sowhat | Security Of the Way to Handle Automotive sysTems

Our Team

Researchers

Giampaolo Bella

Associate Professor at the "Dipartimento di Matematica e Informatica" of the "Università di Catania", Italy

Home Page

Gianpiero Costantino

Researcher of the "Trust Security and Privacy" at the "IIT" of the "CNR", Italy

Home Page

Ilaria Matteucci

Researcher of the "Trust Security and Privacy" at the "IIT" of the "CNR", Italy

Home Page

PhD Students/Research Fellows

Pietro Biondi

PhD Student at the "Dipartimento di Matematica e Informatica" of the "Università di Catania", Italy

Home Page

Davide Micale

PhD Student at the "Dipartimento di Matematica e Informatica" of the "Università di Catania", Italy

Industrial PhD co-funded by CNR and ParkSmart

Marco De Vincenzi

Research Fellow of the "Trust Security and Privacy" at the "IIT" of the "CNR", Italy

Publications

Journals

2022

Gianpiero Costantino and Ilaria Matteucci. Reversing Kia Motors Head Unit to discover and exploit software vulnerabilities. J. Comput Virol Hack Tech (2022).
Gianpiero Costantino, Marco De Vincenzi, Ilaria Matteucci In-Depth Exploration of ISO/SAE 21434 and Its Correlations with Existing Standards. IEEE Commun. Stand. Mag. 6(1): 84-92 (2022).

2019

Antonia Bertolino, Antonello Calabró, Felicita Di Giandomenico, Giuseppe Lami, Francesca Lonetti, Eda Marchetti, Fabio Martinelli, Ilaria Matteucci, Paolo Mori. A tour of secure software engineering solutions for connected vehicles. Software Quality Journal 26(4): 1223-1256 (2018).

2018

Luca Dariz, Gianpiero Costantino, Massimiliano Ruggeri, Fabio Martinelli A Joint Safety and Security Analysis of message protection for CAN bus protocol. Astes Journal.

Conferences and Workshops

2022

Christian Plappert, Florian Fenzl, Roland Rieke, Ilaria Matteucci, Gianpiero Costantino, Marco De Vincenzi. SECPAT: Security Patterns for Resilient Automotive E / E Architectures. PDP 2022: 255-264

2021

Gianpiero Costantino, Ilaria Matteucci, Davide Micale, Giuseppe Patanè. Private Drivers Identification based on users' routine. ISPA/BDCloud/SocialCom/SustainCom 2021: 1753-1762
Giampaolo Bella, Pietro Biondi, Gianpiero Costantino, Ilaria Matteucci, Mirco Marchetti. Towards the COSCA framework for "COnseptualing Secure CArs". Open Identity Summit 2021: 37-46
Giampaolo Bella, Pietro Biondi, Marco De Vincenzi, Giuseppe Tudisco. Privacy and modern cars through a dual lens. EuroS&P Workshops 2021: 136-143

2020

Giampaolo Bella, Pietro Biondi, Gianpiero Costantino, Ilaria Matteucci. CINNAMON: A Module for AUTOSAR Secure Onboard Communication. EDCC 2020: 103-110
Gianpiero Costantino, Luca Dariz, Ilaria Matteucci. Analysis of Functional Safety in a secure implementation of CAN Protocol. INDIN 2020: 134-141
Gianpiero Costantino, Ilaria Matteucci, Domenico Morales. EARNEST: A challenge-based intrusion prevention system for CAN messages. ISSRE Workshops 2020: 243-248

2019

Giampaolo Bella, Pietro Biondi.You Overtrust Your Printer. SAFECOMP Workshops 2019: STRIVE. 264-274
Gianpiero Costantino, Ilaria Matteucci.Demo: CANDY CREAM. SAFECOMP Workshops 2019: STRIVE. 203-209
Gianpiero Costantino, Ilaria Matteucci. CANDY CREAM - haCking infotAiNment AnDroid sYstems to Command instRument clustEr via cAn data fraMe. IEEE EUC 2019: The 17th IEEE International Conference on Embedded and Ubiquitous Computing.
Giampaolo Bella, Pietro Biondi, Gianpiero Costantino, Ilaria Matteucci. Implementing CAN bus security by TOUCAN. ACM MobiHoc 2019: the 20th International Symposium on Mobile Ad Hoc Networking and Computing.
Giampaolo Bella, Pietro Biondi, Gianpiero Costantino, Ilaria Matteucci. POSTER: Are you secure in your car? ACM WiSEC 2019: 12th ACM Conference on Security and Privacy in Wireless and Mobile Networks.
Giampaolo Bella, Pietro Biondi, Gianpiero Costantino, Ilaria Matteucci. TOUCAN - proTocol tO secUre Controlled Area Network AUTOSEC@CODASPY 2019, Dallas, Texas.

2018

Giampaolo Bella, Pietro Biondi. Towards an Integrated Penetration Testing Environment for the CAN Protocol. SAFECOMP Workshops 2018: 344-352.
Gianpiero Costantino, Fabio Martinelli, Ilaria Matteucci, Antonia Bertolino, Antonello Calabrò, Eda Marchetti. CARS: Context Aware Reputation Systems to Evaluate Vehicles' Behaviour. PDP 2018: 446-453.
Gianpiero Costantino, Antonio La Marra, Fabio Martinelli, Ilaria Matteucci. CANDY: A Social Engineering Attack to Leak Information from Infotainment System. CA2V@VTS Spring 2018. Porto, Portugal.
Gianpiero Costantino, Fabio Martinelli, Ilaria Matteucci, Francesco Mercaldo. Improving Vehicle Safety through a Fog Collaborative Infrastructure. SIW@SMARTCOMP 2018, Taormina, Italy.

2017

Gianpiero Costantino, Fabio Martinelli, Ilaria Matteucci. Reputation Systems to Mitigate DoS Attack in Vehicular Network. CRITIS 2017: 261-265.
Luca Dariz, Michele Selvatici, Massimiliano Ruggeri, Gianpiero Costantino, Fabio Martinelli. Trade-off analysis of safety and security in CAN bus communication. MT-ITS 2017: 226-231.

2016

Gianpiero Costantino, Fabio Martinelli, Ilaria Matteucci: Exploiting Vehicles' Reputation to Mitigate DoS Attack. AMARETTO@MODELSWARD 2016: 75-82.
Luca Dariz, Massimiliano Ruggeri, Gianpiero Costantino, Fabio Martinelli. A Survey over Low-Level Security Issues in Heavy Duty Vehicles. The 14th ESCAR Europe - The world’s leading Automotive Cyber Security conference).

GitLab Projects

Modern Vehicles are Cyber Physical Systems that need to be protected agains Cyber Security attacks

TOUCAN (2019)

TOUCAN is a new security protocol designed to be secure and at the same time both CAN and AUTOSAR compliant. It achieves security in terms of authenticity, integrity and confidentiality.

Learn More

Candy (2019)

CANDY is a set of malicious APP injected into a genuine Android APP, acting as a Trojan-horse on the Android In-Vehicle infotainment system to remotely collect information circulating on the CAN bus

Learn More

RSAOverCAN (2019)

This project designs of a protocol for the exchange of session keys based on the experimental study of the adoption of RSA in the automotive context, in the light of the constraints and requirements that this application domain imposes.

Learn More

Cars (2018)

CARS is a Context Aware Reputation System able to identify insider attackers and isolate them taking into account contextual conditions derived from sensors spread along the entire urban network.

Learn More

CAN Flood (2019)

CAN Flood is a post-exploitation module that floods a CAN interface for a number of rounds. The module is general as it is parametric in the frame list. CAN Flood is available within the Metasploit Framework

Learn More

Koffee (2021)

KOFFEE exploits the CVE-2020-8539 to execute the micomd binary with valid payloads on Kia Motors Head Units. By using KOFFEE an attacker can control the head unit and send CAN bus frames into the Multimedia CAN of the vehicle

Learn More

CandyRe (2019)

CandyRe is a cybersecurity attack that exploits the Android ADB Debug Port Remote Access vulnerability of an Android based infotainement system to remotely send crafted CAN messages to a simulated odometer.

Learn More

Candy Cream (2019)

CandyCream is an exploit that works on an Android In-Vehicle infotainment system connected to the car through the CAN bus.

Learn More

Research Projects

COSCA - COnceptualising Secure CArs

Start Date: 01/06/2020
End Date: 31/05/2021

COSCA is a European project selected in the H2020 competitive selection N° 825618 - NGI_TRUST 2nd Open Call - 2019002. The duration of the project is one year. The project outputs a conceptual Framework for car security, drivers’ privacy and trust enhancement, thus orienting the Next Generation Internet at its core.

MIT License Copyright (c) [2019] [SOWHAT R&D] Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

sowhat security of the way to handle automotive systems

SOWHAT
Security Of the Way to Handle Automotive sysTems

News

Events

Our Team

Researchers

Giampaolo Bella

Gianpiero Costantino

Ilaria Matteucci

PhD Students/Research Fellows

Pietro Biondi

Davide Micale

Marco De Vincenzi

Publications

Journals

2022

2019

2018

Conferences and Workshops

2022

2021

2020

2019

2018

2017

2016

GitLab Projects

TOUCAN (2019)

Candy (2019)

RSAOverCAN (2019)

Cars (2018)

CAN Flood (2019)

Koffee (2021)

CandyRe (2019)

Candy Cream (2019)

Research Projects

COSCA - COnceptualising Secure CArs

Contact

Follow Us on

SOWHAT Security Of the Way to Handle Automotive sysTems

News

Events

Our Team

Researchers

Giampaolo Bella

Gianpiero Costantino

Ilaria Matteucci

PhD Students/Research Fellows

Pietro Biondi

Davide Micale

Marco De Vincenzi

Publications

Journals

2022

2019

2018

Conferences and Workshops

2022

2021

2020

2019

2018

2017

2016

GitLab Projects

TOUCAN (2019)

Candy (2019)

RSAOverCAN (2019)

Cars (2018)

CAN Flood (2019)

Koffee (2021)

CandyRe (2019)

Candy Cream (2019)

Research Projects

COSCA - COnceptualising Secure CArs

Contact

Follow Us on

SOWHAT
Security Of the Way to Handle Automotive sysTems