PART 1 - POWER ELECTRONICS CYBERSECURITY As power electronics comes online, cyber-attack risk increases
For better or worse, electronics devices are managing every aspect of our lives – in our homes, cars, factories, offices, public places and even in the grids that deliver all the power they need. As IoT technology drives these devices online, they become more visible, controllable, and efficient. However, they also become a cyber security risk, and subject to hacking.
This miniseries looks at two particularly critical areas of susceptibility for power electronics, with one article about electric vehicles and a second about power grids.
The first article, below, considers how, as electric vehicles (EVs) and eventually autonomous electric vehicles (AEVs) proliferate, their internal power electronics systems and components create an increasing cybersecurity challenge. This article looks at where the vulnerabilities exist, and a possible defense solution. The second article can be found here.
In April 2021, two attackers hacked into a Tesla remotely; they used a drone with WiFi, which could attack a parked car from up to 100 meters away. The attack, dubbed TBONE, exploits two vulnerabilities affecting ConnMan, an Internet connection manager for embedded devices. This exploitation allows hackers to appear as regular users to the infotainment system, allowing them to open doors, change seat positions, play music, control air conditioning, and modify steering and acceleration modes. It does not, however, yield drive control of the car.
Fortunately, this attack was performed by ‘white hat’ researchers participating in the Pwn2OWN 2020 hacking competition, where the results were reported to Tesla. Less fortunately, however, the incidence of ‘real’ cyber-attacks is very much on the increase. Upstream’s fourth annual Automotive Cybersecurity Report found that the frequency of cyberattacks on cars increased 225 % from 2018 to 2021. Nearly 85 % of attacks in 2021 were carried out remotely, outnumbering physical attacks by four to one.
The problem is arising in part because power and other electronic components within cars are no longer standalone devices. They are increasingly designed into cyber-physical systems (CPSs), which integrate computing processes and physical processes. They have physical components such as power modules or field sensors, and cyber components that interact with the real world via communications channels – and these channels create the vulnerabilities to cyber-attacks.
These issues are highlighted as electric vehicles (EVs) have become steadily more commercially and technically viable. EVs have been transforming modern transportation and energy systems, introducing fuel savings and environmental benefits which make them an attractive option for autonomous driving as well. However, to realize truly autonomous electric vehicles (AEVs), it is crucial that the vehicles interact with the physical world seamlessly through cameras, radars, and sensors for light detection and ranging, and that the vehicles have continuous/seamless broadband connectivity with each other and the supporting infrastructure.
A paper titled ‘Emerging Cyber-Physical Power Electronics Attacks in Autonomous Electric Vehicles’, presented at the IEEE CyberPELS 2019 conference, examines the hacking risk associated with building cyber-physical systems into AEVs, and one possible defense approach.
It describes how AEV cyberspace provides numerous opportunities for malicious actors threatening the security of the vehicles and their applications, potentially resulting in accidents, injuries, property/infrastructure damages, and even loss of life. Against these potentially traumatic scenarios, protecting them against malicious activities is of the utmost importance. In particular, the AEVs’ proliferation raises new security challenges relating to their control aspects – for example, electronic control units (ECUs) for engine control, battery management systems (BMSs), electronic brake control, traction drives, and higher levels of automated driving. Such systems can include multiple buses. On board and off board charging circuits are also vulnerable.
Automotive CPSs and their underlying hardware
These functions are typically driven by high-performance microcontrollers which are designed to control power electronics systems and provide advanced communications and digital signal processing capabilities. Most of these microcontrollers have evolved to provide very high precision sensing and powerful processing through accelerators or dual cores to enable design engineers to create highly efficient power systems.
Typically, there are a number of accelerators supporting the high-performance CPU core for the fast and ultra-efficient processing power required for highly complicated non-linear system control in real-time. These include accelerators for floating-point, complex math, trigonometric math, and control law.
The resulting hardware can provide specific peripherals to enable system-on-chip solutions for various closed loop control applications. These high-end controllers include communication peripherals such as Ethernet, UART, CAN, SPI, SCI etc. which are essential for connected systems but at the same time constitute one of the weakest points in terms of security.
Many of these control functions are mission-critical for the AEV. Power electronics circuits operate to ensure efficient, stable, and high-quality power conversion and control of the power flow from energy storage unit to electric motor during traction, or from utility grid to energy storage unit during external battery charging. The safety of such circuits is of paramount importance.
The engine ECU communicates with the individual power converter controllers to drive the vehicle in a stable way and to control the vehicle based on physical/autonomous driver requests. The conventional precautions taken to protect the traction drive inverter or onboard/off-board charger include over-voltage/current and over-temperature protection of the circuitry. The fidelity of the sensed values such as current, voltage, or motor position is very important to the vehicle’s safe performance. The motor controller parameters needed for stable motor operation are also crucial. Further, on-board and off-board chargers controller parameters are also important to protect the battery and grid operation.
Unfortunately, these critical functions are vulnerable to various attack modes. An attacker can compromise the BMS and cause critical damage to the battery system’s thermal stability. They can also compromise the traction drive in various ways – for example, changing the traction inverter’s controller parameters, or changing the sensor signals retrieved from the inverter end electric motor. Also, charging stations can be compromised, causing damage to power grid operations. Additionally, AEVs can be compromised through other, less-specific means like firmware updates.
Vehicle power electronics defense options
It is crucial to keep the AEV power electronics secure from potential attacks. In particular it is important to ensure that the microcontrollers take control decisions on the true data, the control functions are executed properly, and the true commands are sent to the motors and other actuating devices.
Possible ways of attack mitigation on AEV power electronic systems include ensuring message authentication and data integrity. However, applying proper cryptography-based solutions incurs high overhead as they require dealing with large keys and expensive crypto computations. This overhead is not suitable for power electronic devices and controllers as they are resource constrained in terms of both memory and computing capacity.
Another potential defense strategy involves developing intrusion detection systems (IDSs) for the ECUs. However, providing a comprehensive solution, which often needs extensive data analysis, may not be possible to run in real time on the resource-constrained controller.
A more suitable approach is to develop a power electronics/microcontroller-level detection mechanism to spot incorrect inputs and outputs at the digital signal processor (DSP) gate drive. An on-chip-based intrusion detection system like this can detect malicious control parameters by checking the input and/or output patterns, and can protect the system by stopping the transmission of potentially malicious commands to the actuating devices.
This lower-level detection system can apply machine learning (ML) for detecting malicious control parameters. As the resource is limited in the power electronic devices, the effectiveness of the ML-based model will greatly depend on choosing the right model to be executed on the controller.
Future work proposed by the ‘Emerging Cyber-Physical Power Electronics Attacks in Autonomous Electric Vehicles’ paper’s authors includes detecting AEV power electronics input and output data, designing/training/building the ML-based classifier/IDS, deploying the model on the integrated microcontroller/power electronics hardware, and evaluating the efficacy of the defense solution.