Search Results

Controller area network (CAN) is used as a legacy protocol for in-vehicle communication. However, it lacks basic security features such as message authentication, integrity, confidentiality, etc., because the sender information in the message is missing. Hence, it is prone to different attacks like spoofing attacks, denial of service attacks, man in the middle and masquerade attacks. Researchers have proposed various techniques to detect and prevent these attacks, which can be split into two classes: (a) MAC-based techniques and (b) intrusion detection-based techniques. Further, intrusion detection systems can be divided into four categories: (i) message parameter- based, (ii) entropy-based, (iii) machine Learning-based and (iv) fingerprinting-based. This paper details state-of- the-art survey of fingerprinting-based intrusion detection techniques. In addition, the advantages and limitations of different fingerprinting-based intrusion detection techniques methods will be discussed.

Driven by the growing internet and remote connectivity of automobiles, combined with the emerging trend to automated driving, the importance of security for automotive systems is massively increasing. Although cyber security is a common part of daily routines in the traditional IT domain, necessary security mechanisms are not yet widely applied in the vehicles. At first glance, this may not appear to be a problem as there are lots of solutions from other domains, which potentially could be re-used. But substantial differences compared to an automotive environment have to be taken into account, drastically reducing the possibilities for simple reuse. Our contribution is to address automotive electronics engineers who are confronted with security requirements. Therefore, it will firstly provide some basic knowledge about IT security and subsequently present a selection of automotive specific security use cases.

This paper is the second in the series of documents designed to record the progress of a series of SAE documents - SAE J2836™, J2847, J2931, & J2953 - within the Plug-In Electric Vehicle (PEV) Communication Task Force. This follows the initial paper number 2010-01-0837, and continues with the test and modeling of the various PLC types for utility programs described in J2836/1™ & J2847/1. This also extends the communication to an off-board charger, described in J2836/2™ & J2847/2 and includes reverse energy flow described in J2836/3™ and J2847/3. The initial versions of J2836/1™ and J2847/1 were published early 2010. J2847/1 has now been re-opened to include updates from comments from the National Institute of Standards Technology (NIST) Smart Grid Interoperability Panel (SGIP), Smart Grid Architectural Committee (SGAC) and Cyber Security Working Group committee (SCWG).

Multiple approaches have been created to enhance intra-vehicle communications security over the past three decades since the introduction of the Controller Area Network (CAN) protocol. The twin pair differential-mode communications bus is tremendously robust in the face of interference, yet physical access to the bus offers a variety of potential attack vectors whereby false messages and/or denial of service are achievable. This paper evaluates extensions of a Physical-layer (PHY) common-mode watermark-based authentication technique recently developed to improve authentication on the CAN bus by considering the watermark as a side-channel communications means for high value information. We also propose and analyze higher layer algorithms, with benefits and pitfalls, for employing the watermark as a physical-layer firewall.

CAN bus network proved to be efficient and dynamic for small compact cars as well as heavy-duty vehicles (HDV). However, HDVs are more susceptible to malicious attacks due to lack of security in their intra-vehicle communication protocols. SAE proposed a new standard named J1939-91C for CAN-FD networks which provides methods for establishing trust and securing mutual messages with optional encryption. J1939-91C ensures message authenticity, integrity, and confidentiality by implementing complex cryptographic operations including hash functions and random key generation. In this paper, the three main phases of J1939-91C, i.e., Network Formation, Rekeying, and Message Exchange, are simulated and tested on Electronic Control Units (ECUs) supporting CAN-FD network. Numerous test vectors were generated and validated to support SAE J1939-91C. The mentioned vectors were produced by simulating different encryption and hashing algorithms with variable message and key lengths.

In recent years, with increase in external connectivity (V2X, telematics, mobile projection, BYOD) the automobile is becoming a target of cyberattacks and intrusions. Any such intrusion reduces customer trust in connected cars and negatively impacts brand image (like the recent Jeep Cherokee hack). To protect against intrusion, several mechanisms are available. These range from a simple secure CAN to a specialized symbiote defense software. A few systems (e.g. V2X) implement detection of an intrusion (defined as a misbehaving entity). However, most of the mechanisms require a system-wide change which adds to the cost and negatively impacts the performance. In this paper, we are proposing a practical and scalable approach to intrusion detection. Some benefits of our approach include use of existing security mechanisms such as TrustZone® and watermarking with little or no impact on cost and performance. In addition, our approach is scalable and does not require any system-wide changes.

To help address the issue of message authentication on the Controller Area Network (CAN) bus, researchers at Virginia Tech and Ford Motor Company have developed a proof-of-concept time-evolving watermark-based authentication mechanism that offers robust, cryptographically controlled confirmation of a CAN message's authenticity. This watermark is injected as a common-mode signal on both CAN-HI and CAN-LO bus voltages and has been proven using a low-cost software-defined radio (SDR) testbed. This paper extends prior analysis on the design and proof-of-concept to consider robustness testing over the range of voltages, both steady state drifts and transients, as are commonly witnessed within a vehicle. Overall performance results, along with a dynamic watermark amplitude control, validate the concept as being a practical near-term approach at improving authentication confidence of messages on the CAN bus.

With the development of vehicle intelligence and the Internet of Vehicles, how to protect the safety of the vehicle network system has become a focus issue that needs to be solved urgently. The Controller Area Network (CAN) bus is currently a very widely used vehicle-mounted bus, and its security largely determines the degree of vehicle-mounted information security. The CAN bus lacks adequate protection mechanisms and is vulnerable to external attacks such as replay attacks, modifying attacks, and so on. On the basis of the existing work, this paper proposes an authentication method that combines Hash-based Message Authentication Code (HMAC)-SHA256 and Tiny Encryption Algorithm (TEA) algorithms. This method is based on dynamic identity authentication in challenge/response made and combined with the characteristics of the CAN bus itself as it achieves the identity authentication between the gateway and multiple electronic control units (ECUs).

The new generation vehicles these days are managed by networked controllers. A large portion of the networks is planned with more security which has recently roused researchers to exhibit various attacks against the system. This paper talks about the liabilities of the Controller Area Network (CAN) inside In-vehicle communication protocol and a few potentials that could take due advantage of it. Moreover, this paper presents a few security measures proposed in the present examination status to defeat the attacks. In any case, the fundamental objective of this paper is to feature a comprehensive methodology known as Intrusion Detection System (IDS), which has been a significant device in getting network data in systems over many years. To the best of our insight, there is no recorded writing on a through outline of IDS execution explicitly in the CAN transport network system.

In agriculture industry, increasing use of Vehicle Internet of Things (IoT), telematics and emerging technologies are resulting in smarter machines with connected solutions. Inter and Intra Communication with vehicle to vehicle and inside vehicle - Electronic Control Unit (ECU) to ECU or ECU (Electronic Control Unit) to sensor, requirement for flow of data increased in-turn resulting in increased need for secure communication. In this paper, we focus on functional verification and validation of secure Controller Area Network (CAN) for intra vehicular communication to establish confidentiality, integrity, authenticity, and freshness of data, supporting safety, advanced automation, protection of sensitive data and IP (Intellectual Property) protection. Network security algorithms and software security processes are the layers supporting to achieve our cause.

Autonomous vehicles might one day be able to implement privacy preserving driving patterns which humans may find too difficult to implement. In order to measure the difference between location privacy achieved by humans versus location privacy achieved by autonomous vehicles, this paper measures privacy as trajectory anonymity, as opposed to single location privacy or continuous privacy. This paper evaluates how trajectory privacy for randomized driving patterns could be twice as effective for autonomous vehicles using diverted paths compared to Google Map API generated shortest paths. The result shows vehicles mobility patterns could impact trajectory and location privacy. Moreover, the results show that the proposed metric outperforms both K-anonymity and KDT-anonymity.

Autonomous driving represents the ultimate goal of future automobile development. As a collaborative application that integrates vehicles, road infrastructure, network and cloud, autonomous driving business requires a high-degree dynamic cooperation among multiple resources such as data, computing and communications that are distributed throughout the system. In order to meet the anticipated high demand for resources and performance requirements of autonomous driving, and to ensure the safety and comfort of the vehicle users and pedestrians, a top concern of autonomous driving is to understand the system requirements for resources and conduct an in-depth analysis of the autonomous driving business. In this context, this paper presents a comprehensive analysis of the typical business for autonomous driving and establishes an analysis model for five common capabilities, i.e. collection, transmission, intelligent computing, human-machine interaction (HMI), and security.

Cyber assurance of heavy trucks is a major concern with new designs as well as with supporting legacy systems. Many cyber security experts and analysts are used to working with traditional information technology (IT) networks and are familiar with a set of technologies that may not be directly useful in the commercial vehicle sector. To help connect security researchers to heavy trucks, a remotely accessible testbed has been prototyped for experimentation with security methodologies and techniques to evaluate and improve on existing technologies, as well as developing domain-specific technologies. The testbed relies on embedded Linux-based node controllers that can simulate the sensor inputs to various heavy vehicle electronic control units (ECUs). The node controller also monitors and affects the flow of network information between the ECUs and the vehicle communications backbone.

Android applications have historically faced vulnerabilities to man-in-the-middle attacks due to insecure custom SSL/TLS certificate validation implementations. In response, Google introduced the Network Security Configuration (NSC) as a configuration-based solution to improve the security of certificate validation practices. NSC was initially developed to enhance the security of Android applications by providing developers with a framework to customize network security settings. However, recent studies have shown that it is often not being leveraged appropriately to enhance security. Motivated by the surge in vehicular connectivity and the corresponding impact on user security and data privacy, our research pivots to the domain of mobile applications for vehicles. As vehicles increasingly become repositories of personal data and integral nodes in the Internet of Things (IoT) ecosystem, ensuring their security moves beyond traditional issues to one of public safety and trust.

By looking into the vehicle-infrastructure cooperation (VIC) which is oriented towards intelligent, networked and integrated development, this paper analyzes and proposes the essence and development direction of Intelligent Vehicle Infrastructure Cooperation Systems (I-VICS). With an in-depth analysis of technologies of core importance to VIC and influence factors that constrain VIC development as a whole, the paper comes up with a technological route for VIC, and identifies a direction for vehicle-infrastructure cooperative development that progresses from primary to intermediate cooperation, then to advanced cooperation, and finally to full-fledged cooperation. Policy recommendations aiming at strengthening top-level design, building an integrated vehicle-infrastructure-cloud platform, expediting independence of key techs, building robust standards and regulations for VIC, enhancing workforce development as well as greater efforts at market promotion are put forward.