WO2019026077A1 - System and method for preventing malicious can bus attacks - Google Patents

System and method for preventing malicious can bus attacks Download PDF

Info

Publication number
WO2019026077A1
WO2019026077A1 PCT/IL2018/050858 IL2018050858W WO2019026077A1 WO 2019026077 A1 WO2019026077 A1 WO 2019026077A1 IL 2018050858 W IL2018050858 W IL 2018050858W WO 2019026077 A1 WO2019026077 A1 WO 2019026077A1
Authority
WO
WIPO (PCT)
Prior art keywords
message
ecu
bits
blocked
erroneous
Prior art date
Application number
PCT/IL2018/050858
Other languages
French (fr)
Inventor
Eyal Kamir
Alexander FOK
Yaniv TUCHMAN
Avi BITTON
Uriel FRIEDMAN
Meni DALI
Yoni MALKA
Original Assignee
Enigmatos Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Enigmatos Ltd. filed Critical Enigmatos Ltd.
Priority to US16/618,934 priority Critical patent/US11036853B2/en
Priority to CA3071776A priority patent/CA3071776C/en
Publication of WO2019026077A1 publication Critical patent/WO2019026077A1/en
Priority to IL270919A priority patent/IL270919B/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/554Detecting local intrusion or implementing counter-measures involving event detection and direct action
    • BPERFORMING OPERATIONS; TRANSPORTING
    • B60VEHICLES IN GENERAL
    • B60RVEHICLES, VEHICLE FITTINGS, OR VEHICLE PARTS, NOT OTHERWISE PROVIDED FOR
    • B60R16/00Electric or fluid circuits specially adapted for vehicles and not otherwise provided for; Arrangement of elements of electric or fluid circuits specially adapted for vehicles and not otherwise provided for
    • B60R16/02Electric or fluid circuits specially adapted for vehicles and not otherwise provided for; Arrangement of elements of electric or fluid circuits specially adapted for vehicles and not otherwise provided for electric constitutive elements
    • B60R16/023Electric or fluid circuits specially adapted for vehicles and not otherwise provided for; Arrangement of elements of electric or fluid circuits specially adapted for vehicles and not otherwise provided for electric constitutive elements for transmission of signals between vehicle parts or subsystems
    • B60R16/0231Circuits relating to the driving or the functioning of the vehicle
    • B60R16/0232Circuits relating to the driving or the functioning of the vehicle for measuring vehicle parameters and indicating critical, abnormal or dangerous conditions
    • BPERFORMING OPERATIONS; TRANSPORTING
    • B60VEHICLES IN GENERAL
    • B60RVEHICLES, VEHICLE FITTINGS, OR VEHICLE PARTS, NOT OTHERWISE PROVIDED FOR
    • B60R16/00Electric or fluid circuits specially adapted for vehicles and not otherwise provided for; Arrangement of elements of electric or fluid circuits specially adapted for vehicles and not otherwise provided for
    • B60R16/02Electric or fluid circuits specially adapted for vehicles and not otherwise provided for; Arrangement of elements of electric or fluid circuits specially adapted for vehicles and not otherwise provided for electric constitutive elements
    • B60R16/023Electric or fluid circuits specially adapted for vehicles and not otherwise provided for; Arrangement of elements of electric or fluid circuits specially adapted for vehicles and not otherwise provided for electric constitutive elements for transmission of signals between vehicle parts or subsystems
    • B60R16/0239Electronic boxes
    • BPERFORMING OPERATIONS; TRANSPORTING
    • B60VEHICLES IN GENERAL
    • B60RVEHICLES, VEHICLE FITTINGS, OR VEHICLE PARTS, NOT OTHERWISE PROVIDED FOR
    • B60R25/00Fittings or systems for preventing or indicating unauthorised use or theft of vehicles
    • BPERFORMING OPERATIONS; TRANSPORTING
    • B60VEHICLES IN GENERAL
    • B60RVEHICLES, VEHICLE FITTINGS, OR VEHICLE PARTS, NOT OTHERWISE PROVIDED FOR
    • B60R25/00Fittings or systems for preventing or indicating unauthorised use or theft of vehicles
    • B60R25/30Detection related to theft or to other events relevant to anti-theft systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F17/00Digital computing or data processing equipment or methods, specially adapted for specific functions
    • G06F17/10Complex mathematical operations
    • G06F17/17Function evaluation by approximation methods, e.g. inter- or extrapolation, smoothing, least mean square method
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/566Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N20/00Machine learning
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N5/00Computing arrangements using knowledge-based models
    • G06N5/04Inference or reasoning models
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/40Bus networks
    • H04L12/40006Architecture of a communication node
    • H04L12/40013Details regarding a bus controller
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/03Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
    • G06F2221/034Test or assess a computer or a system
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/40Bus networks
    • H04L2012/40208Bus networks characterized by the use of a particular bus standard
    • H04L2012/40215Controller Area Network CAN
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/40Bus networks
    • H04L2012/40267Bus for use in transportation systems
    • H04L2012/40273Bus for use in transportation systems the transportation system being a vehicle

Definitions

  • the present invention i s directed to systems and processes for preventing cyber security attacks on the CAN bus of a vehicle, from carrying out their plot, and more particularly, to systems and processes for blocking messages from at least one selected ECU, either preinstailed by the OEM or installed as an aftermarket ECU, upon determining that the vehicle is under a cyber security attack.
  • Vehicles are commonly computerized to control a plurality of the vehicles components via the vehicle's standard bus, being a Controller Area Network (CAN) bus.
  • CAN-bus is a vehicle bus standard designed to allow electronic control units (ECUs) such as microcontrollers and devices to communicate with each other in applications without a host computer.
  • ECUs electronice control units
  • the CAN-bus a message-based protocol.
  • an ECU is configured to transmit a message over the CAN bus that complies with the CAN-bus a message-based protocol .
  • a CAN bus message consist of message identifier, Control, Data, CRC and ACK.
  • Fig. 1 schematically shows the fields of the message- based protocol 25 utilized by a CAN-bus 20 of vehicle 10.
  • the CAN-bus messages 25 consist of a message identifier 24, Control 26, Data 28, CRC 30 and Ack 32, each field having a string of bits having a predesigned length.
  • the Message Identifier 24 defines the level of priority of the data protocol .
  • the length of the frames can be in two formats: the standard format that uses an 1 1 -bits arbitration ID, and the extended format that uses a 29-bits arbitration ID, wherein SF field 22 indicates which of the two formats is used.
  • the Control Field 26 also known as the Check Field, displays the number of items of information contained in the data field.
  • the Control field allows any receiver of the message to check whether the received message has all the information transferred.
  • the Data Field 28 contains the information transmitted on the bus and that can be read by any other CAN Node, wherein each Electronic Control Units (ECUs) operatively connected to the CAN-bus is referred to as node.
  • ECUs Electronic Control Units
  • the C C Field 30 is a Cyclic Redundancy Check field that contains a 15-bits cyclic redundancy check code.
  • the ACK Field 32 being the Acknowledge Field, allows any receiver of the transmitted message to signal to the transmitter that it has correctly received the data protocol. If an error is detected, the receiver notifies the transmitter of the error immediately. The transmitter may then resend the data protocol.
  • a hacker, an attacker or a potential attacker can connect his own unit to the network, send malicious messages and commands, impersonate legitimate commands of other ECUs and cause scenarios that can be used for inflicting damages, extortion, endangering human lives and properties.
  • Bl S A network topology in which nodes are directly connected to a
  • the principal intentions of the present invention include providing a system for preventing on the CAN bus of a vehicle a cyber security attack on the CAN bus of a vehicle, by blocking a pre-selected ECU or blocking the attacking ECU. It is assumed that the malicious attack intends to take control of the whole vehicle or specific control function (e.g. washers control) and therefore, the objective is to neutralize a vulnerable ECU, either an original - produced and installed by the OEM (such as, with no limitations, the ECU that controls the ignition), or one that was attached later at aftermarket stage, such as, with no limitations, OBD dongle, telematics device, antitheft device, etc.
  • the system of present invention can be deployed in existing car architectures and does not require significant car architecture modifications.
  • the system includes a teleprocessing device coupled with digital memory, and an ECU blocking device.
  • the digital memory holds the message identifier of at least one ECU to be blocked, wherein the message identifier includes the message identifier 24, and optionally, at least a portion of the data field 28 of a CAN message as typically used by the at least one ECU to be blocked.
  • the teleprocessing device is configured to read the message identifier of CAN messages, to thereby identify the at least one ECU to be blocked.
  • the teleprocessing device activates the ECU blocking device to thereby facilitate blocking the at least one ECU to be blocked.
  • the ECU blocking device alters one or more bits of the transmitted signal, to thereby force the message to be an erroneous CAN message.
  • the altering of the one or more bits of the transmitted signal includes inverting one or more "1" bits to "0" to thereby forcing the message to be an erroneous CAN message.
  • the inverting of one or more "1" bits to "0” includes forming a string of at least six "0" bits in a row, to thereby forcing the message to be an erroneous CAN message.
  • the altering of the one or more bits of the transmitted signal includes inverting one or more "0" bits to "1" to thereby forcing the message to be an erroneous CAN message.
  • the altering of the one or more bits of the transmitted signal includes inverting one or more "1" bits to “0” and one or more "0” bits to " 1", to thereby forcing the message to be an erroneous CAN message.
  • the ECU blocking device may be embodied in a single unit or in a number of units.
  • the system further includes a cloud-based server having a cloud- based processing device, wherein the cloud-based processing device operates at some of the operations of the teleprocessing device.
  • the digital memory is part of the cloud-based server.
  • an example process for preventing cyber security attacks, over the CAN bus of a vehicle, from carrying out their plot including the steps of:
  • the ECU blocking device is activated to thereby facilitate blocking the at least one ECU to be blocked;
  • the altering of the one or more bits of the transmitted signal includes inverting one or more "0" bits to "1" to thereby forcing the message to be an erroneous CAN message.
  • the inverting of one or more "0" bits to " 1" includes forming a string of at least six "0" bits in a row, to thereby forcing the message to be an erroneous CAN message.
  • the altering of the one or more bits of the transmitted signal includes inverting one or more " 1" bits to "0" to thereby forcing the message to be an erroneous CAN message.
  • the altering of the one or more bits of the transmitted signal includes inverting one or more "1" bits to “0” and one or more "0” bits to " 1", to thereby forcing the message to be an erroneous CAN message.
  • the message identifier includes at least a portion of the data field of a CAN message.
  • the ECU blocking device is embodied in a single unit or a in number of units.
  • a “computer” includes machines, computers and computing or computer systems (for example, physically separate locations or devices), servers, computer and computerized devices, processors, processing systems, computing cores (for example, shared devices), and similar systems, workstations, modules and combinations of the aforementioned.
  • the aforementioned "computer” may be in various types, such as a personal computer (e.g., laptop, desktop, tablet computer), or any type of computing device, including mobile devices that can be readily transported from one location to another location (e.g., smartphone, personal digital assistant (PDA), mobile telephone or cellular telephone).
  • PDA personal digital assistant
  • a server is typically a remote computer or remote computer system including a cloud-based computer/server, or computer program therein, in accordance with the "computer” defined above, that is accessible over a communications medium, such as a communications network or other computer network, including the Internet.
  • a “server” provides services to, or performs functions for, other computer programs (and their users), in the same or other computers.
  • a server may also include a virtual machine, a software-based emulation of a computer.
  • server configured to be a cloud-based server
  • server configured to be a cloud-based server
  • Fig. 1 shows the fields of the message-based protocol utilized by a CAN-bus of vehicle.
  • Fig. 2 is a schematic diagram showing an example vehicle-identification system for preventing malicious attacks over a vehicle's CAN bus from carrying out their plot, according to embodiments of the present invention.
  • Fig. 3 is a schematic flow chart diagram showing an example process for preventing malicious attacks on a vehicle's CAN bus from carrying out their plot, by blocking CAN messages transmitted by a selected ECU, according to embodiments of the present invention.
  • aspects of the present invention may be embodied as a system, methods/processes or as computer program products. Accordingly, aspects of the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment (including firmware, resident software, micro-code, etc.) or an embodiment combining software and hardware aspects that may ail generally be referred to herein as a "circuit," “module” or “system, " Furthermore, aspects of the present invention may take the form of a computer program product embodied in one or more on -tra sitory computer readable (storage) medium(s) having computer readable program code embodied thereon.
  • An embodiment is an example or implementation of the invention.
  • the various appearances of "one embodiment,” “an embodiment” or “some embodiments” do not necessariiy ail refer to the same embodiment.
  • various features of the invention may be described in the context of a single embodiment, the features may also be provided separately or in any suitable combination. Conversely, although the invention may be described herein in the context of separate embodiments for clarity, the invention may also be implemented in a single embodiment.
  • orientation related descriptions such as “bottom”, “up”, “upper”, “down”, “lower”, “top” and the like, assumes that the associated vehicle is operationally situated.
  • Fig. 2 is a schematic diagram showing an example vehicle-identification system 100 for preventing malicious attacks over a vehicle's CAN bus from carrying out their plot, according to embodiments of the present invention.
  • Vehicle-attack-prevention system 100 includes a vehicle 110 having a CAN-bus 120, at least one teleprocessing device 130 and at least one ECU blocking device 140.
  • CAN-bus messages are transmitted by components 125 of vehicle 110 that are in communication flow with CAN-bus 120, wherein these components 125 of vehicle 110 are configured to transmit and/or read messages via CAN-bus 120.
  • a database (DB) 170b configured support teleprocessing device 130 and to store, for example, blocked ECUs related data 176b.
  • the ECU blocking device 140 is configured to receive an instruction to block messages from at least one selected ECU 125i, typically an essential ECU 125.
  • the selected ECU 125 may be preselected or provided as part of the blocking instruction.
  • the instruction to block a selected ECU 125i may be provided by teleprocessing device 130 or remotely, for example, a remote server, such as cloud- based server 150.
  • a database (DB) 170a configured a processing device 160 of cloud-based server 150, and to store, for example, blocked ECUs related data 176a.
  • Processing device 160 may operate in addition or instead of teleprocessing device 130.
  • DB 170a may be used in parallel to, or instead of DB 170b.
  • the ECU blocking device 140 is a CAN compatible device that is configured to read a message identifier 24 and optionally, at least a portion of data field 28 of CAN messages, and upon identifying that a message was transmitted by the selected ECU 125;, inverting "1.” bits to "0" and/or "0" bits to "1" to thereby forcing the message to be an erroneous CAN message.
  • replace each of at least 6 (six) consecutive bits being either a "1" or a "0" by a "0", to thereby make the message an erroneous CAN message.
  • ECU blocking device 140 may be embodied as a single unit or a number of units.
  • the CAN protocol includes a 'bit monitoring' process.
  • Each transmitter on the CAN bus monitors (i.e. reads back) the transmitted signal level. That is, the transmitter first transmits the message signal, and then reads back the transmitted signal to ensure that the read signal and the transmitted signal are the same. If the bit level the read signal differs from the one transmitted, a bit-error is signaled. However, no bit error is raised during the arbitration process.
  • the present invention takes advantage of the CAN bus 'bit monitoring' process, wherein after the initial CAN message transmission by the selected ECU 125; and before the selected ECU 125j reads back the transmitted signal (as part of the CAN bus 'bit monitoring' process), the ECU blocking device 140 intervenes in the monitoring process, by altering bits of the initially transmitted signal by the selected ECU 125t
  • the schematic flow chart 200 shown in Fig. 3 describes an embodiment process preventing malicious attacks on a vehicle' s CAN bus from carrying out their plot, by blocking CAN messages transmitted by a selected ECU 125,.
  • Process 200 proceeds as follows: Step 210: providing an ECU blocking device.
  • an ECU blocking device 140 is placed on CAN bus 120, wherein ECU blocking device 140 is a CAN compatible device, configured to read a message identifier 24.
  • Step 220 detecting a selected message prefix
  • teleprocessing device 130 While reading CAN messages, teleprocessing device 130 inspects the message identifier 24 and optionally, at least a portion of the message data field 28, of the read messages.
  • teleprocessing device 130 may decide, for example based on an instruction to ECU blocking device 140, that the ECU sending this message should be blocked. It should be noted that a legitimate command 111X60 will not be affected.
  • Step 225 checking if a read message identifier is that of the selected ECU.
  • ECU blocking device 140 check if a read message identifier 24 of the read CAN message is that of selected ECU 125;.
  • step 210 If not, go to step 210.
  • Step 230 alter identified selected message.
  • ECU blocking device 140 alters a number data bit of the identified selected message, to thereby deform the message to an erroneous CAN message, wherein the deformation takes place before the CAN message is read back by selected ECU 125i, as part of the 'bit monitoring' feature according to the CAN bus protocol .
  • bit inversion performed in step 220 must be performed in a substantially faster rate, wherein the bit inversion rate is » than the CAN bus bit transmission rate.
  • the CAN bus bit transmission rate is 1 Mbps (Mbits/see). That is, each bit-time slot is 1 us long.
  • the inversion of a bit may take between several ⁇ (nanoseconds) to several dozens ⁇ .
  • the bit inversion is embodied using a fast-enough FPGA component and a CAN transceiver.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Physics & Mathematics (AREA)
  • Mathematical Physics (AREA)
  • Computing Systems (AREA)
  • Mechanical Engineering (AREA)
  • Data Mining & Analysis (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Health & Medical Sciences (AREA)
  • Mathematical Optimization (AREA)
  • Computational Mathematics (AREA)
  • Pure & Applied Mathematics (AREA)
  • Mathematical Analysis (AREA)
  • Evolutionary Computation (AREA)
  • Artificial Intelligence (AREA)
  • Databases & Information Systems (AREA)
  • Virology (AREA)
  • Automation & Control Theory (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Algebra (AREA)
  • Computational Linguistics (AREA)
  • Small-Scale Networks (AREA)
  • Tires In General (AREA)
  • Medicines That Contain Protein Lipid Enzymes And Other Medicines (AREA)

Abstract

A system for preventing cyber security attacks over the CAN bus of a vehicle, from carrying out their plot. The system includes a teleprocessing device that is provided with the message identifier of at least one ECU to be blocked. The teleprocessing device is configured to read the message identifier of CAN messages, to thereby identify the at least one ECU to be blocked. Upon determining that the vehicle is under a cyber security attack, the ECU blocking device is activated. Upon identifying that a message was transmitted by the at least one ECU to be blocked, then during the CAN bus 'bit monitoring' process, before the at least one ECU to be blocked reads back the transmitted signal, the ECU blocking device alters one or more bits of the transmitted signal, to thereby force the message to be an erroneous CAN message.

Description

SYSTEM AND METHOD FOR PREVENTING MALICIOUS
CAN BUS ATT ACKS
FIELD OF INVENTION
The present invention i s directed to systems and processes for preventing cyber security attacks on the CAN bus of a vehicle, from carrying out their plot, and more particularly, to systems and processes for blocking messages from at least one selected ECU, either preinstailed by the OEM or installed as an aftermarket ECU, upon determining that the vehicle is under a cyber security attack. AC KGROUND AND PRIOR ART
Vehicles are commonly computerized to control a plurality of the vehicles components via the vehicle's standard bus, being a Controller Area Network (CAN) bus. The CAN-bus is a vehicle bus standard designed to allow electronic control units (ECUs) such as microcontrollers and devices to communicate with each other in applications without a host computer.
The CAN-bus a message-based protocol. Typically, an ECU is configured to transmit a message over the CAN bus that complies with the CAN-bus a message-based protocol . A CAN bus message consist of message identifier, Control, Data, CRC and ACK. Reference is made to Fig. 1 that schematically shows the fields of the message- based protocol 25 utilized by a CAN-bus 20 of vehicle 10. The CAN-bus messages 25 consist of a message identifier 24, Control 26, Data 28, CRC 30 and Ack 32, each field having a string of bits having a predesigned length.
The Message Identifier 24 defines the level of priority of the data protocol . Depending on the standard being used, the length of the frames can be in two formats: the standard format that uses an 1 1 -bits arbitration ID, and the extended format that uses a 29-bits arbitration ID, wherein SF field 22 indicates which of the two formats is used.
The Control Field 26, also known as the Check Field, displays the number of items of information contained in the data field. The Control field allows any receiver of the message to check whether the received message has all the information transferred. The Data Field 28 contains the information transmitted on the bus and that can be read by any other CAN Node, wherein each Electronic Control Units (ECUs) operatively connected to the CAN-bus is referred to as node.
The C C Field 30 is a Cyclic Redundancy Check field that contains a 15-bits cyclic redundancy check code.
The ACK Field 32, being the Acknowledge Field, allows any receiver of the transmitted message to signal to the transmitter that it has correctly received the data protocol. If an error is detected, the receiver notifies the transmitter of the error immediately. The transmitter may then resend the data protocol.
A hacker, an attacker or a potential attacker can connect his own unit to the network, send malicious messages and commands, impersonate legitimate commands of other ECUs and cause scenarios that can be used for inflicting damages, extortion, endangering human lives and properties.
There is therefore a need for means and methods for preventing cyber security attacks from carrying out their plot.
The terms "car" and "vehicle" are used herein interchangeably.
ABBREVIATIONS
Bl S A network topology in which nodes are directly connected to a
common linear (or branched) half-duplex link.
CAN Control Area Network
CRC Cyclic Redundancy Check
EC U Electronic Control Unit
ERR Error
FlexRay An automotive network communications protocol developed to
govern on-board automotive computing. It is designed to be faster and more reliable than CAN and TTP, but it is also more expensive
MSE Mean squared error
Field-Programmable Gate Array
TTP Time-Triggered Protocol, an open computer network protocol
for control systems. It was designed as a time-triggered fieldbus for vehicles and industrial applications SUMMARY OF INVENTION
The principal intentions of the present invention include providing a system for preventing on the CAN bus of a vehicle a cyber security attack on the CAN bus of a vehicle, by blocking a pre-selected ECU or blocking the attacking ECU. It is assumed that the malicious attack intends to take control of the whole vehicle or specific control function (e.g. washers control) and therefore, the objective is to neutralize a vulnerable ECU, either an original - produced and installed by the OEM (such as, with no limitations, the ECU that controls the ignition), or one that was attached later at aftermarket stage, such as, with no limitations, OBD dongle, telematics device, antitheft device, etc.
The system of present invention can be deployed in existing car architectures and does not require significant car architecture modifications.
According to the teachings of the present invention there is provided an example system for preventing cyber security attacks, over the CAN bus of a vehicle, from carrying out their plot. The system includes a teleprocessing device coupled with digital memory, and an ECU blocking device.
The digital memory holds the message identifier of at least one ECU to be blocked, wherein the message identifier includes the message identifier 24, and optionally, at least a portion of the data field 28 of a CAN message as typically used by the at least one ECU to be blocked.
The teleprocessing device is configured to read the message identifier of CAN messages, to thereby identify the at least one ECU to be blocked.
Upon determining that the vehicle is under a cyber security attack, the teleprocessing device activates the ECU blocking device to thereby facilitate blocking the at least one ECU to be blocked. Upon identifying that a message was transmitted by the at least one ECU to be blocked, then during the CAN bus 'bit monitoring' process, before the at least one ECU to be blocked reads back the transmitted signal containing the transmitted message, the ECU blocking device alters one or more bits of the transmitted signal, to thereby force the message to be an erroneous CAN message. Preferably, the altering of the one or more bits of the transmitted signal includes inverting one or more "1" bits to "0" to thereby forcing the message to be an erroneous CAN message. Preferably, the inverting of one or more "1" bits to "0" includes forming a string of at least six "0" bits in a row, to thereby forcing the message to be an erroneous CAN message.
Optionally, the altering of the one or more bits of the transmitted signal includes inverting one or more "0" bits to "1" to thereby forcing the message to be an erroneous CAN message.
Optionally, the altering of the one or more bits of the transmitted signal includes inverting one or more "1" bits to "0" and one or more "0" bits to " 1", to thereby forcing the message to be an erroneous CAN message.
The ECU blocking device may be embodied in a single unit or in a number of units.
Optionally, the system further includes a cloud-based server having a cloud- based processing device, wherein the cloud-based processing device operates at some of the operations of the teleprocessing device. Optionally, the digital memory is part of the cloud-based server.
According to further teachings of the present invention there is provided an example process for preventing cyber security attacks, over the CAN bus of a vehicle, from carrying out their plot, the process including the steps of:
a. providing a teleprocessing device;
b. providing an ECU blocking device,
c. providing at least one ECU to be blocked;
d. detecting a selected message prefix;
e. upon determining that the vehicle is under a cyber security attack, the ECU blocking device is activated to thereby facilitate blocking the at least one ECU to be blocked; and
f. upon identifying that a message was transmitted by the at least one ECU to be blocked, then during the CAN bus 'bit monitoring' process and before the at least one ECU to be blocked reads back the transmitted signal containing the transmitted message, altering one or more bits of the transmitted signal by the ECU blocking device. Preferably, the altering of the one or more bits of the transmitted signal includes inverting one or more "0" bits to "1" to thereby forcing the message to be an erroneous CAN message. Preferably, the inverting of one or more "0" bits to " 1" includes forming a string of at least six "0" bits in a row, to thereby forcing the message to be an erroneous CAN message.
Optionally, the altering of the one or more bits of the transmitted signal includes inverting one or more " 1" bits to "0" to thereby forcing the message to be an erroneous CAN message.
Optionally, the altering of the one or more bits of the transmitted signal includes inverting one or more "1" bits to "0" and one or more "0" bits to " 1", to thereby forcing the message to be an erroneous CAN message.
Optionally, the message identifier includes at least a portion of the data field of a CAN message.
Optionally, the ECU blocking device is embodied in a single unit or a in number of units.
This document reference terms that are used consistently or interchangeably herein. These terms, including variations thereof, are as follows.
A "computer" includes machines, computers and computing or computer systems (for example, physically separate locations or devices), servers, computer and computerized devices, processors, processing systems, computing cores (for example, shared devices), and similar systems, workstations, modules and combinations of the aforementioned. The aforementioned "computer" may be in various types, such as a personal computer (e.g., laptop, desktop, tablet computer), or any type of computing device, including mobile devices that can be readily transported from one location to another location (e.g., smartphone, personal digital assistant (PDA), mobile telephone or cellular telephone).
A server is typically a remote computer or remote computer system including a cloud-based computer/server, or computer program therein, in accordance with the "computer" defined above, that is accessible over a communications medium, such as a communications network or other computer network, including the Internet. A "server" provides services to, or performs functions for, other computer programs (and their users), in the same or other computers. A server may also include a virtual machine, a software-based emulation of a computer.
It should be noted that where the present invention is described in terms of the server configured to be a cloud-based server, it is given by way of example only, with no limitation, and any other type of server known in the art may be used.
Unless otherwise defined herein, all technical and/or scientific terms used herein have the same meaning as commonly understood by one of ordinary skilled in the art to which the invention pertains. Although methods and materials similar or equivalent to those described herein may be used in the practice or testing of embodiments of the invention, example methods and/or materials are described below. In case of conflict, the patent specification, including definitions, will control. In addition, the materials, methods, and examples are illustrative only and are not intended to be necessarily limiting.
BRIEF DESCRIPTION OF THE DRAWINGS
Some embodiments of the present invention are herein described, by way of example only, with reference to the accompanying drawings. With specific reference to the drawings in detail, it is stressed that the particulars shown are by way of example and for purposes of illustrative discussion of embodiments of the invention. In this regard, the description taken with the drawings makes apparent to those skilled in the art how embodiments of the invention may be practiced.
Attention is now directed to the drawings, where like reference numerals or characters indicate corresponding or like components. In the drawings:
Fig. 1 (prior art) shows the fields of the message-based protocol utilized by a CAN-bus of vehicle.
Fig. 2 is a schematic diagram showing an example vehicle-identification system for preventing malicious attacks over a vehicle's CAN bus from carrying out their plot, according to embodiments of the present invention.
Fig. 3 is a schematic flow chart diagram showing an example process for preventing malicious attacks on a vehicle's CAN bus from carrying out their plot, by blocking CAN messages transmitted by a selected ECU, according to embodiments of the present invention. DETAILED DESCRIPTION OF SOME EMBODIMENTS OF THE INVENTION
Before explaining at l east one embodiment of the invention in detail, it is to be understood that the invention is not necessarily limited in its application to the details of construction and the arrangement of the components and/or methods/processes set forth in the following description and/or illustrated in the drawings. The invention is capable of other embodiments or of being practiced or carried out in various ways.
As will be appreciated by one skilled in the art, aspects of the present invention may be embodied as a system, methods/processes or as computer program products. Accordingly, aspects of the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment (including firmware, resident software, micro-code, etc.) or an embodiment combining software and hardware aspects that may ail generally be referred to herein as a "circuit," "module" or "system, " Furthermore, aspects of the present invention may take the form of a computer program product embodied in one or more on -tra sitory computer readable (storage) medium(s) having computer readable program code embodied thereon.
An embodiment is an example or implementation of the invention. The various appearances of "one embodiment," "an embodiment" or "some embodiments" do not necessariiy ail refer to the same embodiment. Although various features of the invention may be described in the context of a single embodiment, the features may also be provided separately or in any suitable combination. Conversely, although the invention may be described herein in the context of separate embodiments for clarity, the invention may also be implemented in a single embodiment.
Reference in the specification to "one embodiment", "an embodiment", "some embodiments" or "other embodiments" means that a particular feature, structure, or characteristic described in connection with the embodiments is included in at least one embodiment, but not necessarily ail embodiments, of the invention . It is understood that the phraseology and terminology employed herein are not to be construed as limiting and are for descriptive purpose only. Throughout this document, numerous textual and graphical references may be made to trademarks, and domain names. These trademarks and domain names are the property of their respective owners, and are referenced only for explanation purposes herein.
It should be noted that orientation related descriptions such as "bottom", "up", "upper", "down", "lower", "top" and the like, assumes that the associated vehicle is operationally situated.
Fig. 2 is a schematic diagram showing an example vehicle-identification system 100 for preventing malicious attacks over a vehicle's CAN bus from carrying out their plot, according to embodiments of the present invention. Vehicle-attack-prevention system 100 includes a vehicle 110 having a CAN-bus 120, at least one teleprocessing device 130 and at least one ECU blocking device 140. It should be noted that CAN-bus messages are transmitted by components 125 of vehicle 110 that are in communication flow with CAN-bus 120, wherein these components 125 of vehicle 110 are configured to transmit and/or read messages via CAN-bus 120. Optionally, a database (DB) 170b configured support teleprocessing device 130 and to store, for example, blocked ECUs related data 176b.
The ECU blocking device 140 is configured to receive an instruction to block messages from at least one selected ECU 125i, typically an essential ECU 125. The selected ECU 125; may be preselected or provided as part of the blocking instruction. It should be noted that the instruction to block a selected ECU 125i may be provided by teleprocessing device 130 or remotely, for example, a remote server, such as cloud- based server 150. Optionally, a database (DB) 170a configured a processing device 160 of cloud-based server 150, and to store, for example, blocked ECUs related data 176a. Processing device 160 may operate in addition or instead of teleprocessing device 130. DB 170a may be used in parallel to, or instead of DB 170b. The ECU blocking device 140 is a CAN compatible device that is configured to read a message identifier 24 and optionally, at least a portion of data field 28 of CAN messages, and upon identifying that a message was transmitted by the selected ECU 125;, inverting "1." bits to "0" and/or "0" bits to "1" to thereby forcing the message to be an erroneous CAN message. Alternatively, upon identifying that the message was transmitted by the selected ECU 125i, replace each of at least 6 (six) consecutive bits, being either a "1" or a "0" by a "0", to thereby make the message an erroneous CAN message. Alternatively, upon identifying that the message was transmitted by the selected ECU 125i, replace each of at least 6 (six) consecutive bits, being either a " Γ' or a "0" by a " 1", to thereby make the message an erroneous CAN message, ECU blocking device 140 may be embodied as a single unit or a number of units.
As part of the standard CAN bus error detection mechanisms, the CAN protocol includes a 'bit monitoring' process. Each transmitter on the CAN bus monitors (i.e. reads back) the transmitted signal level. That is, the transmitter first transmits the message signal, and then reads back the transmitted signal to ensure that the read signal and the transmitted signal are the same. If the bit level the read signal differs from the one transmitted, a bit-error is signaled. However, no bit error is raised during the arbitration process.
The present invention takes advantage of the CAN bus 'bit monitoring' process, wherein after the initial CAN message transmission by the selected ECU 125; and before the selected ECU 125j reads back the transmitted signal (as part of the CAN bus 'bit monitoring' process), the ECU blocking device 140 intervenes in the monitoring process, by altering bits of the initially transmitted signal by the selected ECU 125t
The schematic flow chart 200 shown in Fig. 3 describes an embodiment process preventing malicious attacks on a vehicle' s CAN bus from carrying out their plot, by blocking CAN messages transmitted by a selected ECU 125,. Process 200 proceeds as follows: Step 210: providing an ECU blocking device.
As a preliminary step, an ECU blocking device 140 is placed on CAN bus 120, wherein ECU blocking device 140 is a CAN compatible device, configured to read a message identifier 24.
Step 220: detecting a selected message prefix,
While reading CAN messages, teleprocessing device 130 inspects the message identifier 24 and optionally, at least a portion of the message data field 28, of the read messages.
The following is a non-limiting example (non?): a message "111X60" has an ID= 1 1 1 and contains vehicle speed of 60km/h in the data field. This message is legitimate and is sent bv a legal ECU. Now an attacker wants to deceive the dashboard and sends a message 111X180, that is, having the same ID=T 1 1 and speed 180 km/h. When such a message is detected, teleprocessing device 130 may decide, for example based on an instruction to ECU blocking device 140, that the ECU sending this message should be blocked. It should be noted that a legitimate command 111X60 will not be affected.
Step 225: checking if a read message identifier is that of the selected ECU.
ECU blocking device 140 check if a read message identifier 24 of the read CAN message is that of selected ECU 125;.
If not, go to step 210.
Step 230: alter identified selected message.
It has been determined that the read message identifier of a CAN message is that of selected ECU 125t
ECU blocking device 140 alters a number data bit of the identified selected message, to thereby deform the message to an erroneous CAN message, wherein the deformation takes place before the CAN message is read back by selected ECU 125i, as part of the 'bit monitoring' feature according to the CAN bus protocol .
Go back to step 210.
[end of process 200]
It should be noted that bit inversion performed in step 220 must be performed in a substantially faster rate, wherein the bit inversion rate is » than the CAN bus bit transmission rate.
Example
In a non-limiting example, the CAN bus bit transmission rate is 1 Mbps (Mbits/see). That is, each bit-time slot is 1 us long. In such a system, the inversion of a bit may take between several ηχ (nanoseconds) to several dozens ψ. in a non-limiting example, the bit inversion is embodied using a fast-enough FPGA component and a CAN transceiver.
The invention being thus described in terms of several embodiments and examples, it will be obvious that the same may be varied in many ways. Such variations are not to be regarded as a departure from the spirit and scope of the invention, and all such modifications as would be obvious to one skilled in the art.

Claims

WHAT IS CLAIMED IS:
1. A system for preventing cyber security attacks on the CAN bus of a vehicle, the system comprising:
a. a teleprocessing device coupled with digital memory; and
b . an ECU b 1 ocking devi ce,
wherein said digital memory holds the message identifier of at least one ECU to be blocked; wherein said teleprocessing device is configured to read a message identifier of CAN messages, to thereby identify said at least one ECU to be blocked; and
wherein upon determining that the vehicle is under a cyber security attack, said teleprocessing device activates said ECU blocking device to thereby facilitate blocking said at least one ECU to be blocked, and wherein upon identifying that a message was transmitted by said at least one ECU to be blocked, then during the CAN bus 'bit monitoring' process, before said at least one ECU to be blocked reads back the transmitted signal containing said transmitted message, said ECU blocking device alters one or more bits of said transmitted signal, to thereby force the message to be an erroneous CAN message.
2. A system as in claim 1, wherein said altering of said one or more bits of said transmitted signal comprises inverting one or more "1" bits to "0" to thereby forcing the message to be an erroneous CAN message.
3. A system as in claim 2, wherein said inverting of one or more " 1" bits to "0" includes forming a string of at least six "0" bits in a row, to thereby forcing the message to be an erroneous CAN message.
4. A system as in claim 1, wherein said altering of said one or more bits of said transmitted signal comprises inverting one or more "0" bits to " 1" to thereby forcing the message to be an erroneous CAN message.
5. A system as in claim 1, wherein said altering of said one or more bits of said transmitted signal comprises inverting one or more "1" bits to "0" and one or more "0" bits to "1", to thereby forcing the message to be an erroneous CAN message.
6. A system as in claim 1, wherein said ECU blocking device is embodied in a single unit or in a number of units.
7. A system as in claim 1, wherein said message identifier includes at least a portion of the data field of a CAN message.
8. A system as in claim 7, wherein said teleprocessing device is configured to read the message identifier and said at least a portion of the data field of a CAN message, to thereby identify said at least one ECU to be blocked
9. A system as in claim 1, further comprises a cloud-based server having a cloud-based processing device, wherein said cloud-based processing device operates at some of the operations of said teleprocessing device,
10. A system as in claim 1 , wherein said digital memory is part of said cloud-based server.
11. A process for preventing cyber security attacks, over the CAN bus of a vehicle, from carrying out their plot, the process comprising the steps of:
a. providing a teleprocessing device;
b. providing an ECU blocking device;
c. providing at least one ECU to be blocked;
d. detecting a selected message prefix;
e. upon determining that the vehicle is under a cyber security attack, said ECU blocking device is activated to thereby facilitate blocking said at least one ECU to be blocked; and
f. upon identifying that a message was transmitted by said at least one ECU to be blocked, then during the CAN bus 'bit monitoring' process and before said at least one ECU to be blocked reads back the transmitted signal containing said transmitted message, altering one or more bits of said transmitted signal by said ECU blocking device.
12. A process as in claim 11, wherein said altering of said one or more bits of said transmitted signal comprises inverting one or more "1" bits to "0" to thereby forcing the message to be an erroneous CAN message.
13. A process as in claim 12, wherein said inverting of one or more " 1 " bits to "0" includes forming a string of at least six "0" bits in a row, to thereby forcing the message to be an erroneous CAN message.
14. A process as in claim 11, wherein said altering of said one or more bits of said transmitted signal comprises inverting one or more "0" bits to "1" to thereby forcing the message to be an erroneous CAN message.
15. A process as in claim 11, wherein said altering of said one or more bits of said transmitted signal comprises inverting one or more "1" bits to "0" and one or more "0" bits to "1", to thereby forcing the message to be an erroneous CAN message.
16. A process as in claim 11, wherein said identifying that a message was transmitted by- said at least one ECU to be blocked, comprises identifying the message identifier of a CAN message.
17. A process as in claim 1 1, wherein said identifying that a message was transmitted by said at least one ECU to be blocked, comprises identifying the message identifier and at least a portion of the data field of a CAN message.
18. A process as in claim 11, wherein said ECU blocking device is embodied in a single unit or in a number of units.
PCT/IL2018/050858 2017-08-02 2018-08-01 System and method for preventing malicious can bus attacks WO2019026077A1 (en)

Priority Applications (3)

Application Number Priority Date Filing Date Title
US16/618,934 US11036853B2 (en) 2017-08-02 2018-08-01 System and method for preventing malicious CAN bus attacks
CA3071776A CA3071776C (en) 2017-08-02 2018-08-01 System and method for preventing malicious can bus attacks
IL270919A IL270919B (en) 2017-08-02 2019-11-25 System and method for preventing malicious can bus attacks

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US201762540160P 2017-08-02 2017-08-02
US62/540,160 2017-08-02

Publications (1)

Publication Number Publication Date
WO2019026077A1 true WO2019026077A1 (en) 2019-02-07

Family

ID=65233544

Family Applications (2)

Application Number Title Priority Date Filing Date
PCT/IL2018/050859 WO2019026078A1 (en) 2017-08-02 2018-08-01 System and processes for detecting malicious hardware
PCT/IL2018/050858 WO2019026077A1 (en) 2017-08-02 2018-08-01 System and method for preventing malicious can bus attacks

Family Applications Before (1)

Application Number Title Priority Date Filing Date
PCT/IL2018/050859 WO2019026078A1 (en) 2017-08-02 2018-08-01 System and processes for detecting malicious hardware

Country Status (4)

Country Link
US (2) US11036853B2 (en)
CA (2) CA3071776C (en)
IL (2) IL270919B (en)
WO (2) WO2019026078A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113285924A (en) * 2021-04-23 2021-08-20 暨南大学 In-vehicle network message anomaly detection method based on gray level image deep learning

Families Citing this family (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3358800B1 (en) * 2014-01-06 2021-10-20 Argus Cyber Security Ltd Bus watchman
CA3071776C (en) * 2017-08-02 2021-08-24 Enigmatos Ltd. System and method for preventing malicious can bus attacks
RU2704720C1 (en) * 2018-10-11 2019-10-30 Общество с ограниченной ответственностью "Инжиниринговые Технологии" System and method of detecting unauthorized connected devices in a vehicle
CN110568339A (en) * 2019-08-09 2019-12-13 江苏斯菲尔电气股份有限公司 Instrument automatic testing system and method based on Internet of things
EP3809638B1 (en) * 2019-10-17 2023-05-17 Volvo Car Corporation Detecting manipulation of data on a can bus
EP4055489A2 (en) * 2019-11-08 2022-09-14 Ree Technology GmbH Autonomous vehicle interface using bus impedance to identify control units, and associated systems and methods
US11875235B2 (en) * 2020-09-17 2024-01-16 Intel Corporation Machine learning voltage fingerprinting for ground truth and controlled message error for message and ECU mapping
US12008100B2 (en) * 2021-04-19 2024-06-11 Toyota Motor North America, Inc. Transport component tamper detection based on impedance measurements
US20220012331A1 (en) * 2021-09-24 2022-01-13 Intel Corporation Re-Training Intrusion Detection Fingerprints in the Presence of an Attacker
US20230116328A1 (en) * 2021-10-07 2023-04-13 Ford Global Technologies, Llc Dynamic controller area network messaging

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150020152A1 (en) * 2012-03-29 2015-01-15 Arilou Information Security Technologies Ltd. Security system and method for protecting a vehicle electronic system
US9616828B2 (en) * 2014-01-06 2017-04-11 Argus Cyber Security Ltd. Global automotive safety system
US20170109521A1 (en) * 2014-07-10 2017-04-20 Panasonic Intellectual Property Corporation Of America Vehicle network system whose security is improved using message authentication code

Family Cites Families (32)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7663502B2 (en) * 1992-05-05 2010-02-16 Intelligent Technologies International, Inc. Asset system control arrangement and method
US5938754A (en) * 1997-11-26 1999-08-17 National Instruments Corporation Fieldbus connector including dual connectors
US6173814B1 (en) * 1999-03-04 2001-01-16 Otis Elevator Company Electronic safety system for elevators having a dual redundant safety bus
US6267219B1 (en) * 2000-08-11 2001-07-31 Otis Elevator Company Electronic safety system for escalators
US6886116B1 (en) * 2001-07-26 2005-04-26 Emc Corporation Data storage system adapted to validate error detection logic used in such system
DE10152235B4 (en) * 2001-10-20 2015-01-08 Robert Bosch Gmbh Method for detecting errors during data transmission within a CAN controller and a CAN controller for carrying out this method
US7305597B1 (en) * 2003-08-22 2007-12-04 Lsi Corporation System and method for efficiently testing a large random access memory space
JP4682878B2 (en) * 2006-03-06 2011-05-11 株式会社デンソー Electronic control unit
US8239597B2 (en) * 2008-07-18 2012-08-07 Intersil Americas Inc. Device-to-device communication bus for distributed power management
JP5283651B2 (en) * 2010-03-17 2013-09-04 日立オートモティブシステムズ株式会社 Control device for vehicle
US20140310379A1 (en) * 2013-04-15 2014-10-16 Flextronics Ap, Llc Vehicle initiated communications with third parties via virtual personality
WO2014172320A1 (en) * 2013-04-15 2014-10-23 Flextronics Ap, Llc Vehicle location-based home automation triggers
US9130984B2 (en) * 2013-05-17 2015-09-08 Cisco Technology, Inc. Network eavesdropping detection
US9288048B2 (en) * 2013-09-24 2016-03-15 The Regents Of The University Of Michigan Real-time frame authentication using ID anonymization in automotive networks
US9300427B2 (en) * 2013-09-30 2016-03-29 Broadcom Corporation Upstream scheduling in a passive optical network
CN103884980B (en) 2014-03-13 2017-02-15 工业和信息化部电子第五研究所 Hardware Trojan horse detection method and system based on supply current
EP4246893A3 (en) * 2014-04-17 2023-12-27 Panasonic Intellectual Property Corporation of America Vehicle-mounted network system, invalidity detection electronic control unit, and invalidity detection method
EP3133774B1 (en) 2014-04-17 2020-11-25 Panasonic Intellectual Property Corporation of America Vehicle-mounted network system, abnormality detection electronic control unit and abnormality detection method
CN111181732B (en) 2014-05-08 2024-10-01 松下电器(美国)知识产权公司 Vehicle-mounted network system, electronic control unit and abnormal detection method
US9703955B2 (en) * 2014-07-17 2017-07-11 VisualThreat Inc. System and method for detecting OBD-II CAN BUS message attacks
JP5957772B2 (en) * 2014-11-13 2016-07-27 パナソニックIpマネジメント株式会社 Device control apparatus and demand response method
CN104950247B (en) * 2015-06-11 2018-04-27 工业和信息化部电子第五研究所 Hardware Trojan horse detection method and system based on more source currents
CN104951698B (en) * 2015-06-24 2018-03-02 中国电子科技集团公司第五十八研究所 The circuit safety design for Measurability method of inactive hardware Trojan horse and the detection method to hardware Trojan horse can be detected
CN105046153B (en) * 2015-07-31 2018-06-15 中国人民解放军国防科学技术大学 Hardware Trojan horse detection method based on few state point analysis
US10250689B2 (en) * 2015-08-25 2019-04-02 Robert Bosch Gmbh Security monitor for a vehicle
CN105158674B (en) * 2015-08-27 2018-07-20 工业和信息化部电子第五研究所 Utilize the hardware Trojan horse detection method and system of ghost effect
US10142358B1 (en) * 2016-02-29 2018-11-27 Symantec Corporation System and method for identifying an invalid packet on a controller area network (CAN) bus
US10599840B2 (en) * 2016-07-21 2020-03-24 Ramot At Tel Aviv University Ltd. Anti-spoofing defense system for a can bus
US10404709B2 (en) * 2017-02-09 2019-09-03 Fca Us Llc Security gateway module for on-board diagnostics port of a vehicle
CA3071776C (en) * 2017-08-02 2021-08-24 Enigmatos Ltd. System and method for preventing malicious can bus attacks
WO2019046478A1 (en) * 2017-08-29 2019-03-07 Walmart Apollo, Llc System and method for collaborative sharing of database information
US10868817B2 (en) * 2018-07-03 2020-12-15 Intel Corporation Systems and methods for neutralizing masquerading attacks in vehicle control systems

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150020152A1 (en) * 2012-03-29 2015-01-15 Arilou Information Security Technologies Ltd. Security system and method for protecting a vehicle electronic system
US9616828B2 (en) * 2014-01-06 2017-04-11 Argus Cyber Security Ltd. Global automotive safety system
US20170109521A1 (en) * 2014-07-10 2017-04-20 Panasonic Intellectual Property Corporation Of America Vehicle network system whose security is improved using message authentication code

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113285924A (en) * 2021-04-23 2021-08-20 暨南大学 In-vehicle network message anomaly detection method based on gray level image deep learning
CN113285924B (en) * 2021-04-23 2022-02-22 暨南大学 In-vehicle network message anomaly detection method based on gray level image deep learning

Also Published As

Publication number Publication date
IL271081A (en) 2020-01-30
IL271081B (en) 2020-04-30
CA3071776A1 (en) 2019-02-07
US20200380131A1 (en) 2020-12-03
CA3071808C (en) 2020-11-24
WO2019026078A1 (en) 2019-02-07
US11036853B2 (en) 2021-06-15
IL270919B (en) 2020-03-31
CA3071808A1 (en) 2019-02-07
US11068590B2 (en) 2021-07-20
IL270919A (en) 2020-01-30
US20200143049A1 (en) 2020-05-07
CA3071776C (en) 2021-08-24

Similar Documents

Publication Publication Date Title
CA3071776C (en) System and method for preventing malicious can bus attacks
US11663330B2 (en) Systems and methods for disabling a malicious ECU in a controller area network (CAN) bus
US20210312043A1 (en) Vehicle communications bus data security
Carsten et al. In-vehicle networks: Attacks, vulnerabilities, and proposed solutions
CN111448787B (en) System and method for providing a secure in-vehicle network
US9231936B1 (en) Control area network authentication
CN108353015B (en) Relay device
US20160197944A1 (en) Controller area network bus monitor
JP7182559B2 (en) Log output method, log output device and program
US10652256B2 (en) Real-time active threat validation mechanism for vehicle computer systems
JP2019194830A (en) System and method of generating rules for blocking computer attack on vehicle
US20200183373A1 (en) Method for detecting anomalies in controller area network of vehicle and apparatus for the same
US11048828B2 (en) Message source detection in a vehicle bus system
JP2019194831A (en) System and method of blocking computer attack on transportation means
JP2018045392A (en) Network monitoring device, network system and program
US9894081B2 (en) Method and device for avoiding manipulation of a data transmission
CN109104352B (en) Vehicle network operation protocol and method
CN112347022B (en) Security module for CAN nodes
RU2016117388A (en) METHOD, SYSTEM AND COMPUTER SOFTWARE PRODUCT FOR PREVENTING SPOUPING IN A CAR NETWORK
JP7255710B2 (en) Attack monitoring center device and attack monitoring terminal device
CN110832809B (en) Detection device, detection method, and non-transitory computer-readable storage medium
KR102373922B1 (en) Method for detecting an attack on the vehicle's control unit
KR102204656B1 (en) A mitigation system against message flooding attacks for secure controller area network by predicting transfer delay of normal can message
KR101612825B1 (en) Can controller, gateway for internal vehicle communication and control method the same
JP2017050719A (en) On-vehicle network system

Legal Events

Date Code Title Description
DPE2 Request for preliminary examination filed before expiration of 19th month from priority date (pct application filed from 20040101)
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18842215

Country of ref document: EP

Kind code of ref document: A1

ENP Entry into the national phase

Ref document number: 3071776

Country of ref document: CA

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 18842215

Country of ref document: EP

Kind code of ref document: A1