In the field of vehicle security we focus on both in-vehicle and V2X communications. Regarding in-vehicle communications we focus on CAN networks. We implement synthetic and real life attacks against the CAN network to design and propely verify novel intrusion detection solutions. We also analyze the CAN data from a privacy point of view, including the potential for driver identification, location tracking and the inference of other sensitive information.
Regarding V2X, we focus on misbehavior detection: identifying whether a vehicle or infrastructure element spread bogus information (either maliciously owing to malfunction) We investigate both the technical (detection methods, short-term reaction, long-term reaction) and the economic incentive aspects (whether to participate in the detection) of a distributed misbehavior mitigation system.
We would like to boost international cooperation and encourage other research groups to start working on the vehicle security topics. For this reason we release some of our collected data.
Each trace data contains a csv file with CAN messages captured during the drive. For each message the capture time is also recorded in a Unix timestamp. The trace data also contains a gps log of the drive where we had access to an additional recorder.
The tools and scripts used for our research results are released on github to help other research institues reproduce and build on our results.
SECREDAS consortium – 69 partners from 16 European countries – has kicked-off the 50 MEuro ECSEL Joint Undertaking research and innovation project, to build a reference architecture for Secure and Safe Automated systems compliant with the new GDPR Regulation. We focus on two main aspects within SECREDAS. First, we design and develop technologies securing the communication inside the vehicle (CAN bus) and between vehicle and other entities (V2X). Second, we analyze the privacy requirements of technological design patters used across SECREDAS system levels, and design a privacy-preserving external data release mechanism for various sensor data.
The VCG project develops security measures for protecting modern vehicles from cyber attacks. Within the project, CrySyS Lab members work on forensic tools and methods for uncovering traces of cyber attacks on vehicles, including anomaly detection in the CAN traffic. We also work on determining the privacy risks of CAN data collection and on new privacy enhancing technologies that mitigate the identified risks. We also work, in collaboration with project partners, on a secure gateway platform that provides secure remote access to vehicles. Project partners: Evopro Innovation, Inventure.
SeVeCom addressed security of future vehicle communication networks, including both the security and privacy of inter-vehicular and vehicle-infrastructure communication. Its objective was to define the security architecture of such networks, as well as to propose a roadmap for progressive deployment of security functions in these networks.