Linaro Tech Days has ended
Linaro Tech Days will feature some of the content from our cancelled event Linaro Connect Budapest remotely. These will be held via Zoom Webinar and livestreamed to Youtube. Joining information is available in each session description. If you cannot view the session please make sure you are registered and logged in.


Back To Schedule
Wednesday, March 25 • 17:30 - 17:55
LTD20-206 Detect Denial of Service on an Open Embedded Automotive Platform

Log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
To join this session live please go to:
We have developed an open distributed embedded platform prototype that targets automotive traffic monitoring across multiple CAN bus networks. This ecosystem interconnects multiple Raspberry Pi devices (e.g., RPI1, RPI2) to an Odroid XU3 which serves as a gateway node. CAN interconnection is based a) for Raspberry Pi, on IndustrialBerry's CANberry Dual V2.1 device, and b) for Odroid XU3, on two (incoming/outgoing) USB-to-CAN interfaces based on Scantool’s OBD Dev Kit (with STN2120 chipset). Our embedded software toolchain uses a) for RPI, Linux can-utils tools, and b) for Odroid XU3, an extended serial terminal code that uses multiple POSIX threads to manage incoming and outgoing CAN connections; gateway configuration and packet send/receive functions are based on USB-to-serial STN2120’s ELM327 AT and ST commands. During normal operation, RPI2 (CAN2) carries actual engine traffic (based on Korean dataset -- http://ocslab.hksecurity.net/Dataset/CAN-intrusion-dataset), while at the same time RPI1 requests, related to on-screen display depart from RPI1 (CAN1), are received from RPI2 (CAN2) via the Gateway, and then, answered back to RPI1 (closing a round trip). In our threat model, we carry out a denial-of-service (DoS) attack on the CAN1 gateway interface and examine different metrics that can possibly be used in order to detect the attack. At gateway-level, three non-intrusive DoS attack metrics considered are related to a) the frequency of CAN packets per ID, b) energy consumption of the Cortex-A15 cores (available via I2C from integrated INA231 sensors), and c) temperature gradients related to the four thermal zones (available via I2C from integrated sensors). In addition, variations of round-trip times (RTT) for packets that flow from RPI1 to RPI2 (via Odroid XU3), and back to RPI1 can be measured. Our results indicate significant tradeoffs related to the accuracy of the four proposed detection metrics, with the energy metric appearing to provide the highest assurance, i.e., the lowest false-positive/negative ratio for a given attacker injection rate. Prediction of an attack effectively triggers throttling down, shutting down, or sleeping the outgoing interface, thus safeguarding engine ECU nodes. Our open source software code will become available soon in sourceforge.net

avatar for Miltos Grammatikakis

Miltos Grammatikakis

Prof, Hellenic Mediterranean University
Miltos D. Grammatikakis received MSc (1985) and PhD (1991) in Computer Science from the University of Oklahoma. After holding a number of positions with Academia, research and industry in France, Germany and Greece, he is now a professor at TEI of Crete. He has participated in 22... Read More →

Wednesday March 25, 2020 17:30 - 17:55 UTC
Track 2 [Wednesday]