CONTROLLER AREA NETWORK (CAN) DEEP PACKET INSPECTION. Görkem Batmaz, Systems Engineer Ildikó Pete, Systems Engineer 28 th March, 2018

Size: px
Start display at page:

Download "CONTROLLER AREA NETWORK (CAN) DEEP PACKET INSPECTION. Görkem Batmaz, Systems Engineer Ildikó Pete, Systems Engineer 28 th March, 2018"

Transcription

1 CONTROLLER AREA NETWORK (CAN) DEEP PACKET INSPECTION Görkem Batmaz, Systems Engineer Ildikó Pete, Systems Engineer 28 th March, 2018

2 Car Hacking Immediately my accelerator stopped working. As I frantically pressed the pedal and watched the RPMs climb, the Jeep lost half its speed, then slowed to a crawl. (Andy Greenberg, Wired) 2014 Jeep Cherokee (remote attack) Engage brakes, Take control of steering

3 Agenda AUTOMOTIVE SECURITY Connectivity in Modern Vehicles Controller Area Network (CAN) Vulnerabilities CAN ATTACKS Attack Types Detection & Prevention CAN ANOMALY DETECTOR Data Approach RESULTS & CONCLUSIONS Discussion of Results 3

4 Automotive Security Results & Conclusions 1 Vehicle to Vehicle Communication Engine Control Unit Internet Telematics Increasing Complexity & functionality Transmission Control Unit 2 Interconnectedness Infotainment Results and Conclusions TPMS OBD-II Figure1. Some connections of a modern car 4

5 Controller Area Network (CAN) Security

6 Automotive Security Results & Conclusions CAN Characteristics Message types: Information, Diagnostic Message exchange: Broadcast Message-based protocol, no addressing Arbitration method to resolve priorities Figure2. The CAN network 6

7 Automotive Security Results & Conclusions CAN Vulnerabilities Confidentiality Every message sent on CAN is broadcast to every node Eavesdropping Authenticity Lack of sender authentication Masquerading Results and Conclusions Arbitration rules (high priority messages) Denial of Service Availability Non Repudiation No mechanisms to prove an ECU sent or received a message 7

8 Automotive Security Results & Conclusions Most Critical Attack Types on CAN REPLAY INJECTION DOS Replace message CAN Anomaly contents Detector with some pre-recorded values Inject false messages appearing to be legitimate Flood the network 8

9 Tamper detection Automotive Security Results & Conclusions Detection & Prevention Over-the-air updates Device identification C RY P TO G R A P H I C S E R V I C E S ANOMALY DETECTION ECU software integrity A N T I - M A LWA R E Results and Conclusions Secure boot 9

10 Automotive Security Results & Conclusions Anomaly Detection Finding unusual patterns in data that do not conform to expected behavior E.g. fraud detection Results and Conclusions 10

11 Automotive Security Results & Conclusions Types of Anomalies Point Anomaly Collective Anomaly Contextual (Conditional) Anomaly E.g. vehicle CAN Anomaly speed is 500 Detector miles/hour E.g. vehicle speed is 80 miles/hour & steering wheel angle is 90 degrees E.g. vehicle speed changes from 50 miles/hour to 80 miles/hour in less than X seconds Results and Conclusions 11

12 Controller Area Network (CAN) Anomaly Detector Controller Area Network (CAN) Security 12

13 Automotive Security Results & Conclusions Detect security-related CAN network anomalies resulting from malicious activities Attacks: Injection, Replay Anomalies: Contextual 13

14 Automotive Security Results & Conclusions CAN Frame CAN Message Start of Frame CAN ID RTR Control Data CRC ACK End of Frame 1 bit 11 or 29 bits 1 bit 6 bits 0-64 bits 16 bits 2 bits 7 bits 14

15 Automotive Security Results & Conclusions The Dataset: BB8 CAN flow Timestamp MessageID Length PAYLOAD BYTE 0 BYTE 1 BYTE 2 BYTE 3 BYTE 4 BYTE 5 BYTE 6 BYTE W-Speed Results and Conclusions SUSPENSION ROLL&YAW ACCELERATION 15

16 Automotive Security Results & Conclusions Constraints Multiple ECUs on the CAN BUS Solutions Message ID Selection Unstructured Data Content Extraction Power/Performance Recurrent Neural Networks (RNNs) 16

17 Automotive Security Results & Conclusions Security Solution CAN BUS Policy Handler CAN Firewall Message ID selector & Content Extractor 1 st NNs Errors 2 nd NN Output: Probability of an attack Contextual Anomaly Detection Stage 2 Detection 17

18 Automotive Security Results & Conclusions Recurrent Neural Network (RNN) Hidden Input Output 18

19 Automotive Security Results & Conclusions Recurrent Neural Network (RNN) Hidden t0 Hidden t1 Hidden t2 Hidden t3 Output Input t0 Input t1 Input t2 Input t3 19

20 Automotive Security Results & Conclusions CAN BUS Input (t) Long Short Term Memory Cell (LSTM) CAN BUS Input (t+1) Hidden (t-1) Forget gate> Sigmoid Hidden (t) Input Gate> Sigmoid Input Forget Cell Output C Next Step Output gate> Sigmoid Memory (t-1) Memory (t) 20

21 Automotive Security Results & Conclusions Dense Layer DENSE LAYER OUTPUT DENSE LAYER OUTPUT LSTM CELL LSTM CELL.. 21

22 Errors Automotive Security Results & Conclusions Contextual Anomaly Detection Work Flow Binary Training (Titan X) Hyperparameters Pre- Processing Model HDF Results and Conclusions Custom error metric Inference Input for Second Stage 22

23 Automotive Security Results & Conclusions Contextual Anomaly Detection Work Flow-2 nd Stage Errors from 1 st NNs Training (Titan X) Inference Model HDF Hyperparameters Results and Conclusions Probability of an Attack 23

24 Automotive Security Results & Conclusions Training Architecture DATA SOURCE CAN DATA FRAMEWORKS Keras Model Hyperparameters TensorFlow NVIDIA GPU TITAN X 24

25 Automotive Security Results & Conclusions Production Architecture DATA SOURCE CAN FLOW FRAMEWORK Probability of an Attack Model TensorRT NVIDIA DRIVE GPU 25

26 Model Evaluation Using Sensitivity & Specificity True Positives (Anomalies) caught True Negatives allowed

27 Automotive Security Results & Conclusions X axis: Deviation RESULTS Y axis: Frequency of errors Median of Positives: 7.82 Median of Negatives: 0.04 Figure 3. Histogram Error values output by the 2 nd NN 27

28 Automotive Security Results & Conclusions X axis: Deviation RESULTS Y axis: Frequency of errors Sensitivity: 0.87 Specificity: 0.94 Figure 4. Histogram Error values output by the 2 nd NN 28

29 Automotive Security Results & Conclusions Results Per Attack Type Injection attacks DISCUSSION Total: 37 Replay attacks Total: 42 Detected: 32 Detected: 37 29

30 Automotive Security Results & Conclusions Conclusion A wall between Autonomous-Driving Software and the unsecured CAN-BUS DISCUSSION Low inference computational cost Fast response Offline training Future Work 30

31 THANK YOU QUESTIONS?

32 References [1] Ivan Studnia, Vincent Nicomette, Eric Alata, Yves Deswarte, Mohamed Kaâniche, Youssef Laarouchi Survey on security threats and protection mechanisms in embedded automotive networks Retrieved: [2] Automotive Security Best Practices Retrieved: [3] Sasan Jafarnejad, Lara Codeca, Walter Bronzi, Raphael Frank, Thomas Engel A Car Hacking Experiment: When Connectivity meets Vulnerability [4] Stephen Checkoway, Damon McCoy, Brian Kantor, Danny Anderson, Hovav Shacham, and Stefan Savage Comprehensive Experimental Analyses of Automotive Attack Surfaces Retrieved: [5] Automtive CAN Bus System Explained Retrieved: [6] Charlie Miller, Chris Valasek. Adventures in Automotive Networks and Control Units Retrieved: [7] Varun Chandola, Arindam Banarjee, Vipin Kumar Anomaly Detection: A Survey Retrieved: [8] Dhruba K. Bhattacharyya, Jugal Kumar Kalita Network Anomaly Detection A machine learning perspective 32

33 Images Figure1. Connections of a modern car Figure 2. CAN network Figure 3. Histogram Error values output by the 2nd NN Figure 4. Histogram Error values output by the 2nd NN 33

34 APPENDICES

35 Equations in a LSTM Cell without the dense layer.

Embedded Automotive Systems Security:

Embedded Automotive Systems Security: The 3 rd International Workshop on Safety and Security of Intelligent Vehicles (SSIV) June 26, 2017 Embedded Automotive Systems Security: A language-based Intrusion Detection Approach Mohamed Kaâniche

More information

Experimental Security Analysis of a Modern Automobile

Experimental Security Analysis of a Modern Automobile Experimental Security Analysis of a Modern Automobile Matthias Lange TU Berlin June 29th, 2010 Matthias Lange (TU Berlin) Experimental Security Analysis of a Modern Automobile June 29th, 2010 1 / 16 Paper

More information

Automotive Intrusion Detection Based on Constant CAN Message Frequencies Across Vehicle Driving Modes

Automotive Intrusion Detection Based on Constant CAN Message Frequencies Across Vehicle Driving Modes Automotive Intrusion Detection Based on Constant CAN Message Frequencies Across Vehicle Driving Modes Clinton Young Iowa State University Department of Electrical and Computer Engineering cwyoung@iastate.edu

More information

Security Analysis of modern Automobile

Security Analysis of modern Automobile Security Analysis of modern Automobile Dixit Verma Department of Electrical & Computer Engineering Missouri University of Science and Technology dv6cb@mst.edu 20 Apr 2017 Outline Introduction Attack Surfaces

More information

Modern Automotive Vulnerabilities: Causes, Disclosure & Outcomes Stefan Savage UC San Diego

Modern Automotive Vulnerabilities: Causes, Disclosure & Outcomes Stefan Savage UC San Diego Modern Automotive Vulnerabilities: Causes, Disclosure & Outcomes Stefan Savage UC San Diego Steve Checkoway, Damon McCoy, Brian Kantor, Danny Anderson, Hovav Shacham, Stefan Savage (UCSD) Karl Koscher,

More information

Some example UW security lab projects, related to emerging technologies. Tadayoshi Kohno CSE 484, University of Washington

Some example UW security lab projects, related to emerging technologies. Tadayoshi Kohno CSE 484, University of Washington Some example UW security lab projects, related to emerging technologies Tadayoshi Kohno CSE 484, University of Washington Wireless Implantable Medical Devices Computation and wireless capabilities lead

More information

Computer Security and the Internet of Things

Computer Security and the Internet of Things Computer Security and the Internet of Things Tadayoshi Kohno Computer Science & Engineering University of Washington At USENIX Enigma, January 2016 The Internet of Things Door Locks Thermostats Furnaces

More information

Field Classification, Modeling and Anomaly Detection in Unknown CAN Bus Networks

Field Classification, Modeling and Anomaly Detection in Unknown CAN Bus Networks Field Classification, Modeling and Anomaly Detection in Unknown CAN Bus Networks Moti Markovitz Tel Aviv University motimark@gmail.com Avishai Wool Tel Aviv University yash@eng.tau.ac.il October 13, 2015

More information

Security Issues in Controller Area Networks in Automobiles

Security Issues in Controller Area Networks in Automobiles Security Issues in Controller Area Networks in Automobiles Robert Buttigieg, Mario Farrugia and Clyde Meli University of Malta Msida Malta mario.a.farrugia@um.edu.mt Abstract Modern vehicles may contain

More information

Securing the Autonomous Automobile

Securing the Autonomous Automobile Securing the Autonomous Automobile Sridhar Iyengar Vice President, Intel Labs Intel Corporation CROSSING Conference May 15-17 2017 Legal Notices and disclaimers This presentation contains the general insights

More information

Anomaly Detection Approach Using Adaptive Cumulative Sum Algorithm for Controller Area Network

Anomaly Detection Approach Using Adaptive Cumulative Sum Algorithm for Controller Area Network Anomaly Detection Approach Using Adaptive Cumulative Sum Algorithm for Controller Area Network Habeeb Olufowobi habeeb.olufowobi@howard.edu Gaylon Robinson gaylon.robinson@howard.edu Uchenna Ezeobi uchenna.ezeobi@howard.edu

More information

How to Hack Your Mini Cooper: Reverse Engineering CAN Messages on Passenger Automobiles

How to Hack Your Mini Cooper: Reverse Engineering CAN Messages on Passenger Automobiles How to Hack Your Mini Cooper: Reverse Engineering CAN Messages on Passenger Automobiles Jason Staggs Who is this guy? Jason Staggs Graduate Research Assistant Institute for Information Security (isec)

More information

Development of Intrusion Detection System for vehicle CAN bus cyber security

Development of Intrusion Detection System for vehicle CAN bus cyber security Development of Intrusion Detection System for vehicle CAN bus cyber security Anastasia Cornelio, Elisa Bragaglia, Cosimo Senni, Walter Nesci Technology Innovation - SSEC 14 Workshop Automotive SPIN Italia

More information

University of Tartu. Research Seminar in Cryptography. Car Security. Supervisor: Dominique Unruh. Author: Tiina Turban

University of Tartu. Research Seminar in Cryptography. Car Security. Supervisor: Dominique Unruh. Author: Tiina Turban University of Tartu Research Seminar in Cryptography Car Security Author: Tiina Turban Supervisor: Dominique Unruh December 16, 2013 1 Introduction Cars these days are becoming more and more computerized.

More information

Security and Privacy challenges in Automobile Systems

Security and Privacy challenges in Automobile Systems Security and Privacy challenges in Automobile Systems Sandip Kundu National Science Foundation on leave from University of Massachusetts, Amherst Automotive Security Breaches Present: Multiple breaches

More information

Security Concerns in Automotive Systems. James Martin

Security Concerns in Automotive Systems. James Martin Security Concerns in Automotive Systems James Martin Main Questions 1. What sort of security vulnerabilities do modern cars face today? 2. To what extent are external attacks possible and practical? Background

More information

Car Hacking for Ethical Hackers

Car Hacking for Ethical Hackers Car Hacking for Ethical Hackers Dr. Bryson Payne, GPEN, CEH, CISSP UNG Center for Cyber Operations (CAE-CD) 2016-2021 Languages Leadership Cyber Why Car Hacking? Internet-connected and self-driving cars

More information

Secure Software Update for ITS Communication Devices in ITU-T Standardization

Secure Software Update for ITS Communication Devices in ITU-T Standardization Secure Software Update for ITS Communication Devices in ITU-T Standardization Masashi, Eto Senior Researcher, Cybersecurity Laboratory, Network Security Research Institute, NICT, Japan 1 Background Outline

More information

Adversary Models. CPEN 442 Introduction to Computer Security. Konstantin Beznosov

Adversary Models. CPEN 442 Introduction to Computer Security. Konstantin Beznosov Adversary Models CPEN 442 Introduction to Computer Security Konstantin Beznosov why we need adversary models? attacks and countermeasures are meaningless without 2 elements of an adversary model objectives

More information

It is advisable to refer to the publisher s version if you intend to cite from the work.

It is advisable to refer to the publisher s version if you intend to cite from the work. Article Driving with Sharks: Rethinking Connected Vehicles with Vehicle Cyber Security Hashem Eiza, Mahmoud and Ni, Qiang Available at http://clok.uclan.ac.uk/17061/ Hashem Eiza, Mahmoud ORCID: 0000 0001

More information

Securing the Connected Car. Eystein Stenberg Product Manager Mender.io

Securing the Connected Car. Eystein Stenberg Product Manager Mender.io Securing the Connected Car Eystein Stenberg Product Manager Mender.io The software defined car Electronics Telematics Infotainment Connected Assisted driving Autonomous Hardware enabled Software enabled

More information

Securing the Connected Car. Eystein Stenberg CTO Mender.io

Securing the Connected Car. Eystein Stenberg CTO Mender.io Securing the Connected Car Eystein Stenberg CTO Mender.io The software defined car Electronics Telematics Infotainment Connected Assisted driving Autonomous Hardware enabled Software enabled Software defined

More information

An Experimental Analysis of the SAE J1939 Standard

An Experimental Analysis of the SAE J1939 Standard Truck Hacking: An Experimental Analysis of the SAE J1939 Standard 10th USENIX Workshop On Offensive Technologies (WOOT 16) Liza Burakova, Bill Hass, Leif Millar & Andre Weimerskirch Are trucks more secure

More information

Countermeasures against Cyber-attacks

Countermeasures against Cyber-attacks Countermeasures against Cyber-attacks Case of the Automotive Industry Agenda Automotive Basics ECU, domains, CAN Automotive Security Motivation, trends Hardware and Software Security EVITA, SHE, HSM Secure

More information

Automotive Anomaly Monitors and Threat Analysis in the Cloud

Automotive Anomaly Monitors and Threat Analysis in the Cloud Automotive Anomaly Monitors and Threat Analysis in the Cloud Dr. André Weimerskirch Vector Automotive Cyber Security Symposium October 12, 2017 Cybersecurity Components Secure Internal & External Communications

More information

Cross-Domain Security Issues for Connected Autonomous Vehicles

Cross-Domain Security Issues for Connected Autonomous Vehicles Cross-Domain Security Issues for Connected Autonomous Vehicles Anthony Lopez, Mohammad Al Faruque Advanced Integrated Cyber -Physical Systems Lab 1 Outline Overview on Connected Vehicle Security Ongoing

More information

CAN Bus Risk Analysis Revisit

CAN Bus Risk Analysis Revisit CAN Bus Risk Analysis Revisit Hafizah Mansor, Konstantinos Markantonakis, Keith Mayes To cite this version: Hafizah Mansor, Konstantinos Markantonakis, Keith Mayes. CAN Bus Risk Analysis Revisit. David

More information

Context-aware Automotive Intrusion Detection

Context-aware Automotive Intrusion Detection Context-aware Automotive Intrusion Detection Armin Wasicek 1 Mert D.Pesé 2, André Weimerskirch 2, Yelizaveta Burakova 2, Karan Singh 2 1 Technical University Vienna, Austria 2 University of Michigan ESCAR

More information

Spoofing Attack on Clock Based Intrusion Detection System in Controller Area Networks

Spoofing Attack on Clock Based Intrusion Detection System in Controller Area Networks 2018 NDIA GROUND VEHICLE SYSTEMS ENGINEERING AND TECHNOLOGY SYMPOSIUM MODELING & SIMULATION, TESTING AND VALIDATION (MSTV) TECHNICAL SESSION AUGUST 7-9, 2018 - NOVI, MICHIGAN Spoofing Attack on Clock Based

More information

Automotive Cyber Security

Automotive Cyber Security Automotive Cyber Security Rajeev Shorey (Ph.D.) Principal Scientist TCS Innovation Labs Cincinnati, USA & Bangalore, India Copyright 2013 Tata Consultancy Services Limited Connected Vehicles Chennai, 18

More information

Christoph Schmittner, Zhendong Ma, Paul Smith

Christoph Schmittner, Zhendong Ma, Paul Smith FMVEA for Safety and Security Analysis of Intelligent and Cooperative Vehicles 1st International workshop on the Integration of Safety and Security Engineering (ISSE 14) Christoph Schmittner, Zhendong

More information

Cyber-physical intrusion detection on a robotic vehicle

Cyber-physical intrusion detection on a robotic vehicle WIFS 2015 The 7th IEEE International Workshop on Information Forensics and Security Rome, Italy, 16-19 November, 2015 Cyber-physical intrusion detection on a robotic vehicle Tuan Vuong, George Loukas and

More information

Fast and Vulnerable A Story of Telematic Failures

Fast and Vulnerable A Story of Telematic Failures Fast and Vulnerable A Story of Telematic Failures Center for Automotive Embedded Systems Security Ian Foster, Andrew Prudhomme, Karl Koscher, and Stefan Savage Telematic Control Units Connects to car s

More information

Automobile Intrusion Detection. Jun Li UnicornTeam Qihoo360

Automobile Intrusion Detection. Jun Li UnicornTeam Qihoo360 Automobile Intrusion Detection Jun Li Twitter @bravo_fighter UnicornTeam Qihoo360 2 What this talk is about? Automotive intrusion detection Automotive cyber-security architecture From the highest viewpointj

More information

MATLAB Expo Simulation Based Automotive Communication Design using MATLAB- SimEvent. Sudhakaran M Anand H General Motors

MATLAB Expo Simulation Based Automotive Communication Design using MATLAB- SimEvent. Sudhakaran M Anand H General Motors MATLAB Expo 2013 Simulation Based Automotive Communication Design using MATLAB- SimEvent Sudhakaran M Anand H General Motors 1 Agenda Introduction Different Analysis Methods Analytical vs. Simulation Approach

More information

OTIDS: A Novel Intrusion Detection System for In-vehicle Network by using Remote Frame

OTIDS: A Novel Intrusion Detection System for In-vehicle Network by using Remote Frame OTIDS: A Novel Intrusion Detection System for In-vehicle Network by using Remote Frame Hyunsung Lee Korea University Seoul, Korea Email: line@korea.ac.kr Seong Hoon Jeong Korea University Seoul, Korea

More information

13W-AutoSPIN Automotive Cybersecurity

13W-AutoSPIN Automotive Cybersecurity 13W-AutoSPIN Automotive Cybersecurity Challenges and opportunities Alessandro Farsaci (CNH industrial) Cosimo Senni (Magneti Marelli) Milan, Italy November 12th, 2015 Agenda Automotive Cybersecurity Overview

More information

Secure Ethernet Communication for Autonomous Driving. Jared Combs June 2016

Secure Ethernet Communication for Autonomous Driving. Jared Combs June 2016 Secure Ethernet Communication for Autonomous Driving Jared Combs June 2016 Agenda Motivation for Security The Multi-Level Security Architecture Proposal Level 1: Restrict access to the network Level 2:

More information

ITU activities on secure vehicle software updates

ITU activities on secure vehicle software updates Submitted by the expert form ITU Document No. ITS/AD-08-08 (8 th ITS/AD, 9 March 2016, agenda item 4) ITU activities on secure vehicle software updates 8 th meeting of IWG ITS/AD 9 March 2016 T.Russell

More information

Systems and Network Security (NETW-1002)

Systems and Network Security (NETW-1002) Systems and Network Security (NETW-1002) Dr. Mohamed Abdelwahab Saleh IET-Networks, GUC Spring 2017 Course Outline Basic concepts of security: Attacks, security properties, protection mechanisms. Basic

More information

Convergence of Safety, Systems & Cybersecurity Bill StClair, Director, LDRA, US Operations

Convergence of Safety, Systems & Cybersecurity Bill StClair, Director, LDRA, US Operations Convergence of Safety, Systems & Cybersecurity Bill StClair, Director, LDRA, US Operations Agenda Nexus of Safety and Cybersecurity Separation and Connectivity Trends in Aerospace Cybersecurity Isn t Security

More information

USBCAN-OBD. USB to CAN adapter. User Manual. Document version 3.01 (2015/04/22)

USBCAN-OBD. USB to CAN adapter. User Manual. Document version 3.01 (2015/04/22) USB to CAN adapter User Manual Document version 3.01 (2015/04/22) Contents 1. Introduction... 3 1.1 Functional Overview... 3 1.2 Properties at a Glance...3 1.3 Typical application... 3 2. Installation...

More information

Handling Top Security Threats for Connected Embedded Devices. OpenIoT Summit, San Diego, 2016

Handling Top Security Threats for Connected Embedded Devices. OpenIoT Summit, San Diego, 2016 Handling Top Security Threats for Connected Embedded Devices OpenIoT Summit, San Diego, 2016 Jeep Cherokee hacked in July 2015 Presented at Black Hat USA 2015 Charlie Miller Chris Valasek Remote exploit

More information

IS CAR HACKING OVER? AUTOSAR SECURE ONBOARD COMMUNICATION

IS CAR HACKING OVER? AUTOSAR SECURE ONBOARD COMMUNICATION SESSION ID: SBX3-W1 IS CAR HACKING OVER? AUTOSAR SECURE ONBOARD COMMUNICATION Jeffrey Quesnelle Director of Software Development Intrepid Control Systems @IntrepidControl Introduction Spent 15 years working

More information

Gateway Architecture for Secured Connectivity and in Vehicle Communication

Gateway Architecture for Secured Connectivity and in Vehicle Communication Gateway Architecture for Secured Connectivity and in Vehicle Communication A Tata Elxsi Perspective James Joy Silvy Samuel Vinu V S Abstract Keywords Architecture, security, gateway, cryptography, Keys

More information

Uptane: Securely Updating Automobiles. Sam Weber NYU 14 June 2017

Uptane: Securely Updating Automobiles. Sam Weber NYU 14 June 2017 Uptane: Securely Updating Automobiles Sam Weber NYU samweber@nyu.edu 14 June 2017 Credits Funded by DHS S&T CSD Work done by New York University University of Michigan Transportation Research Institute

More information

CAN Obfuscation by Randomization (CANORa)

CAN Obfuscation by Randomization (CANORa) CAN Obfuscation by Randomization (CANORa) A technology to prevent large-scale malware attacks on driverless autonomous vehicles Tobias Madl MuSe Munich IT Security Research Group Munich University of Applied

More information

Preventing Cyber Attacks on Aftermarket Connectivity Solutions Zach Blumenstein, BD Director Argus Cyber Security

Preventing Cyber Attacks on Aftermarket Connectivity Solutions Zach Blumenstein, BD Director Argus Cyber Security Preventing Cyber Attacks on Aftermarket Connectivity Solutions Zach Blumenstein, BD Director Argus Cyber Security In less than a year, 100s of millions connected cars Aftermarket connectivity most prevalent

More information

Connect Vehicles: A Security Throwback

Connect Vehicles: A Security Throwback Connect Vehicles: A Security Throwback Chris Valasek (@nudehaberdasher) Director of Vehicle Security Research Introduction Hello Chris Valasek Director of Vehicle Security Research IPS Dev -> Windows RE

More information

PENETRATION TESTING OF AUTOMOTIVE DEVICES. Dr. Ákos Csilling Robert Bosch Kft., Budapest HUSTEF 15/11/2017

PENETRATION TESTING OF AUTOMOTIVE DEVICES. Dr. Ákos Csilling Robert Bosch Kft., Budapest HUSTEF 15/11/2017 PENETRATION TESTING OF AUTOMOTIVE DEVICES Dr. Ákos Csilling Robert Bosch Kft., Budapest HUSTEF 15/11/2017 Imagine your dream car 2 Image: 2017 ESCRYPT. Exemplary attack demonstration only. This is NOT

More information

A practical solution to achieve real-time performance in the automotive network by randomizing frame identifier

A practical solution to achieve real-time performance in the automotive network by randomizing frame identifier A practical solution to achieve real-time performance in the automotive network by randomizing frame identifier Kyusuk Han, André Weimerskirch, and Kang G. Shin October 26, 2015 Keywords Security, Authentication,

More information

Diagnostic Trends 2017 An Overview

Diagnostic Trends 2017 An Overview Diagnostic Trends 2017 An Overview Vector India Conference, 2017-07-18+19 V1.0 2017-07-14 Agenda 1. DoIP 2. Remote Diagnostics 3. Cyber Security 4. Summary 2/29 DoIP Why DoIP? Why another diagnostic network?

More information

CHAPTER 6 EFFICIENT TECHNIQUE TOWARDS THE AVOIDANCE OF REPLAY ATTACK USING LOW DISTORTION TRANSFORM

CHAPTER 6 EFFICIENT TECHNIQUE TOWARDS THE AVOIDANCE OF REPLAY ATTACK USING LOW DISTORTION TRANSFORM 109 CHAPTER 6 EFFICIENT TECHNIQUE TOWARDS THE AVOIDANCE OF REPLAY ATTACK USING LOW DISTORTION TRANSFORM Security is considered to be the most critical factor in many applications. The main issues of such

More information

The modern car has 100 million lines of code and over half of new vehicles will be connected by 2020.

The modern car has 100 million lines of code and over half of new vehicles will be connected by 2020. Automotive The modern car has 100 million lines of code and over half of new vehicles will be connected by 2020. Cars are becoming increasingly connected through a range of wireless networks The increased

More information

A Survey of Security Threats and Protection Mechanisms in Embedded Automotive Networks

A Survey of Security Threats and Protection Mechanisms in Embedded Automotive Networks A Survey of Security Threats and Protection Mechanisms in Embedded Automotive Networks Ivan Studnia, Vincent Nicomette, Eric Alata, Yves Deswarte, Mohamed Kaâniche, Youssef Laarouchi To cite this version:

More information

Security enhancing CAN transceivers. Bernd Elend Principal Engineer March 8 th, 2017

Security enhancing CAN transceivers. Bernd Elend Principal Engineer March 8 th, 2017 Bernd Elend Principal Engineer March 8 th, 2017 Introduction: SECURITY REQUIRES A LAYERED APPROACH NXP s 4 + 1 Layer approach for vehicle cyber security: Multiple security techniques, at different levels

More information

Cyber Security and Vehicle Diagnostics. Mark Zachos DG Technologies

Cyber Security and Vehicle Diagnostics. Mark Zachos DG Technologies Cyber Security and Vehicle Diagnostics Mark Zachos DG Technologies SAE INTERNATIONAL SAE J3061 Cybersecurity Guidebook for Cyber-Physical Automotive Systems Published January 2016; drive to a risk-based,

More information

Experimental Security Analysis of a Modern Automobile

Experimental Security Analysis of a Modern Automobile hyväksymispäivä arvosana arvostelija Experimental Security Analysis of a Modern Automobile Matti Valovirta Helsinki HELSINGIN YLIOPISTO Tietojenkäsittelytieteen laitos HELSINGIN YLIOPISTO HELSINGFORS UNIVERSITET

More information

CIS 6930/4930 Computer and Network Security. Topic 8.1 IPsec

CIS 6930/4930 Computer and Network Security. Topic 8.1 IPsec CIS 6930/4930 Computer and Network Security Topic 8.1 IPsec 1 IPsec Objectives Why do we need IPsec? IP V4 has no authentication IP spoofing Payload could be changed without detection. IP V4 has no confidentiality

More information

Sicherheitsaspekte für Flashing Over The Air in Fahrzeugen. Axel Freiwald 1/2017

Sicherheitsaspekte für Flashing Over The Air in Fahrzeugen. Axel Freiwald 1/2017 Sicherheitsaspekte für Flashing Over The Air in Fahrzeugen Axel Freiwald 1/2017 All OEMs Will Implement Software OTA As Soon As Possible IHS Study Motivation: Save on recalls caused by software bugs Evolution

More information

Advanced Analytics for Connected Cars Cyber Security

Advanced Analytics for Connected Cars Cyber Security Advanced Analytics for Connected Cars Cyber Security Matan Levi, Ben-Gurion University, Yair Allouche, IBM Security Division, and Aryeh Kontorovich, Ben-Gurion University arxiv:1711.01939v2 [cs.cr] 8 Nov

More information

Automotive Security: Challenges, Standards and Solutions. Alexander Much 12 October 2017

Automotive Security: Challenges, Standards and Solutions. Alexander Much 12 October 2017 Automotive Security: Challenges, Standards and Solutions Alexander Much 12 October 2017 Driver s fears are being fueled by recent news Connected Cars, new opportunities for hackers Autonomous Driving Concepts

More information

Building Trust in the Internet of Things

Building Trust in the Internet of Things AN INTEL COMPANY Building Trust in the Internet of Things Developing an End-to-End Security Strategy for IoT Applications WHEN IT MATTERS, IT RUNS ON WIND RIVER EXECUTIVE SUMMARY Recent security breaches

More information

Conquering Complexity: Addressing Security Challenges of the Connected Vehicle

Conquering Complexity: Addressing Security Challenges of the Connected Vehicle Conquering Complexity: Addressing Security Challenges of the Connected Vehicle October 3, 2018 Securely Connecting People, Applications, and Devices Ted Shorter Chief Technology Officer CSS Ted.Shorter@css-security.com

More information

A Formal Model to Facilitate Security Testing in Modern Automotive Systems

A Formal Model to Facilitate Security Testing in Modern Automotive Systems A Formal Model to Facilitate Security Testing in Modern Automotive Systems Eduardo dos Santos Andrew Simpson Cyber Security Centre for Doctoral Training Department of Computer Science University of Oxford

More information

Firewalls, Tunnels, and Network Intrusion Detection

Firewalls, Tunnels, and Network Intrusion Detection Firewalls, Tunnels, and Network Intrusion Detection 1 Intrusion Detection Systems Intrusion Actions aimed at compromising the security of the target (confidentiality, integrity, availability of computing/networking

More information

Don t Fuss about Fuzzing: Fuzzing Controllers in Vehicular Networks

Don t Fuss about Fuzzing: Fuzzing Controllers in Vehicular Networks Don t Fuss about Fuzzing: Fuzzing Controllers in Vehicular Networks Stephanie Bayer, Alexander Ptok *) ESCRYPT GmbH *) ESCRYPT GmbH Leopoldstraße 244 Lise-Meitner-Allee 4 80807 München 44801 Bochum Germany

More information

Physical-Fingerprinting of Electronic Control Unit (ECU) Based on Machine Learning Algorithm for In-Vehicle Network Communication Protocol CAN-BUS

Physical-Fingerprinting of Electronic Control Unit (ECU) Based on Machine Learning Algorithm for In-Vehicle Network Communication Protocol CAN-BUS Physical-Fingerprinting of Electronic Control Unit (ECU) Based on Machine Learning Algorithm for In-Vehicle Network Communication Protocol CAN-BUS by Omid Avatefipour A thesis submitted in partial fulfillment

More information

Vehicle Safe-Mode Limp-Mode in the Service of Cyber Security

Vehicle Safe-Mode Limp-Mode in the Service of Cyber Security Vehicle Safe-Mode Limp-Mode in the Service of Cyber Security Tsvika Dagan, Mirco Marchetti, Dario Stabili, Michele Colajanni, Avishai Wool Tel-Aviv University, Israel University of Modena and Reggio Emilia,

More information

Encrypted Traffic Security (ETS) White Paper

Encrypted Traffic Security (ETS) White Paper Encrypted Traffic Security (ETS) White Paper The rapid rise in encrypted traffic is changing the security landscape. As more organizations become digital, an increasing number of services and applications

More information

Cybersecurity Solutions for Connected Vehicles

Cybersecurity Solutions for Connected Vehicles Cybersecurity Solutions for Connected Vehicles Contents TREND MICRO LEGAL DISCLAIMER The information provided herein is for general information and educational purposes only. It is not intended and should

More information

The Remote Exploitation of Unaltered Passenger Vehicles Revisited. 20 th October 2016 Mark Pitchford, Technical Manager, EMEA

The Remote Exploitation of Unaltered Passenger Vehicles Revisited. 20 th October 2016 Mark Pitchford, Technical Manager, EMEA The Remote Exploitation of Unaltered Passenger Vehicles Revisited 20 th October 2016 Mark Pitchford, Technical Manager, EMEA Today s hot topic A few years ago, Lynx presentations at events such as this

More information

Automotive Security. Whitepaper 1

Automotive Security. Whitepaper 1 Whitepaper 1 Introduction Until quite recently, automotive security was synonymous with theft prevention. But with the software pie in the automobile growing exponentially to realize visions of the connected

More information

Cybersecurity Challenges for Connected and Automated Vehicles. Robert W. Heller, Ph.D. Program Director R&D, Southwest Research Institute

Cybersecurity Challenges for Connected and Automated Vehicles. Robert W. Heller, Ph.D. Program Director R&D, Southwest Research Institute Cybersecurity Challenges for Connected and Automated Vehicles Robert W. Heller, Ph.D. Program Director R&D, Southwest Research Institute Cars are becoming complex (and CAV is only part of it) 1965: No

More information

Introduction to VANET

Introduction to VANET VANET Introduction to VANET -Vehicles connected to each others through an ad hoc formation form a wireless network called Vehicular Ad Hoc Network. -Vehicular ad hoc networks (VANETs) are a subgroup of

More information

(2½ hours) Total Marks: 75

(2½ hours) Total Marks: 75 (2½ hours) Total Marks: 75 N. B.: (1) All questions are compulsory. (2) Makesuitable assumptions wherever necessary and state the assumptions made. (3) Answers to the same question must be written together.

More information

CONTROLLER AREA NETWORK AS THE SECURITY OF THE VEHICLES

CONTROLLER AREA NETWORK AS THE SECURITY OF THE VEHICLES INTERNATIONAL JOURNAL OF COMPUTER ENGINEERING & TECHNOLOGY (IJCET) Proceedings of the International Conference on Emerging Trends in Engineering and Management (ICETEM14) ISSN 0976 6367(Print) ISSN 0976

More information

SW-Update. Thomas Fleischmann June 5 th 2015

SW-Update. Thomas Fleischmann June 5 th 2015 Thomas Fleischmann June 5 th 2015 2 3 Agenda The big picture SW-Update today Diagnostics vs SW-Update Our solution for SW-Update The real challenges beyond getting a file into the car Elektrobit (EB),

More information

Automotive Attack Surfaces. UCSD and University of Washington

Automotive Attack Surfaces. UCSD and University of Washington Automotive Attack Surfaces UCSD and University of Washington Current Automotive Environment Modern cars are run by tens of ECUs comprising millions of lines of code ECUs are well connected over internal

More information

SECURITY OF VEHICLE TELEMATICS SYSTEMS. Daniel Xiapu Luo Department of Computing The Hong Kong Polytechnic University

SECURITY OF VEHICLE TELEMATICS SYSTEMS. Daniel Xiapu Luo Department of Computing The Hong Kong Polytechnic University SECURITY OF VEHICLE TELEMATICS SYSTEMS Daniel Xiapu Luo Department of Computing The Hong Kong Polytechnic University 1 2 3 TELEMATICS 4 TELEMATICS 5 OBD-II On-Board Diagnostic Perform emissions related

More information

Chalmers Publication Library

Chalmers Publication Library Chalmers Publication Library Adapting Threat Modeling Methods for the Automotive Industry This document has been downloaded from Chalmers Publication Library (CPL). It is the author s version of a work

More information

The Controller Area Network (CAN) Interface

The Controller Area Network (CAN) Interface The Controller Area Network (CAN) Interface ARSLAB - Autonomous and Robotic Systems Laboratory Dipartimento di Matematica e Informatica - Università di Catania, Italy santoro@dmi.unict.it L.S.M. Course

More information

GPRS security. Helsinki University of Technology S Security of Communication Protocols

GPRS security. Helsinki University of Technology S Security of Communication Protocols GPRS security Helsinki University of Technology S-38.153 Security of Communication Protocols vrantala@cc.hut.fi 15.4.2003 Structure of the GPRS Network BSS GTP PLMN BSS-Base Station sub-system VLR - Visiting

More information

Securing the future of mobility

Securing the future of mobility Kaspersky Transportation System Security AVL Software and Functions Securing the future of mobility www.kaspersky.com #truecybersecurity Securing the future of mobility Connected car benefits The need

More information

Adversary Models. EECE 571B Computer Security. Konstantin Beznosov

Adversary Models. EECE 571B Computer Security. Konstantin Beznosov Adversary Models EECE 571B Computer Security Konstantin Beznosov 1 why we need adversary models?! attacks and countermeasures are meaningless without 2 2 elements of an adversary model! objectives! obtain

More information

Anomaly Detection. You Chen

Anomaly Detection. You Chen Anomaly Detection You Chen 1 Two questions: (1) What is Anomaly Detection? (2) What are Anomalies? Anomaly detection refers to the problem of finding patterns in data that do not conform to expected behavior

More information

Automotive Security: Challenges and Solutions

Automotive Security: Challenges and Solutions Automotive Security: Challenges and Solutions 8 th Vector Congress 30 th November 2016 V2.01.00 2016-11-22 Agenda Introduction Services Embedded Security Mechanisms Tools Summary 2 Introduction Vehicle

More information

Embedded Hybrid Anomaly Detection for Automotive CAN Communication

Embedded Hybrid Anomaly Detection for Automotive CAN Communication Embedded Hybrid Anomaly Detection for Automotive CAN Communication Marc Weber, Simon Klug, Eric Sax, Bastian Zimmer To cite this version: Marc Weber, Simon Klug, Eric Sax, Bastian Zimmer. Embedded Hybrid

More information

Stepping Stone to Car Hacking

Stepping Stone to Car Hacking Stepping Stone to ar Hacking The Realistic Threat Model Movie Liran Zwickel - Security researcher Who We Are nigmatos - Automotive yber Security Yannay Livneh - Security researcher Alex Fok TO Agenda History

More information

Automobile Design and Implementation of CAN bus Protocol- A Review S. N. Chikhale Abstract- Controller area network (CAN) most researched

Automobile Design and Implementation of CAN bus Protocol- A Review S. N. Chikhale Abstract- Controller area network (CAN) most researched Automobile Design and Implementation of CAN bus Protocol- A Review S. N. Chikhale Abstract- Controller area network (CAN) most researched communication protocol used for automotive industries. Now we are

More information

Define information security Define security as process, not point product.

Define information security Define security as process, not point product. CSA 223 Network and Web Security Chapter One What is information security. Look at: Define information security Define security as process, not point product. Define information security Information is

More information

Failure Diagnosis and Cyber Intrusion Detection in Transmission Protection System Assets Using Synchrophasor Data

Failure Diagnosis and Cyber Intrusion Detection in Transmission Protection System Assets Using Synchrophasor Data Failure Diagnosis and Cyber Intrusion Detection in Transmission Protection System Assets Using Synchrophasor Data Anurag Srivastava, Bo Cui, P. Banerjee Washington State University NASPI March 2017 Outline

More information

UNSUPERVISED LEARNING FOR ANOMALY INTRUSION DETECTION Presented by: Mohamed EL Fadly

UNSUPERVISED LEARNING FOR ANOMALY INTRUSION DETECTION Presented by: Mohamed EL Fadly UNSUPERVISED LEARNING FOR ANOMALY INTRUSION DETECTION Presented by: Mohamed EL Fadly Outline Introduction Motivation Problem Definition Objective Challenges Approach Related Work Introduction Anomaly detection

More information

Detecting Specific Threats

Detecting Specific Threats The following topics explain how to use preprocessors in a network analysis policy to detect specific threats: Introduction to Specific Threat Detection, page 1 Back Orifice Detection, page 1 Portscan

More information

Protection against attack D.o.S. in CAN and CAN-FD vehicle networks

Protection against attack D.o.S. in CAN and CAN-FD vehicle networks Protection against attack D.o.S. in CAN and CAN-FD vehicle networks Luiz Quintino, Alexei Machado Electrical Engineering Pontifícia Universidade Católica de Minas Gerais (PUC-MG) Campus Coração Eucarístico

More information

CSC 578 Neural Networks and Deep Learning

CSC 578 Neural Networks and Deep Learning CSC 578 Neural Networks and Deep Learning Fall 2018/19 7. Recurrent Neural Networks (Some figures adapted from NNDL book) 1 Recurrent Neural Networks 1. Recurrent Neural Networks (RNNs) 2. RNN Training

More information

1.1 SYMPTOMS OF DDoS ATTACK:

1.1 SYMPTOMS OF DDoS ATTACK: 2018 IJSRSET Volume 4 Issue 4 Print ISSN: 2395-1990 Online ISSN : 2394-4099 Themed Section : Engineering and Technology An Efficient Entropy Based Approach for the Detection of DDOS Attack Abhilash Singh,

More information

Understanding TETRA Security

Understanding TETRA Security Understanding TETRA Security Brian Murgatroyd Tetra Association former chairman Security and Fraud Prevention Group (SFPG) Warren Systems Independent Security Consultant brian@warrensystems.co.uk Agenda

More information

Basic Concepts in Intrusion Detection

Basic Concepts in Intrusion Detection Technology Technical Information Services Security Engineering Roma, L Università Roma Tor Vergata, 23 Aprile 2007 Basic Concepts in Intrusion Detection JOVAN GOLIĆ Outline 2 Introduction Classification

More information

Prevention of Information Mis-translation by a Malicious Gateway in Connected Vehicles

Prevention of Information Mis-translation by a Malicious Gateway in Connected Vehicles Prevention of Information Mis-translation by a Malicious Gateway in Connected Vehicles Kyusuk Han and Kang G. Shin Real-Time Computing Laboratory EECS/CSE, The University of Michigan Ann Arbor, MI 48109-2121,

More information