CARAMEL was pleased to contribute to the EWGT2020, with three papers for the session Cybersecurity of Connected and Automated Vehicles.

As part of this year’s activities of the EWGT conference carried in Papus, Cyprus from September 16-18. CARAMEL presented the following 3 papers, product of the ongoing research activities:

• Addressing Cybersecurity in the Next Generation Mobility Ecosystem with CARAMEL
• A benchmarking framework for cyber-attacks on autonomous vehicles
• Impact of False Data Injection attacks on Decentralized Electric Vehicle Charging Protocols

Addressing Cybersecurity in the Next Generation Mobility Ecosystem with CARAMEL

The proliferation of next generation mobility, promotes the use of autonomous cars, connected vehicles and electromobility. It creates novel attack surfaces for high impact cyberattacks affecting the society. Addressing the cybersecurity challenges introduced by modern vehicles requires a proactive and multi-faceted approach combining techniques originating from various domains of ICT. Emerging technologies such as 5G, LiDAR, novel in-vehicle and roadside sensors and smart charging, used in modern cars, introduce new challenges and potential security gaps in the next generation mobility ecosystem. Thus, it is critical that the domain’s cybersecurity must be approached in a structured manner from a multi-domain and multi-technology perspective. The CARAMEL H2020 project aims to address the cybersecurity challenges on the pillars upon which the next generation mobility is constructed (i.e., autonomous mobility, connected mobility, electromobility). To achieve that, advanced Artificial Intelligence (AI) and Machine Learning (ML) techniques will be utilized for the identification of anomalies and the classification of incoming signals indicating a cyber-attack or a cybersecurity risk. Apart from risk detection, methods for the mitigation of the identified risks will also be continuously incorporated to the CARAMEL solution. The final goal of CARAMEL is to create an anti-hacking platform for the European automotive cybersecurity and to demonstrate its value through extensive attack and penetration scenarios. In this paper we will expand on the unique cybersecurity-relevant characteristics of the pillars upon which the CARAMEL solution is built. Next, a number of use cases emerging from such analysis will be extracted in order to form the basis upon which the CARAMEL platform will be evaluated. Finally, we will conclude with an overview of the platform’s architectural composition.

A benchmarking framework for cyber-attacks on autonomous vehicles

In this paper, a novel framework for a benchmark system for autonomous vehicles focusing on their security and reliability is proposed. Computer vision and networking technologies are improving offering solutions towards automation in connected autonomous vehicles. These systems are using sensor technologies, including vision and communication, providing information and measurements for the environment and other connected vehicles. As a result, unlike conventional vehicles, autonomous vehicles have to communicate with other vehicles as well as other external network infrastructure. However, such requirements make autonomous vulnerable to the attack. This may also motivate various types of cyber threats and attacks like traffic signs modification, GPS spoofing, and Vehicular Adhoc network distributed denial of service. Hence, this paper explores various aspects of security issues, vulnerabilities, exploitation methods and the adverse effect of them on connected autonomous vehicles and proposes a novel benchmark framework focusing on physical and communication-based attack to evaluate and assets the state- of-the-art technologies that are currently used during cyber-attack.

Impact of False Data Injection attacks on Decentralized Electric Vehicle Charging Protocols

Electric vehicles (EVs) gain great attention nowadays since the electrification of private and public transport has a great potential to reduce greenhouse gas emissions and mitigate oil dependency. However, the influx of a large number of electrical loads without any coordination could have adverse aects to the electrical grid. More importantly, the complexity in the coordination of a large number of EVs, pose critical challenges in ensuring overall system integrity. A typical attack found in the controllers of connected EVs is false data injection (FDI), which can be utilized to distort real energy demand and supply figures. Energy distribution requests may therefore be erroneous, which results in additional costs or more devastating hazards. The lack of a proper coordination scheme, robust to such cyber attacks could cause voltage magnitude drops and unacceptable load peaks. In this work, we study the impact of FDI attacks, on various decentralised charging protocol with reduced computational requirements. The proposed decentralised EV charging algorithms only require from each EV to solve a local problem, hence the proposed implementation require low computational resources. An extensive evaluation study highlights the strengths and weaknesses of the presented solutions which are based on iterative convex optimization solvers.