SPECIAL NOTICE
99 -- Technology Opportunity: Vehicle Attack Framework for Penetration Testing and Analyzing Vehicle's Controller Area Network
- Notice Date
- 4/1/2024 8:34:41 AM
- Notice Type
- Special Notice
- Contracting Office
- ORNL UT-BATTELLE LLC-DOE CONTRACTOR Oak Ridge TN 37831 USA
- ZIP Code
- 37831
- Solicitation Number
- 2024-04-01-F
- Response Due
- 6/1/2024 2:00:00 PM
- Archive Date
- 06/16/2024
- Point of Contact
- Andreana Leskovjan, Phone: 8653410433
- E-Mail Address
-
leskovjanac@ornl.gov
(leskovjanac@ornl.gov)
- Description
- Invention Reference Number: 202305432 Technology Summary Vehicle cybersecurity professionals rely on techniques such as network penetration testing and simulation of malicious cyberattacks to gather data to create robust security tools designed to protect a vehicle from real-world malicious attacks. However, current attack simulations and penetration testing technologies focus on individual computers or systems instead of the entire vehicle as an insecure platform. This technology is a software package, called Vehicle Attack Analysis Framework, that researchers can use to perform attacks without prior knowledge of complex code, configurations, or executions. It allows for simple data collection either while attacking or during regular operations without attacks, and can automate the data parsing process. Description Vehicles rely on networked architecture called a controller area network (CAN) that, like a local area network, allows computers to communicate. However, vehicles can be vulnerable to hacking and attacks through their CAN. CAN-based attacks are trivial: small commonly available computing devices can be used to attack the network. Typical penetration testing isolates one vehicle system for cyber-resilience testing. With this new framework, researchers can perform penetration testing to expose these vulnerabilities for the whole vehicle. This technology provides the means for penetration testing of the entire vehicle without prior knowledge of how to configure or program an attack. Attacks and recordings are performed via a CAN interface attached to a portable computing device by a connector. Metadata regarding the attack scenario and the accompanying CAN data logs are saved for future parsing and analysis. Benefits Provides data collection during an attack and parses data Faster, more efficient means to learn about vulnerabilities No prior knowledge of coding, configurations or executions required Provides simple data collection during or after operations Automates data parsing programmatically Applications and Industries Vehicle manufacturers Radiological material transportation security Vehicle threat and risk assessment (TARA) industry Contact To learn more about this technology, email�partnerships@ornl.gov�or call 865-574-1051.
- Web Link
-
SAM.gov Permalink
(https://sam.gov/opp/0a3b02a10e1940a4bb8e57f4bba2d764/view)
- Place of Performance
- Address: Oak Ridge, TN, USA
- Country: USA
- Country: USA
- Record
- SN07015275-F 20240403/240401230042 (samdaily.us)
- Source
-
SAM.gov Link to This Notice
(may not be valid after Archive Date)
| FSG Index | This Issue's Index | Today's SAM Daily Index Page |