AutoCHERI launches cybersecurity penetration testing

Date: September 11, 2023. The AutoCheri project has officially commenced the penetration testing phase for its automotive cybersecurity protection chip. A secure TCU proof of concept using the Capability Hardware Enhanced RISC Instructions (CHERI) architecture created by the AutoCHERI project. These are brand-new chip architectural features that enable extremely scalable software compartmentalization and fine-grained memory protection.

AutoCheri aims to develop a cutting-edge security solution capable of safeguarding modern vehicles from cyberattacks. With the proliferation of connected cars and autonomous driving systems, the need for robust cybersecurity measures has become paramount.

The penetration testing phase is set to run for several months. During this time, it will subject the cybersecurity chip to a battery of rigorous tests and simulated attacks. Consequently, these tests will assess the chip’s ability to withstand various cyber threats, including hacking attempts, malware injections, and unauthorized access. The results of these tests will play a crucial role in fine-tuning the chip’s security mechanisms. They will also ensure its effectiveness in real-world scenarios.

In order to demonstrate CHERI technology in crucial applications, the project uses the Morello security chip. ARM and the University of Cambridge created the Morello chip. It is designed using the ARMv8.1 architecture to strike a compromise between performance and security in automobile telematics systems. Researchers may design safe apps for vehicle telematics with the help of Morello, which includes a development board, compiler, and toolchain.

A significant portion of this endeavor centers on analyzing, threat modeling, and implementing four specific use cases. These encompass processing vehicle diagnostics data, facilitating OTA software updates, managing V2I traffic, and enabling teleoperation. Additionally, the project is actively developing a suite of attacks based on Common Vulnerabilities and Exposures (CVE) notifications. The focus of these attacks is on memory-based vulnerabilities. They also involve fault injection via the CAN bus, aligning with the evolving threat landscape in smart vehicles.

As cyberattacks on vehicles continue to evolve, the development of advanced security measures becomes essential to maintain consumer trust and safety. In three weeks, the penetration testing will begin. Moreover, the automotive industry eagerly anticipates the outcomes of this project as it strives to create a safer and more secure future for connected vehicles.

Back to top button