AUTOMOTIVE TESTING & CYBERSECURITY
Research, training, and embedded security evalutions using the ChipWhisperer Ecosystem to validate and improve automotive security standards.
NewAE Technology Inc. manufactures open-source embedded security solutions, provides theoretical and hands-on training, and stays at the forefront of the latest embedded security research.
ChipWhisperer was started by Colin O'Flynn, the founder of NewAE Technology Inc, to bring side-channel power analysis and fault injection knowledge to everyone. This was the first open-source platform including hardware and software you could widely purchase (or even build yourself). ChipWhisperer Starter Kits equip you with everything to begin your automotive security testing journey.
Using ChipSHOUTER electromagnetic fault injection (EMFI) tool to bypass security on a modern automotive ECU
BAM BAM!! On Reliability of EMFI for in-situ Automotive ECU Attacks, lecture presented by Colin O'Flynn at escar Europe 2020 - The World's Leading Automotive Cyber Security Conference (November 2020).
This work targets a recent (2019) automotive ECU, and analyzes the target microcontroller used in laboratory conditions, and then transitions the attack to a real-world “in-situ” attack similar to a garage bench. The specific work appears relevant to several devices in the MPC55xx and MPC56xx series, which are automotive-focused PowerPC devices.
Using ChipSHOUTER for ISO-26262 Safety Testing
Electromagnetic fault injection (EMFI) can cause many of the faults listed in ISO26262-11 for digital devices. This fault injection can be used for both safety and security testing, and the ChipSHOUTER tool that performs EMFI fits easily on your workbench (try fitting a particle accelerator in your lab!).
This whitepaper takes two real-life production ECUs and performs safety and security testing without even needing special instrumentation or debug access.
Whitepaper: Electromagnetic Fault Injection (EMFI) for Automotive Safety & Security Testing with the ChipSHOUTER
Did you know that fault injection attacks can bypass security measures on automotive ECUs?
Understanding these vulnerabilities can provide insight into how to improve the security on these boards and your overall system. Testing and implementing security measures on development boards allows you to identify specific problems early on in order to make informed decisions when it comes to automotive product design. Identifying vulnerabilities using fault injection is an affordable and practical method for evaluating your automotive security measures at critical stages of development and design.
Electromagnetic fault injection (EMFI) can insert faults such as corrupting memory and causing instruction skips. EMFI can be used to bypass security mechanisms (such as demonstrated by bypassing security measures on a modern ECU) as part of attacks, but EMFI can also be used to validate your safety-critical code running on final devices without requiring any additional instrumentation or changes.
Hardware Starter Kits and Automotive Targets
Starter Kits for power analysis (ChipWhisperer L1 and L2 Kits, ChipWhisperer-Pro) and electromagnetic fault injection (ChipSHOUTER) provide everything you need to get started. We have a number of automotive targets, which can be added to any kit.
Embedded Security Training
Embed your team with the knowledge and tools to improve your automotive security practices.
[ONLINE] Introduction to Side-Channel Analysis - FREE
Enroll for a FREE on-demand introduction to side-channel power analysis attacks. Learn using the ultimate combination of theory, hands-on labs, and application-specific examples to give you an invigorating embedded security training.
This training uses ChipWhisperer to teach you both theory and application, and supporting it helps fund open-source resources that benefit the wider community.