logo SBA

ETD

Archivio digitale delle tesi discusse presso l’Università di Pisa

Tesi etd-05192020-203819


Tipo di tesi
Tesi di laurea magistrale
Autore
ZANABONI, ROBERTO
URN
etd-05192020-203819
Titolo
A platform for automotive multi-interface cybersecurity vulnerability detection
Dipartimento
INGEGNERIA DELL'INFORMAZIONE
Corso di studi
COMPUTER ENGINEERING
Relatori
relatore Prof. Dini, Gianluca
correlatore Prof. Lettieri, Giuseppe
Parole chiave
  • attack-tree
  • automotive
  • cybersecurity
  • interfaces
  • pentesting
  • platform
  • security
  • threat
  • vulnerability
Data inizio appello
22/06/2020
Consultabilità
Non consultabile
Data di rilascio
22/06/2090
Riassunto
Modern vehicles are increasingly computerized and interconnected as they have Electronic Control Units(ECUs) responsible for one or more features, and they make decisions by exchanging data with the other ECUs through the internal network and with the outside world. The development of information technologies in vehicles and the lack of adequate protection measures has caused an increase in computer accidents, particularly in recent years. In this thesis, we modeled and analyzed the automotive sub-systems containing the Wi-Fi, Ethernet, and TPMS interfaces to discover the threats and get an idea of the attacks to reach them. Then we described the normal functioning of the communication protocols used by the interfaces, how the attacks can be implemented to exploit the weaknesses, and the proposed countermeasures. We developed a platform to collect and launch attack scripts that reproduce attacks already present in the literature and novel attacks as well. To develop attack scripts for the TPMS interface, we reverse-engineered the proprietary communication protocol. The attack scripts allow an interactive and automatic execution of the steps when the user interaction is not required. Our platform highlighted vulnerability in Automotive and ICT devices because they have not security measures implemented. Attacks have been successful also in an evaluation board Ethernet interface suitable for automotive systems design. Car manufacturers can verify the vulnerabilities of the systems using our platform, and then provide adequate defenses.
File