Zeinab El-Rewini,Karthikeyan Sadatsharan,Daisy Flora Selvaraj,Siby Jose Plathottam,Prakash Ranganathan

DOI: https://doi.org/10.1016/j.vehcom.2019.100214

IF: 6.7

2020-06-01

Vehicular Communications

Abstract:As modern vehicles are capable to connect to an external infrastructure and Vehicle-to-Everything (V2X) communication technologies mature, the necessity to secure communications becomes apparent. There is a very real risk that today's vehicles are subjected to cyber-attacks that target vehicular communications. This paper proposes a three-layer framework (sensing, communication and control) through which automotive security threats can be better understood. The sensing layer is made up of vehicle dynamics and environmental sensors, which are vulnerable to eavesdropping, jamming, and spoofing attacks. The communication layer is comprised of both in-vehicle and V2X communications and is susceptible to eavesdropping, spoofing, man-in-the-middle, and sybil attacks. At the top of the hierarchy is the control layer, which enables autonomous vehicular functionality, including the automation of a vehicle's speed, braking, and steering. Attacks targeting the sensing and communication layers can propagate upward and affect the functionality and can compromise the security of the control layer. This paper provides the state-of-the-art review on attacks and threats relevant to the communication layer and presents countermeasures.

telecommunications,transportation science & technology

lei xue,yangyang liu,tianqi li,kaifa zhao,jianfeng li,le yu,xiapu luo,yajin zhou,guofei gu

2022-01-01

Abstract:Modern vehicles are equipped with many ECUs (Electronic Control Unit) that are connected to the IVN (In-Vehicle Network) for controlling the vehicles. Meanwhile, various interfaces of vehicles, such as OBD-II port, T-Box, sensors, and telematics, implement the interaction between the IVN and external environment. Although rich value-added functionalities can be provided through these interfaces, such as diagnostics and OTA (Over The Air) updates, the adversary may also inject malicious data into IVN, thus causing severe safety issues. Even worse, existing defense approaches mainly focus on detecting the injection attacks launched from IVN, such as malicious/compromised ECUs, by analyzing CAN frames, and cannot defend against the higher layer MIAs (Message Injection Attacks) that can cause abnormal vehicle dynamics. In this paper, we propose a new state-aware abnormal message injection attack defense approach, named SAID. It detects the abnormal data to be injected into IVN by considering the data semantics and the vehicle dynamics and prevents the MIAs launched from devices connected to the vehicles, such as the compromised diagnostic tools and T-boxes. We develop a prototype of SAID for defending against MIAs and evaluate it using both real road data and simulation data. The experimental results show that SAID can defend against more than 99% of the network and service layer attack traffic and all state layer MIAs, effectively enforcing the safety of vehicles.

Nicola Scarano,Luca Mannella,Alessandro Savino,Stefano Di Carlo

2024-07-10

Abstract:The increasing adoption of connectivity and electronic components in vehicles makes these systems valuable targets for attackers. While automotive vendors prioritize safety, there remains a critical need for comprehensive assessment and analysis of cyber risks. In this context, this paper proposes a Social Media Automotive Threat Intelligence (SOCMATI) framework, specifically designed for the emerging field of automotive cybersecurity. The framework leverages advanced intelligence techniques and machine learning models to extract valuable insights from social media. Four use cases illustrate the framework's potential by demonstrating how it can significantly enhance threat assessment procedures within the automotive industry.

Social and Information Networks

Haichun Zhang,Xu Meng,Xiong Zhang,Zhenglin Liu

DOI: https://doi.org/10.3390/s20174900

IF: 3.9

2020-08-30

Sensors

Abstract:The Internet of Things (IoT) is an industry-recognized next intelligent life solution that increases the level of comfort, efficiency, and automation for citizens through numerous sensors, smart devices, and cloud stations connected physically. As an important application scenario of IoT, the Internet of Vehicles (IoV) plays an extremely critical role in the intelligent transportation field. In fact, the In-Vehicle Network of smart vehicles that are recognized as the core roles in intelligent transportation is currently the Controller Area Network (CAN). However, the In-Vehicle CAN bus protocol has several vulnerabilities without any encryption, authentication, or integrity checking, which severely threatens the safety of drivers and passengers. Once malicious attackers hack the vehicular gateway and obtain the access right of the CAN, they may control the vehicle based on the vulnerabilities of the CAN bus protocol. Given the severe security risk of CAN, we proposed the CANsec, a practical In-Vehicle CAN security evaluation tool that simulates malicious attacks according to major attack models to evaluate the security risk of the In-Vehicle CAN. We also show a usage case of the CANsec without knowing any information from the vehicle manufacturer.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Samuel C Hollifield,Pablo Moriano,William L Lambert,Joel Asiamah,Isaac Sikkema,Michael D Iannacone

2023-06-28

Abstract:Radiological material transportation is primarily facilitated by heavy-duty on-road vehicles. Modern vehicles have dozens of electronic control units or ECUs, which are small, embedded computers that communicate with sensors and each other for vehicle functionality. ECUs use a standardized network architecture--Controller Area Network or CAN--which presents grave security concerns that have been exploited by researchers and hackers alike. For instance, ECUs can be impersonated by adversaries who have infiltrated an automotive CAN and disable or invoke unintended vehicle functions such as brakes, acceleration, or safety mechanisms. Further, the quality of security approaches varies wildly between manufacturers. Thus, research and development of after-market security solutions have grown remarkably in recent years. Many researchers are exploring deployable intrusion detection and prevention mechanisms using machine learning and data science techniques. However, there is a gap between developing security system algorithms and deploying prototype security appliances in-vehicle. In this paper, we, a research team at Oak Ridge National Laboratory working in this space, highlight challenges in the development pipeline, and provide techniques to standardize methodology and overcome technological hurdles.

Cryptography and Security,Systems and Control

Colin Urquhart,Xavier Bellekens,Christos Tachtatzis,Robert Atkinson,Hanan Hindy,Amar Seeam

DOI: https://doi.org/10.48550/arXiv.1910.09410

2019-10-21

Cryptography and Security

Abstract:The convergence of information technology and vehicular technologies are a growing paradigm, allowing information to be sent by and to vehicles. This information can further be processed by the Electronic Control Unit (ECU) and the Controller Area Network (CAN) for in-vehicle communications or through a mobile phone or server for out-vehicle communication. Information sent by or to the vehicle can be life-critical (e.g. breaking, acceleration, cruise control, emergency communication, etc. . . ). As vehicular technology advances, in-vehicle networks are connected to external networks through 3 and 4G mobile networks, enabling manufacturer and customer monitoring of different aspects of the car. While these services provide valuable information, they also increase the attack surface of the vehicle, and can enable long and short range attacks. In this manuscript, we evaluate the security of the 2017 Skoda Octavia vRS 4x4. Both physical and remote attacks are considered, the key fob rolling code is successfully compromised, privacy attacks are demonstrated through the infotainment system, the Volkswagen Transport Protocol 2.0 is reverse engineered. Additionally, in-car attacks are highlighted and described, providing an overlook of potentially deadly threats by modifying ECU parameters and components enabling digital forensics investigation are identified.

Mohammad Hamad,Andreas Finkenzeller,Michael Kühr,Andrew Roberts,Olaf Maennel,Vassilis Prevelakis,Sebastian Steinhorst

2024-01-17

Abstract:Autonomous and connected vehicles are rapidly evolving, integrating numerous technologies and software. This progress, however, has made them appealing targets for cybersecurity attacks. As the risk of cyber threats escalates with this advancement, the focus is shifting from solely preventing these attacks to also mitigating their impact. Current solutions rely on vehicle security operation centers, where attack information is analyzed before deciding on a response strategy. However, this process can be time-consuming and faces scalability challenges, along with other issues stemming from vehicle connectivity. This paper proposes a dynamic intrusion response system integrated within the vehicle. This system enables the vehicle to respond to a variety of incidents almost instantly, thereby reducing the need for interaction with the vehicle security operation center. The system offers a comprehensive list of potential responses, a methodology for response evaluation, and various response selection methods. The proposed solution was implemented on an embedded platform. Two distinct cyberattack use cases served as the basis for evaluating the system. The evaluation highlights the system's adaptability, its ability to respond swiftly, its minimal memory footprint, and its capacity for dynamic system parameter adjustments. The proposed solution underscores the necessity and feasibility of incorporating dynamic response mechanisms in smart vehicles. This is a crucial factor in ensuring the safety and resilience of future smart mobility.

Cryptography and Security

Achref Haddaji,Samiha Ayed,Lamia Chaari Fourati

DOI: https://doi.org/10.1016/j.adhoc.2024.103481

IF: 4.816

2024-05-01

Ad Hoc Networks

Abstract:The Internet of Vehicles (IoV) has garnered significant popularity thanks to rapid technological advancements and the widespread availability of the Internet. IoV encompasses vehicles with multiple electronic control units (ECUs) interconnected via advanced intra-vehicle networks. These networks play a crucial role in managing various vehicle functions, with the Controller Area Network (CAN) being of particular significance. However, the increased adoption of intelligent vehicles has also led to a rise in cyberattacks in the intra-vehicular network. These existing vulnerabilities pose significant security and user safety challenges. Extensive efforts have been dedicated to enhancing intra-vehicular network security. Yet, there are open concerns with limited progress made by academic and industry experts on effectively detecting CAN bus attacks. These concerns are essential to ensure intelligent vehicles’ overall security and safety. It requires collaboration between academia, industry, and the development of innovative solutions to fortify vehicular networks against evolving cyber threats. Current intra-vehicular security systems need more robustness and need to consider intelligent methodologies in their proposed works. To overcome all these limitations, This paper introduces a novel intrusion detection framework for in-vehicle networks based on integrating federated learning with transfer learning, improving the detection capabilities of individual vehicles within the network. Our framework employs a trusted authority for secure communication, a cloud server for model distribution and aggregation, and leverages the CAN bus for data collection and training. It guarantees that vehicles start with standardized baseline models and refine them through transfer learning, resulting in a collective intelligence-based final IDS engine for ongoing improvement. We used the Maximum Mean Discrepancy (MMD) to select data from the source domain similar to the target domain. The selected data is more likely to contain patterns and features useful for detecting intrusions in the target domain, leading to better generalization and detection capabilities.

computer science, information systems,telecommunications

Eduardo dos Santos,Andrew Simpson,Dominik Schoop

DOI: https://doi.org/10.4204/EPTCS.271.7

2018-05-15

Abstract:Ensuring a car's internal systems are free from security vulnerabilities is of utmost importance, especially due to the relationship between security and other properties, such as safety and reliability. We provide the starting point for a model-based framework designed to support the security testing of modern cars. We use Communicating Sequential Processes (CSP) to create architectural models of the vehicle bus systems, as well as an initial set of attacks against these systems. While this contribution represents initial steps, we are mindful of the ultimate objective of generating test code to exercise the security of vehicle bus systems. We present the way forward from the models created and consider their potential integration with commercial engineering tools

Cryptography and Security,Software Engineering

Franco Oberti,Alessandro Savino,Ernesto Sanchez,Filippo Parisi,Stefano Di Carlo

DOI: https://doi.org/10.1109/TDMR.2022.3157000

2022-03-07

Abstract:The automobile industry is no longer relying on pure mechanical systems; instead, it benefits from advanced Electronic Control Units (ECUs) in order to provide new and complex functionalities in the effort to move toward fully connected cars. However, connected cars provide a dangerous playground for hackers. Vehicles are becoming increasingly vulnerable to cyber attacks as they come equipped with more connected features and control systems. This situation may expose strategic assets in the automotive value chain. In this scenario, the Controller Area Network (CAN) is the most widely used communication protocol in the automotive domain. However, this protocol lacks encryption and authentication. Consequently, any malicious/hijacked node can cause catastrophic accidents and financial loss. Starting from the analysis of the vulnerability connected to the CAN communication protocol in the automotive domain, this paper proposes EXT-TAURUM P2T a new low-cost secure CAN-FD architecture for the automotive domain implementing secure communication among ECUs, a novel key provisioning strategy, intelligent throughput management, and hardware signature mechanisms. The proposed architecture has been implemented, resorting to a commercial Multi-Protocol Vehicle Interface module, and the obtained results experimentally demonstrate the approach's feasibility.

Cryptography and Security

Jinli Zhong,Suguo Du,Lu Zhou,Haojin Zhu,Fan Cheng,Cailian Chen,Qingshui Xue

DOI: https://doi.org/10.1109/vtcfall.2017.8288289

2017-01-01

Abstract:Controller Area Network (CAN), the de facto standard in-vehicle network protocol, prompts modern automobile an integrated system that achieves real-time interactions with roads, vehicles and people. Yet such connectivity makes it feasible to illegally access, or even attack the CAN, causing not only privacy disclosure, property damage, but also life threat. In this paper, we analyze intrinsic weakness in CAN protocol that is mostly exploited by attackers and comprehensively survey the existing attacks based on CAN interfaces. Furthermore, we propose an attack evaluation system based on attack tree model and Markov chain to assess the probability of compromising CAN and the steady state of CAN system at the presence of these attacks. Finally, we simulate new steady state when altering the difficulty of a certain attack and the results demonstrate that sometimes improving defense of an attack declines the security level of the entire system instead.

Ali Shoker,Vincent Rahli,Jeremie Decouchant,Paulo Esteves-Verissimo

2023-07-09

Abstract:Current vehicular Intrusion Detection and Prevention Systems either incur high false-positive rates or do not capture zero-day vulnerabilities, leading to safety-critical risks. In addition, prevention is limited to few primitive options like dropping network packets or extreme options, e.g., ECU Bus-off state. To fill this gap, we introduce the concept of vehicular Intrusion Resilience Systems (IRS) that ensures the resilience of critical applications despite assumed faults or zero-day attacks, as long as threat assumptions are met. IRS enables running a vehicular application in a replicated way, i.e., as a Replicated State Machine, over several ECUs, and then requiring the replicated processes to reach a form of Byzantine agreement before changing their local state. Our study rides the mutation of modern vehicular environments, which are closing the gap between simple and resource-constrained "real-time and embedded systems", and complex and powerful "information technology" ones. It shows that current vehicle (e.g., Zonal) architectures and networks are becoming plausible for such modular fault and intrusion tolerance solutions,deemed too heavy in the past. Our evaluation on a simulated Automotive Ethernet network running two state-of-the-art agreement protocols (Damysus and Hotstuff) shows that the achieved latency and throughout are feasible for many Automotive applications.

Cryptography and Security,Distributed, Parallel, and Cluster Computing,Networking and Internet Architecture,Systems and Control

Omid Avatefipour,Hafiz Malik

DOI: https://doi.org/10.48550/arXiv.1802.01725

2018-02-06

Abstract:Nowadays with the help of advanced technology, modern vehicles are not only made up of mechanical devices but also consist of highly complex electronic devices and connections to the outside world. There are around 70 Electronic Control Units (ECUs) in modern vehicle which are communicating with each other over the standard communication protocol known as Controller Area Network (CAN-Bus) that provides the communication rate up to 1Mbps. There are different types of in-vehicle network protocol and bus system namely Controlled Area Network (CAN), Local Interconnected Network (LIN), Media Oriented System Transport (MOST), and FlexRay. Even though CAN-Bus is considered as de-facto standard for in-vehicle network communication, it inherently lacks the fundamental security features by design like message authentication. This security limitation has paved the way for adversaries to penetrate into the vehicle network and do malicious activities which can pose a dangerous situation for both driver and passengers. In particular, nowadays vehicular networks are not only closed systems, but also they are open to different external interfaces namely Bluetooth, GPS, to the outside world. Therefore, it creates new opportunities for attackers to remotely take full control of the vehicle. The objective of this research is to survey the current limitations of CAN-Bus protocol in terms of secure communication and different solutions that researchers in the society of automotive have provided to overcome the CAN-Bus limitation on different layers.

Cryptography and Security

Mahdi Dibaei,Xi Zheng,Kun Jiang,Sasa Maric,Robert Abbas,Shigang Liu,Yuexin Zhang,Yao Deng,Sheng Wen,Jun Zhang,Yang Xiang,Shui Yu

DOI: https://doi.org/10.48550/arXiv.1907.07455

2019-07-17

Cryptography and Security

Abstract:Cyber security is one of the most significant challenges in connected vehicular systems and connected vehicles are prone to different cybersecurity attacks that endanger passengers' safety. Cyber security in intelligent connected vehicles is composed of in-vehicle security and security of inter-vehicle communications. Security of Electronic Control Units (ECUs) and the Control Area Network (CAN) bus are the most significant parts of in-vehicle security. Besides, with the development of 4G LTE and 5G remote communication technologies for vehicle-toeverything (V2X) communications, the security of inter-vehicle communications is another potential problem. After giving a short introduction to the architecture of next-generation vehicles including driverless and intelligent vehicles, this review paper identifies a few major security attacks on the intelligent connected vehicles. Based on these attacks, we provide a comprehensive survey of available defences against these attacks and classify them into four categories, i.e. cryptography, network security, software vulnerability detection, and malware detection. We also explore the future directions for preventing attacks on intelligent vehicle systems.

Qi Liu,Xingyu Li,Ke Sun,Yufeng Li,Yanchen Liu

2024-02-21

Abstract:Scalable service-Oriented Middleware over IP (SOME/IP) is an Ethernet communication standard protocol in the Automotive Open System Architecture (AUTOSAR), promoting ECU-to-ECU communication over the IP stack. However, SOME/IP lacks a robust security architecture, making it susceptible to potential attacks. Besides, random hardware failure of ECU will disrupt SOME/IP communication. In this paper, we propose SISSA, a SOME/IP communication traffic-based approach for modeling and analyzing in-vehicle functional safety and cyber security. Specifically, SISSA models hardware failures with the Weibull distribution and addresses five potential attacks on SOME/IP communication, including Distributed Denial-of-Services, Man-in-the-Middle, and abnormal communication processes, assuming a malicious user accesses the in-vehicle network. Subsequently, SISSA designs a series of deep learning models with various backbones to extract features from SOME/IP sessions among ECUs. We adopt residual self-attention to accelerate the model's convergence and enhance detection accuracy, determining whether an ECU is under attack, facing functional failure, or operating normally. Additionally, we have created and annotated a dataset encompassing various classes, including indicators of attack, functionality, and normalcy. This contribution is noteworthy due to the scarcity of publicly accessible datasets with such characteristics.Extensive experimental results show the effectiveness and efficiency of SISSA.

Cryptography and Security,Machine Learning,Networking and Internet Architecture

Timo Häckel,Philipp Meyer,Lukas Stahlbock,Falk Langer,Sebastian A. Eckhardt,Franz Korf,Thomas C. Schmidt

2023-10-16

Abstract:Connected vehicles are vulnerable to manipulation and a broad attack surface can be used to intrude in-vehicle networks from anywhere on earth. In this work, we present an integrated security infrastructure comprising network protection, monitoring, incident management, and counteractions, which we built into a prototype based on a production car. Our vehicle implements a Software-Defined Networking Ethernet backbone to restrict communication routes, network anomaly detection to make misbehavior evident, virtual controller functions to enable agile countermeasures, and an automotive cloud defense center to analyse and manage incidents on vehicle fleets. We present first measurements and lessons learned from operating the prototype: many network attacks can be prevented through software-defined access control in the backbone; anomaly detection can reliably detect misbehavior but needs to improve on false positive rate; controller virtualization needs tailored frameworks to meet in-car requirements; and cloud defence enables fleet management and advanced countermeasures. Our findings indicate attack mitigation times in the vehicle from 257 ms to 328 ms and from 2,168 ms to 2,713 ms traversing the cloud.

Cryptography and Security,Networking and Internet Architecture

Mhafuzul Islam,Mashrur Chowdhury,Hongda Li,Hongxin Hu

DOI: https://doi.org/10.48550/arXiv.1711.10651

2017-11-29

Networking and Internet Architecture

Abstract:A connected vehicle (CV) environment is composed of a diverse data collection, data communication and dissemination, and computing infrastructure systems that are vulnerable to the same cyberattacks as all traditional computing environments. Cyberattacks can jeopardize the expected safety, mobility, energy, and environmental benefits from connected vehicle applications. As cyberattacks can lead to severe traffic incidents, it has become one of the primary concerns in connected vehicle applications. In this paper, we investigate the impact of cyberattacks on the vehicle-to-infrastructure (V2I) network from a V2I application point of view. Then, we develop a novel V2I cybersecurity architecture, named CVGuard, which can detect and prevent cyberattacks on the V2I environment. In designing CVGuard, key challenges, such as scalability, resiliency and future usability were considered. A case study using a distributed denial of service (DDoS) on a V2I application, i.e., the Stop Sign Gap Assist (SSGA) application, shows that CVGuard was effective in mitigating the adverse effects created by a DDoS attack. In our case study, because of the DDoS attack, conflicts between the minor and major road vehicles occurred in an unsignalized intersection, which could have caused potential crashes. A reduction of conflicts between vehicles occurred because CVGuard was in operation. The reduction of conflicts was compared based on the number of conflicts before and after the implementation and operation of the CVGuard security platform. Analysis revealed that the strategies adopted by the CVGuard were successful in reducing the inter-vehicle conflicts by 60% where a DDoS attack compromised the SSGA application at an unsignalized intersection.

Akwasi Adu-Kyere,Ethiopia Nigussie,Jouni Isoaho

DOI: https://doi.org/10.3390/s23218817

2023-10-30

Abstract:The inherent dynamism of recent technological advancements in intelligent vehicles has seen multitudes of noteworthy security concerns regarding interactions and data. As future mobility embraces the concept of vehicles-to-everything, it exacerbates security complexities and challenges concerning dynamism, adaptiveness, and self-awareness. It calls for a transition from security measures relying on static approaches and implementations. Therefore, to address this transition, this work proposes a hierarchical self-aware security architecture that effectively establishes accountability at the system level and further illustrates why such a proposed security architecture is relevant to intelligent vehicles. The article provides (1) a comprehensive understanding of the self-aware security concept, with emphasis on its hierarchical security architecture that enables system-level accountability, and (2) a deep dive into each layer supported by algorithms and a security-specific in-vehicle black box with external virtual security operation center (VSOC) interactions. In contrast to the present in-vehicle security measures, this architecture introduces characteristics and properties that enact self-awareness through system-level accountability. It implements hierarchical layers that enable real-time monitoring, analysis, decision-making, and in-vehicle and remote site integration regarding security-related decisions and activities.

Masoud Ebrahimi,Stefan Marksteiner,Dejan Ničković,Roderick Bloem,David Schögler,Philipp Eisner,Samuel Sprung,Thomas Schober,Sebastian Chlup,Christoph Schmittner,Sandra König

DOI: https://doi.org/10.1007/978-3-031-27481-7_34

2023-04-17

Abstract:We propose a holistic methodology for designing automotivesystems that consider security a central concern at every design stage.During the concept design, we model the system architecture and definethe security attributes of its components. We perform threat analysis onthe system model to identify structural security issues. From that analysis,we derive attack trees that define recipes describing steps to successfullyattack the system's assets and propose threat prevention measures.The attack tree allows us to derive a verification and validation (V&V)plan, which prioritizes the testing effort. In particular, we advocate usinglearning for testing approaches for the black-box components. It consistsof inferring a finite state model of the black-box component from its executiontraces. This model can then be used to generate new relevanttests, model check it against requirements, and compare two differentimplementations of the same protocol. We illustrate the methodologywith an automotive infotainment system example. Using the advocated approach, we could also document unexpected and potentially criticalbehavior in our example systems.

Cryptography and Security

Fahad Siddiqui,Matthew Hagan,Sakir Sezer

DOI: https://doi.org/10.48550/arXiv.2004.10672

2020-04-17

Cryptography and Security

Abstract:The emergence of intelligent, connected vehicles, containing complex functionality has potential to greatly benefit society by improving safety, security and efficiency of vehicular transportation. Much of this has been enabled by technological advancements in embedded system architectures, which provided opportunities for vehicle manufacturers to implement intelligent vehicle services and consolidate them within a small number of flexible and integrable domain controllers. Thus allowing for increasingly centralised operations consisting of both new and legacy functionalities. While this era of digital-physical convergence of critical and non-critical vehicle services presents advantages in terms of reducing the cost and electronic footprint of vehicular electronics, it has produced significant security and safety challenges. One approach to this research problem is to introduce fail-over mechanisms that can detect unexpected or malicious behaviours, caused by attack or malfunction, and pro-actively respond to control and minimise physical damage or safety hazards. This paper presents a novel embedded policing and policy enforcement platform architecture and the accompanied security modelling approach for next-generation in-vehicle domain controllers. To demonstrate the proposed approach, a connected vehicle case study is conducted. A realistic attack scenarios have been considered to derive security policies and enforced by the proposed security platform to provide security and safety to domain-specific features.