Invention Reference Number: 202305432

Technology Summary

Vehicle cybersecurity professionals rely on techniques such as network penetration testing and simulation of malicious cyberattacks to gather data to create robust security tools designed to protect a vehicle from real-world malicious attacks. However, current attack simulations and penetration testing technologies focus on individual computers or systems instead of the entire vehicle as an insecure platform. This technology is a software package, called Vehicle Attack Analysis Framework, that researchers can use to perform attacks without prior knowledge of complex code, configurations, or executions. It allows for simple data collection either while attacking or during regular operations without attacks, and can automate the data parsing process.

Description

Vehicles rely on networked architecture called a controller area network (CAN) that, like a local area network, allows computers to communicate. However, vehicles can be vulnerable to hacking and attacks through their CAN. CAN-based attacks are trivial: small commonly available computing devices can be used to attack the network. Typical penetration testing isolates one vehicle system for cyber-resilience testing. With this new framework, researchers can perform penetration testing to expose these vulnerabilities for the whole vehicle. This technology provides the means for penetration testing of the entire vehicle without prior knowledge of how to configure or program an attack. Attacks and recordings are performed via a CAN interface attached to a portable computing device by a connector. Metadata regarding the attack scenario and the accompanying CAN data logs are saved for future parsing and analysis.

Benefits

• Provides data collection during an attack and parses data
• Faster, more efficient means to learn about vulnerabilities
• No prior knowledge of coding, configurations or executions required
• Provides simple data collection during or after operations
• Automates data parsing programmatically

Applications and Industries

• Vehicle manufacturers
• Radiological material transportation security
• Vehicle threat and risk assessment (TARA) industry

Contact

To learn more about this technology, email partnerships@ornl.gov or call 865-574-1051.

Attachments/Links