Welcome to DIAS Hackathon Testbed-1’s documentation!

The current page serves as the official documentation developed by UMFST (University of Medicine, Pharmacy, Science and Technology of Targu Mures), as part of the DIAS (Diagnostic Anti-Tampering Systems) H2020 project. This documentation describes the main features of the DIAS Testbed-1. In the DIAS project the testbed was part of the Hackathon 2 event, organized by the consortium.

The purpose of the testbed is to demonstrate how a set of security protocols can be connected, and how they interact in a automotive environment. The testbed contains the following components:

• Data reporting, using the Eclipse KUKSA.val server, together with COVESA Vehicle Signal Specification (VSS) and Bosch IoT Insights.

• Data authentication, using MixCAN authentication protocol or the AUTOSAR Secure On-Board Communication (SecOC) standard.

• A Controller Area Network (CAN) Stateful Firewall and Intrusion Detection System.

• A Secure Logging component that uses the Trusted Platform Module (TPM).

• A Key Distribution protocol that uses the TPM to generate Long-Term keys (LTKs) and Short-Term keys (STK).

How to follow

It is recommended to follow this documentation from start to finish. While doing so, there are of course sections or components that are depended on each other. For example, the documentation for the key distribution protocol should be followed in parallel for the slave and master. Besides this, there are configuration that must be done on the Electronic Control Unit (ECU), the sender Raspberry Pi, and the Connectivity Control Unit (CCU) the receiver Raspberry Pi.

Research

Teri Lenard and Roland Bolboaca. 2021. A Statefull Firewall and Intrusion Detection System Enforced with Secure Logging for Controller Area Network. European Interdisciplinary Cybersecurity Conference. Association for Computing Machinery, New York, NY, USA, 39–45. https://doi.org/10.1145/3487405.3487650

Genge, B., Haller, P. (2022). Cryptographic Key Distribution Protocol with Trusted Platform Module for Securing In-vehicle Communications. In The 15th International Conference Interdisciplinarity in Engineering. Inter-Eng 2021. Lecture Notes in Networks and Systems, vol 386. Springer, Cham. https://doi.org/10.1007/978-3-030-93817-8_71

T Lenard, R Bolboacă, B Genge and P Haller, “MixCAN: Mixed and Backward-Compatible Data Authentication Scheme for Controller Area Networks,” 2020 IFIP Networking Conference (Networking), 2020, pp. 395-403, http://dl.ifip.org/db/conf/networking/networking2020/1570620040.pdf

Resources

Usefull link:

• DIAS Hackathon Testbed-1 Github

• Getting Started with DIAS-KUKSA

• DIAS UMFST How To’s documentation

• Guide on how to manually set up a CAN interface

• Manually compiling TPM dependencies. Setup for virtual TPM

Contents:

• 1. Testbed dependencies
• 2. Electronic Control Unit Overview
• 3. LTK-STK Slave
• 4. MixCAN Sender
• 5. Connectivity Control Unit Overview
• 6. Firewall and Intrusion Detection System
• 7. Logging
• 8. LTK-STK Master
• 9. MixCAN Receiver
• 10. Kuksa.val Server
• 11. SecOC and DBCFeeder
• 12. Cloudfeeder
• 13. Telemetry and Log Deliverers

Acknowledgement

This work was funded by the European Union’s Horizon 2020 Research and Innovation Programme through DIAS project under Grant Agreement No. 814951. This document reflects only the author’s view and the Agency is not responsible for any use that may be made of the information it contains

Maintained by

Teri Lenard