rating

Read More Articles On

2016-08-26
The push toward miniaturization in the electronics industry has left designers little or no room for test points, and the expansion of high frequency technologies has resulted in a growing need for test equipment that has the capability to verify these types of very small circuits.
2016-08-26
dSPACE and BTC Embedded Systems offer a solution that improves test depth for the real-time validation of safety-critical applications with extension of classical test methods, easier compliance with safety standards and optimal integration and cross-platform use.
2016-08-26
CNH Industrial and AVL researchers used simulation, test bench, and road testing of a demonstrator vehicle with a WHR system to show significantly reduced fuel consumption.
2016-12-07
Christopher Grundler, the Director of OTAQ for the U.S. EPA, answered questions about Phase 2 rule-making for heavy trucks, global harmonization of emissions regulations, and his outlook for a new national NOx standard. Grundler will be the featured speaker on opening day of the SAE 2017 Government/Industry Meeting taking place January 25-27 in Washington D.C.

Related Items

Technical Paper / Journal Article
2010-10-05
Training / Education
2011-04-12
Article
2016-08-26
Technical Paper / Journal Article
2010-10-05