FAV-NSS: An HIL Framework for Accelerating Validation of Automotive Network Security Strategies
Changhong Li, Shashwat Khandelwal, Shreejith Shanker
TL;DR
FAV-NSS addresses the challenge of validating automotive CAN security countermeasures by providing a configurable FPGA-based hardware-in-loop platform that supports attack injection, real-time monitoring, and end-to-end verification. It features a virtual CAN bus, MicroBlaze-based ECUs, and a FINN-IDS core deployed in two integration modes: ECU-coupled accelerator and extended CAN controller. The authors report high IDS accuracy of $99.98\%$ on $180{,}000$ samples and a latency reduction from $5{,}056~\mu s$ to $794~\mu s$ ($6.3\times$) when IDS is placed near the CAN controller, demonstrating near-line-rate detection potential. The framework enables rapid prototyping, scalable testing, and systematic evaluation of security integrations for current and future vehicular networks, with clear pathways for multi-FPGA expansion and more complex ECU modeling.
Abstract
Complex electronic control unit (ECU) architectures, software models and in-vehicle networks are consistently improving safety and comfort functions in modern vehicles. However, the extended functionality and increased connectivity introduce new security risks and vulnerabilities that can be exploited on legacy automotive networks such as the controller area network (CAN). With the rising complexity of vehicular systems and attack vectors, the need for a flexible hardware-in-the-loop (HIL) test fixture that can inject attacks and validate the performance of countermeasures in near-real-world conditions in real time is vital. This paper presents an FPGA-based HIL framework tailored towards validating network security approaches (IDS, IPS) and smart integration strategies of such capabilities for an automotive CAN bus. FAV-NSS replicates an actual vehicular system environment with functional ECUs and network infrastructure on an FPGA, allowing functional validation of IDS/IPS algorithms, accelerator designs and integration schemes (software task on ECU, dedicated accelerator). To show the efficacy of FAV-NSS, we evaluate an IDS accelerator integration problem, both as a traditional coupled accelerator (to the ECU), and secondly close to the CAN controller (mimicking an extended CAN controller). We show that the latter strategy can be fully validated by our framework, which would otherwise require integration of specialised CAN modules into otherwise standard HIL fixtures with ability to instrument internal signals for characterising timing performance. The tests demonstrate a promising latency reduction of 6.3x when compared to the traditional coupled accelerator. Our case study demonstrates the potential of FAV-NSS for accelerating the optimisation, integration and verification of smart ECUs and communication controllers in current and future vehicular systems.