Vehicle Data Acquisition

advertisement
Vehicle Data Acquisition
Jeffrey Brenwald
Group 14
11-7-2011
Contents
Abstract
Problem Statement
How to Get There
Significant Technologies
Expected Outcomes
Conclusion
Works Cited
3
4
5
6
7
8
9
Page 2 of 9
Abstract
Consumer automobiles are selling as much now as they ever have and as every new one
comes out, they become more and more technologically advanced. A modern car has several
computers inside that can control everything from the entertainment, to the lights, to the
engine and braking. Each different system of the car has a dedicated Electronic Control Unit
(ECU). The ECU's are all interconnected in the Controller Area Network (CAN) (Nice). If only one
of the ECU's is compromised then it makes the whole CAN no longer secure. These are very
complex systems consisting of nearly 100 separate ECUs running upwards of 100 million lines of
code in a luxury vehicle (Charette).
Why then, do cars keep getting more and more electronic and less mechanical? Well,
because society likes new technology. Everyone wants their car to monitor how it is performing
1000 times per second to make minute adjustments that can increase safety or efficiency or
power. They want their car to automatically sync to their cell phone when they get in and play
all their favorite music and be able to send text messages by voice commands. What is a new
car if it can't tell you your location? How to get where you're going? Where the nearest ATM is?
Or any other bit of information?
All this technology though, comes with a price. That price is potential insecurities. It
may not be all that difficult for a crafty thief to hack into your car's computer systems and steal
your information, your possessions, or your car itself. A team of researchers at the University of
California-San Diego and at University of Washington found the systems of the vehicles to be
fragile and could easily be subverted by someone with enough time and resources (BBC). Also,
at the Swiss Federal Institute of Technology, researchers were able to unlock and start vehicles
equipped with smart keys using only two antennas (Hyde). The driver was completely unaware
that anything had happened and the total cost was under $1000.
Our goal is to find exactly where the security flaws exist in modern vehicles and to create
ways to fix those flaws and make the systems more secure. The first and main way of
implementing this will be to make a system that can notify you whenever your cars internal
computers are being accessed by any means, wired or wireless. Mainly we will focus our
attention on GM vehicles that have the On-Star system, but since all modern cars have nearly
identical methods of interaction, including the OBD-II port, media inputs, Bluetooth wireless,
AM and FM radio and others, our work will most likely apply to all modern vehicular systems.
Page 3 of 9
Problem Statement
There are over 255 million vehicles in the United States (“RITA | BTS”). All of them have
little to no physical security, and all of them are lacking electronic security from potential
hackers or thieves. It would be so easy for someone to approach your car and steal anything
that was inside. Perhaps an alarm would go off, but what do people do when they hear a car
alarm? Ignore it because it is usually just pressed by accident. Up to 95% of car alarms are
unnecessary and less than 1% of people would call the police if they heard a car alarm
(Anderson). You need a better form of security from sophisticated attacks and we think this is
something that can be changed.
The problem presented to us is to design and create improvements to current
automobile computer systems that would, in some way, advance their security. The
enhancements that we create should be able to be easily implemented into any vehicle with
little modifications and should be inconspicuous so that someone who does not know that the
vehicle has been upgraded would have no idea without being told.
First we will focus on understanding the inner working is the car's systems. This will be
vital to discover where the weak points in the car's security lie. We will do this by sending
various combinations of signals to the car's interfaces and recording any results. Once we have
a few varying signals that produce different reactions from the car, we will be able to
understand how that particular interface works.
The main port that our work will focus on is the OBD-II port because it is included on
every modern vehicle. The on-board diagnostics port can, when given the proper codes, access
all of the systems inside the vehicle. With this access, one could potentially lock or unlock the
car, start the engine, record audio from a built-in microphone, change engine settings, or even
disable functionality inside the car.
Once we have an understanding of how the car is interfaced, we will need to develop a
security system that will improve upon what is already in place. We must determine a way to
separate the authorized signals of the owner of the vehicle, from the unauthorized signals of an
intruder upon the vehicle. This will be the main idea for our security system, but there is also
another. We would like to create a way to notify the driver whenever an unauthorized signal
tries to penetrate the interfaces of the vehicle, so that he/she can be aware that someone has
tried to access it.
Page 4 of 9
How to Get There
The first objective in our project is to be able to interface with the car's computer
systems. If we cannot do this, then we cannot do any of the rest of our project, so this is the
most important step. There are many different ports and interfaces to access modern vehicles
including AM/FM radio, CD media, USB/iPod ports, Bluetooth wireless, 802.11 Wi-Fi, cellular
connections and the OBD-II port. For our project we only want to select one of them to focus
on because of time constraints. That one will be the OBD-II port. We choose this because it is
universal in that every modern car must have an OBD-II interface port on it and so by choosing
this, out work will be the most widely adaptable.
The next thing we need to be able to do is to find a way to send information to and
gather information from the car, through the OBD-II port. The standard way to use this port is
to connect it to a small, hand held computer, with a very simple interface. Through this you can
retrieve diagnostic information from the car as well as the ability to change certain information
in the car itself. More likely though, for out project, we will want to have a more custom
interface to the car through the OB-II port. For this we can use either an OBD-II to USB cable, or
a wireless transmitter that plugs into the OBD-II and broadcasts a short range signal to a
receiver. With either one of these methods going to a computer, we could write custom code
and send it to specific ports on the car to get the desired results.
The last step of our project will be to discover what specific signals control the aspects of
the car we are interested in, and then create the specific design that will block use of these
same signals to anyone who is unauthorized. We do not yet have the design for that because it
will depend upon what the signals actually are, and to find that out, we still have much work to
do.
Page 5 of 9
Significant Technologies
The main technology related to our project is the OBD-II port itself. The government has
mandated that all vehicles since 1996 must have this port on them (OBD FAQ). The OBD-II port
is mainly used by technicians to read your cars computer and find out specifically what is wrong
with it. It is usually located under the steering column, near the driver’s side door. We will be
using the OBD-II port to access information from the car's computer systems to gather in
information we need to make the vehicle more secure.
The only other significant technology related to our project is GM's On-Star system. This
system works by combining two separate technologies, a cell phone, and GPS. When combined
together, this can be called telematics (Freeman). Through the cell connection On-Star can
acquire data about your car and help you in an accident or just a situation of convince. We will
most likely not be focusing on On-Star much for our project though because it is much too
complicated for the amount of time and resources we have for this project.
Page 6 of 9
Expected Outcomes
Our expected outcome is to create a discrete, somewhat universal system that can be
implemented into modern automobiles to make them more secure from cyber attacks. We will
do this by finding out the specific signals that cause undesired activity, and then we will create
ways to protect against them. This system is for our use only and we are not trying to make a
product to sell. If we come up with a successful solution, we would like to see it commonly
implemented in all new cars that come out in the future, thus adding to their security from
electronic means.
We are not, however, trying to create a product to market ourselves. If we do find out
useful information, our goal would be to pass this onto the car manufactures so that they would
be able to use the effort we put into this. Car security is an idea that has not been thought
about much, but it definitely need to be thought about a lot. If something is not done soon,
electronic attacks on cars could become a major problem in the near future.
Page 7 of 9
Conclusion
As technology advances and cyber security becomes more important, one computer
system is often overlooked, the computer inside your car. We hope to, in this project make
people aware of the threat of attacks on vehicle computer systems by exposing the weaknesses
in their design, but then by also finding appropriate solutions to those weaknesses.
During this project, we must keep on a clear and focused path. If we cannot, we will not
achieve the results that we desire. We plan to focus on the OBD-II port through a computer
cable and by sending our various signals until we get the reaction that we want, we will learn
where the weaknesses exist. Then, armed with that knowledge, we can improve upon the
security.
There are many stakeholders in the project. First, anyone who owns a vehicle would be
one because they are dependent upon the security of their cars to keep them safe and secure.
A second stakeholder would be the car manufactures because they build the vehicles we are
testing and the results say a lot about them. Also they make money by selling their product, and
a secure product can definitely sell more than a non-secure one.
Page 8 of 9
Works Cited
Anderson, Brian C. "Article | Car Alarms Are Useless, So Ban Them." Manhattan Institute. 10 Jan. 2002.
Web. 07 Oct. 2011. <http://www.manhattan-institute.org/html/_nydn-car_alarms.htm>.
BBC. Hack attacks mounted on car control systems. BBC News, May 17, 2010. Web. 12 Oct. 2011
<http://www.bbc.co.uk/news/10119492>.
Charette, Robert. “This car runs on code.” Feb. 2009. Web. 12 Oct. 2011
<http://spectrum.ieee.org/green-tech/advanced-cars/this-car-runs-on-code>.
Checkoway, Stephen and Damon McCoy, Brian Kantor,Danny Anderson, Hovav Shacham, Stefan
Savage, Karl Koscher, Alexei Czeskis, Franziska Roesner, Tadayoshi Kohno. “Comprehensive
Experimental Analyses of Automotive Attack Surfacs.” 2011.
Freeman, Shanna. "HowStuffWorks" How OnStar Works" "HowStuffWorks "Auto" Discovery. Web. 16
Oct. 2011. <http://auto.howstuffworks.com/onstar.htm>
Hyde, Justin. "How Hackers Can Use Smart Keys To Steal Cars." Jalopnik. 18 Jan. 2011. Web. 11 Oct.
2011. <http://jalopnik.com/5736774/how-hackers-can-use-smart-keys-to-steal-cars>.
Leyden, J. “Boffins warn on car computer securityrisk.” The Register, May 14, 2010. Web. 12 Oct.
2011 <http://www.theregister.co.uk/2010/05/14/car_security_risks/>.
Nice, Karim. "HowStuffWorks" How Car Computers Work" "HowStuffWorks "Auto" Discovery. Web. 15
Sept. 2011. <http://auto.howstuffworks.com/under-the-hood/trends-innovations/carcomputer.htm>.
"OBD FAQ: Do I Have An OBD-II Vehicle?" OBD-II Trouble Codes - DTC Codes Car Repair. Web. 15 Sept.
2011. <http://www.obd-codes.com/faq/do-i-have-obd-ii-vehicle.php>.
"OnStar & Stabilitrak Become Standard on Vehicles Built by GM : Road & Travel Magazine."
Roadandtravel.com. Web. 15 Oct. 2011.
<http://www.roadandtravel.com/oempages/onstar/stabilitrak.htm>.
"RITA | BTS | National Transportation Statistics." RITA | Bureau of Transportation Statistics (BTS). Web.
07 Oct. 2011.
<http://www.bts.gov/publications/national_transportation_statistics/#front_matter>.
Page 9 of 9
Download