Spelling suggestions: "subject:"automotive 2security"" "subject:"automotive bsecurity""
1 |
Protecting Vehicles from Remote Attackers with Firewalls and Switched NetworksAllen, Evan Nathaniel 16 May 2024 (has links)
Remote attacks on vehicles have become alarmingly more common over the past decade. Attackers often can compromise a single Electronic Control Unit (ECU) in the In-Vehicle Network (IVN) and then use it to send malicious messages that can cause a vehicle to stop, turn, or even crash. It is critical that we find a way to block or discard these messages. However, current IVNs contain few measures to prevent such threats. Most research in this area focuses on cryptography-based approaches that are too slow or too expensive for vehicle applications. In this thesis, we explore how we can stop many of these remote attacks without cryptography. We define a `security policy' that describes what messages are allowed in an IVN and then create a system of distributed firewalls to enforce it, blocking many remote attacks. Using newer, switched IVN topologies, we can authenticate messages with nearly zero additional overhead and implement our system with minimal changes to each ECU. This places the security responsibility on a few centralized network devices that automakers can more easily control and update, even after a vehicle is sold. We evaluate our firewall design using a network simulator and find that our approach is significantly faster than state-of-the-art cryptographic approaches. / Master of Science / Over the past decade, hackers and security researchers have found many ways to remotely take control of a vehicle. Most modern vehicles contain numerous Electronic Control Units (ECUs) that each control some aspect of the vehicle, such as the brakes or engine. It is difficult to design all ECUs perfectly, however, and attackers are often able to remotely hack into one of them. From there, attackers can send malicious messages throughout the In-Vehicle Network (IVN) that connects ECUs. These messages can cause the car to stop, turn, or even crash. Thus, we must find a way to block or discard these messages. Most current research uses cryptography to accomplish this, which is a computationally expensive technique that uses math to determine if messages are legitimate. In this thesis, we examine how we can stop these malicious messages without cryptography. We introduce an approach based on firewalls, which are devices in the network that inspect messages and block them if they do not pass a set of rules. Our approach, which leverages new trends in IVN architectures, allows us to stop many of these malicious messages in the network with nearly zero additional overhead. In addition, our system of firewalls is much easier for an automaker to manage and update than previous approaches. We simulate our idea and find that it is significantly faster than previous state-of-the-art techniques.
|
2 |
Exploring Vulnerabilities and Security Schemes of Service-Oriented Internet 0f Things (IoT) ProtocolsKayas, Golam, 0000-0001-7186-3442 08 1900 (has links)
The Internet of Things (IoT) is spearheading a significant revolution in the realm of computing systems for the next generation. IoT has swiftly permeated various domains, including healthcare, manufacturing, military, and transportation, becoming an essential component of numerous smart devices and applications. However, as the number of IoT devices proliferates, security concerns have surged, resulting in severe attacks in recent years. Consequently, it is imperative to conduct a comprehensive investigation into IoT networks to identify and address vulnerabilities in order to preempt potential adversarial activities.
The aim of this research is to examine different IoT-based systems and comprehend their security weaknesses. Additionally, the objective is to develop effective strategies to mitigate vulnerabilities and explore the security loopholes inherent in IoT-based systems, along with a plan to rectify them.
IoT-based systems present unique challenges due to the expanding adoption of IoT technology across diverse applications, accompanied by a wide array of IoT devices. Each IoT network has its own limitations, further compounding the challenge. For instance, IoT devices used in sensor networks often face constraints in terms of resources, possessing limited power and computational capabilities. Moreover, integration of IoT with existing systems introduces security issues. A prime example of this integration is found in connected cars, where traditional in-vehicle networks, designed to connect internal car components, must be highly robust to meet stringent requirements. However, modern cars are now connected to a wide range of IoT nodes through various interfaces, thus creating new security challenges for professionals to address. This work offers a comprehensive investigation plan for different types of IoT-based systems with varying constraints to identify security vulnerabilities. We also propose security measures to mitigate the vulnerabilities identified in our investigation, thereby preventing adversarial activities. To facilitate the exploration and investigation of vulnerabilities, our work is divided into two parts: resource-constrained IoT-based systems (sensor networks, smart homes) and robustness-constrained IoT-based systems (connected cars).
In our investigation of resource-constrained IoT networks, we focus on two widely used service-oriented IoT protocols, namely Universal Plug and Play (UPnP) and Message Queue Telemetry Transport (MQTT). Through a structured phase-by-phase analysis of these protocols, we establish a comprehensive threat model that explains the existing security gaps in communications. The threat models present security vulnerabilities of service-oriented resource-constrained IoT networks and the corresponding security attacks that exploit these vulnerabilities. We propose security solutions to mitigate the identified vulnerabilities and defend against potential security breaches. Our security analysis demonstrates that the proposed measures successfully thwart adversarial activities, and our experimental data supports the feasibility of the proposed models.
For robustness-constrained IoT-based systems, we investigate the in-vehicle networks of modern cars, specifically focusing on the Controller Area Network (CAN) bus system, which is widely adopted for connecting Electronic Control Units (ECUs) in vehicles. To uncover vulnerabilities in these in-vehicle networks, we leverage fuzz testing, a method that involves testing with random data. Fuzz testing over the CAN bus is a well-established technique for detecting security vulnerabilities in in-vehicle networks. Furthermore, the automatic execution of test cases and assessment of robustness make CAN bus fuzzing a popular choice in the automotive testing community. However, a major drawback of fuzz testing is the generation of a large volume of execution reports, often containing false positives. Consequently, all execution reports must be manually reviewed, which is time-consuming and prone to human errors. To address this issue, we propose an automatic investigation mechanism to identify security vulnerabilities from fuzzing logs, considering the class, relative severity, and robustness of failures. Our proposed schema utilizes artificial intelligence (AI) to identify genuine security-critical vulnerabilities from fuzz testing execution logs. Additionally, we provide mechanisms to gauge the relative severity and robustness of a failure, thereby determining the criticality of a vulnerability. Moreover, we propose an AI-assisted vulnerability scoring system that indicates the criticality of a vulnerability, offering invaluable assistance in prioritizing the mitigation of critical issues in in-vehicle networks. / Computer and Information Science
|
3 |
Attacking Computer Vision Models Using Occlusion Analysis to Create Physically Robust Adversarial ImagesLoh, Jacobsen 01 June 2020 (has links) (PDF)
Self-driving cars rely on their sense of sight to function effectively in chaotic and uncontrolled environments. Thanks to recent developments in computer vision, specifically convolutional neural networks, autonomous vehicles have developed the ability to see at or above human-level capabilities, which in turn has allowed for rapid advances in self-driving cars. Unfortunately, much like humans being confused by simple optical illusions, convolutional neural networks are susceptible to simple adversarial inputs. As there is no overlap between the optical illusions that fool humans and the adversarial examples that threaten convolutional neural networks, little is understood as to why these adversarial examples dupe such advanced models and what effective mitigation techniques might exist to resolve these issues.
This thesis focuses on these adversarial images. By extending existing work, this thesis is able to offer a unique perspective on adversarial examples. Furthermore, these extensions are used to develop a novel attack that can generate physically robust adversarial examples. These physically robust instances provide a unique challenge as they transcend both individual models and the digital domain, thereby posing a significant threat to the efficacy of convolutional neural networks and their dependent applications.
|
4 |
Efficiency of CNN on Heterogeneous Processing DevicesRingenson, Josefin January 2019 (has links)
In the development of advanced driver assistance systems, computer vision problemsneed to be optimized to run efficiently on embedded platforms. Convolutional neural network(CNN) accelerators have proven to be very efficient for embedded camera platforms,such as the ones used for automotive vision systems. Therefore, the focus of this thesisis to evaluate the efficiency of a CNN on a future embedded heterogeneous processingdevice. The memory size in an embedded system is often very limited, and it is necessary todivide the input into multiple tiles. In addition, there are power and speed constraintsthat needs to be met to be able to use a computer vision system in a car. To increaseefficiency and optimize the memory usage, different methods for CNN layer fusion areproposed and evaluated for a variety of tile sizes. Several different layer fusion methods and input tile sizes are chosen as optimal solutions,depending on the depth of the layers in the CNN. The solutions investigated inthe thesis are most efficient for deep CNN layers, where the number of channels is high.
|
5 |
Security Analysis of Ethernet in CarsTalic, Ammar January 2017 (has links)
With the development of advanced driving assistance systems, the amount of data that needs to be transmitted within a car has increased tremendously. Traditional communication bus based systems are unable to meet today’s requirements; hence automotive Ethernet is being developed and standardized. Ethernet has for many years been the de facto standard in interconnecting computers. In that time several vulnerabilities of the networking protocol stack implementations and even the protocols themselves have been discovered. The knowledge from exploiting computer networks can be applied to the automotive domain. Additionally, vehicle manufacturers tend to implement their own stacks, due to copyleft reasons; hence the chances of implementation faults increases as opposed to using well-tested open source solutions. Since the line between security and safety in cars is almost nonexistent, security has to be properly addressed. This thesis investigates the security of automotive Ethernet and its accompanying protocols. It starts with an introduction to computer and automotive networking and protocols. After a solid foundation is laid, it investigates what makes up automotive Ethernet, its application in the field, and the automotive specific components relying on it. After looking at related work, a data network security audit and analysis as defined by the open-source security testing methodology is performed. The system is graded with risk assessment values. Weak points are identified and improvements suggested. The impact of the proposed improvements is shown by reevaluating the system and recalculating the risk assessment values. These efforts further the ultimate goal of achieving increased safety of all traffic participants. / Med utvecklingen av avancerade körningsassisterande system har mängden data som behöver sändas inom en bil ökat enormt. Traditionella kommunikationsbussbaserade system kan inte uppfylla dagens krav. Därmed utvecklas och standardiseras Ethernet för fordon. Ethernet har i många år varit de facto-standarden i sammankopplandet mellan datorer. Under den tiden har flera sårbarheter hos nätverksprotokolls implementeringar och protokoll själva upptäckts. Det finns anledning att tro att kunskapen från att utnyttja datanätverk kan tillämpas på fordonsdomänen. Att tillägga är att fordonstillverkare tenderar att genomföra sina egna staplar. På grund av copyleft skäl, ökar chanserna för implementeringsfel i motsats till att använda testade open source-lösningar. Eftersom människors säkerhet hos bilar är extremt viktigt, måste även dess system hanteras ordentligt. Denna avhandling undersöker säkerheten för Ethernet och kompletterande protokoll hos bilar. Den börjar med en introduktion till datorers och bilars nätverk och protokoll. Efter en stabil grund fastställts, undersöker den vad som utgör Ethernet hos bilar, dess tillämpning inom fältet, och de bilspecifika komponenterna den beror av. Efter att ha tittat på relaterat arbete utförs en säkerhetsgranskning och analys av datanätverk som definieras av säkerhetsmetoden för open-source. Systemet värderas med riskbedömningsvärden. Svaga punkter identifieras och förbättringar föreslås. Effekten av de föreslagna förbättringarna framgår utav omvärdering av systemet och omräkning av riskbedömningsvärdena. Dessa bedömningar leder till det yttersta målet för ökad säkerhet för alla trafikanter.
|
6 |
Automating Security Risk and Requirements Management for Cyber-Physical SystemsHansch, Gerhard 15 October 2020 (has links)
No description available.
|
Page generated in 0.0958 seconds