Securing Vehicle Electronic Control Unit (ECU) Communications and Stored Data

Abstract

Nowadays, the automobile industry is integrating many new features into vehicles. To provide these features, various electronic systems are being added. These systems are coordinated by different ECUs (Electronic Control Unit). Vehicle ECUs are internally connected through multiple communication buses. Any ECU connected to the bus can read or send data to other ECUs. As a result, if an adversary can compromise one of the ECUs, then the adversary will be able to access and exploit data of other important ECUs. The absence of confidentiality is the main reason for that. Furthermore, the absence of data integrity and authenticity make the communications more vulnerable. In the past, it has been shown that an adversary can take control of the vehicle exploiting the inadequacy of CIA (Confidentiality, Integrity, and Authenticity). Moreover, an adversary can modify the stored data of an important ECU, if it is compromised. To solve these problems, we propose the use of symmetric key cryptography and elliptic curve-based Public Key Encryption (PKE) for ensuring confidentiality and the use of digital signature for ensuring integrity and authenticity. In addition, we propose the adoption of an identity-based access control in Mother ECUs (MECU, also known as a domain controller) to control the communication permissions. We also introduce Blockchain in vehicles to protect the stored data of ECUs. Finally, we integrate a watcher to monitor the stored data and report if it is modified. We implement the proposed technique in two platforms, namely Docker and the ARM architecture-based Raspberry Pi Board. Our experiments show that the proposed technique can improve security in ECU communications. The watcher reports when an ECU data is modified which helps limit the damage when an ECU is compromised.