To join this session live please go to:Description: We have developed an open distributed embedded platform prototype that targets automotive traffic monitoring across multiple CAN bus networks. This ecosystem interconnects multiple Raspberry Pi devices (e.g., RPI1, RPI2) to an Odroid XU3 which serves as a gateway node. CAN interconnection is based a) for Raspberry Pi, on IndustrialBerry's CANberry Dual V2.1 device, and b) for Odroid XU3, on two (incoming/outgoing) USB-to-CAN interfaces based on Scantool’s OBD Dev Kit (with STN2120 chipset). Our embedded software toolchain uses a) for RPI, Linux can-utils tools, and b) for Odroid XU3, an extended serial terminal code that uses multiple POSIX threads to manage incoming and outgoing CAN connections; gateway configuration and packet send/receive functions are based on USB-to-serial STN2120’s ELM327 AT and ST commands. During normal operation, RPI2 (CAN2) carries actual engine traffic (based on Korean dataset -- http://ocslab.hksecurity.net/Dataset/CAN-intrusion-dataset), while at the same time RPI1 requests, related to on-screen display depart from RPI1 (CAN1), are received from RPI2 (CAN2) via the Gateway, and then, answered back to RPI1 (closing a round trip). In our threat model, we carry out a denial-of-service (DoS) attack on the CAN1 gateway interface and examine different metrics that can possibly be used in order to detect the attack. At gateway-level, three non-intrusive DoS attack metrics considered are related to a) the frequency of CAN packets per ID, b) energy consumption of the Cortex-A15 cores (available via I2C from integrated INA231 sensors), and c) temperature gradients related to the four thermal zones (available via I2C from integrated sensors). In addition, variations of round-trip times (RTT) for packets that flow from RPI1 to RPI2 (via Odroid XU3), and back to RPI1 can be measured. Our results indicate significant tradeoffs related to the accuracy of the four proposed detection metrics, with the energy metric appearing to provide the highest assurance, i.e., the lowest false-positive/negative ratio for a given attacker injection rate. Prediction of an attack effectively triggers throttling down, shutting down, or sleeping the outgoing interface, thus safeguarding engine ECU nodes. Our open source software code will become available soon in sourceforge.net
