VitroBench: Manipulating in-vehicle networks and COTS ECUs on your bench: A comprehensive test platform for automotive cybersecurity research

Abstract

With the increasing connectivity employed in automotive systems, remote cyber attacks have now become a possibility and concrete threat. Prior works on automotive cyber security solutions have primarily focused evaluation either on real cars or via emulations of electronic control units (ECUs). Evaluation on real cars offers limited flexibility in manoeuvring the packets communicated through in-vehicle network (IVN). Meanwhile, emulations of ECUs rely on assumptions that may not correspond to the exact features in an IVN.In this paper, we present VitroBench, a comprehensive test platform involving commercial off-the-shelf (COTS) ECUs that allows arbitrary packet control over IVN. In contrast to existing automotive testbed, an appealing feature of VitroBench is that it allows replication of driving use cases and scenarios directly on the testbed involving COTS ECUs. This, in turn, allows us to design and evaluate concrete attacks that are directly related to a driving scenario. We present the design of VitroBench that allows us to sniff, inject packets to and isolate targeted ECU via bridging. The isolation of ECUs also offers fuzzing the respective ECUs. We evaluate the capability of VitroBench via launching concrete attacks and demonstrating the impact of such attacks. We discuss the careful design choices involved in VitroBench that inspire automotive cybersecurity research in future.