Vulnerability Analysis of Highly Automated Vehicular Systems Using Structural Redundancy

Vulnerability analysis and security quantification for automotive systems with limited system information is an arduous task. This work performs vulnerability analysis of Highly Automated Vehicular Systems (HAVS) using its structural model. The analysis is performed based on the severity and detectability of attacks in the system. We consider a grey box - an unknown nonlinear dynamic model of the system. We decipher the dependency of input-output constraints by analyzing the behavioral model developed by measuring the outputs while manipulating the inputs on the Controller Area Network (CAN). We identify the vulnerabilities in the system that are exploited due to improper network segmentation (improper gateway implementation), open network components, and sensors and model them with the system dynamics as attack vectors. We then identify the redundant and non-redundant parts of the system based on the unknown variables and sensor configuration. Then we analyze the security implications based on the placement of the attack vectors with respect to the redundant and non-redundant parts using canonical decomposition of the structural model. With the help of Model-In-Loop (MIL) simulations, we verify and evaluate how the proposed analysis could be used to enhance automotive security.