Presentation is loading. Please wait.

Presentation is loading. Please wait.

Connected and Autonomous Vehicle Cybersecurity Controller Area Network

Published byAri Sonny Gunardi Modified over 6 years ago

Similar presentations

Presentation on theme: "Connected and Autonomous Vehicle Cybersecurity Controller Area Network"— Presentation transcript:

1 Connected and Autonomous Vehicle Cybersecurity Controller Area Network
Brooks Beffa Dr. Lingfeng Wang ECU = Electronic Control Unit CAN = Controller Area Network OBD = On-Board Diagnostics Port VSN = Vehicle Sensor Network RSU = Roadside Unit Definitions Objectives Solution CAN Security Scheme Most vulnerable interfaces are part of the Infotainment system. These devices should be separated from safety-critical features by the security module. Additionally, a two-phase encryption scheme is implemented (1). ECU Authentication (Public Key): Upon startup, the Security Module (SM) broadcasts its certificate fSM and Public Key KSM+ across the network. Each ECU on the network should verify SM’s authenticity using fSM before responding with a registration message. The registration message for node n includes its certificate fn and a symmetric key kn to be used during Stream Authorization. All registration messages are encrypted with KSM+. The Security Module decrypts registration messages with its Private Key KSM- and saves kn for each ECU with a valid certificate. Stream Authorization (Symmetric Key): During operation, CAN messages are authorized using lightweight Symmetric Key Encryption. When ECU n wants to transmit a message, it must first request stream access. If the Security Module recognizes n as an authentic ECU, it provides a symmetric key kn to the source ECU, as well as all intended destinations. ECU n will encrypt its message with kn and transmit the stream. Now only the message’s intended destinations have kn and may decrypt the message. VSN Security Scheme Registration: In order to prevent an infinite number of malicious nodes form freely accessing the VSN, each user must register with valid identification such as Driver’s License/SSN, before being issued a smart card which enables access to the network. Login: When a valid user wishes to access a VSN, they must first login with their smart card and credentials. The user is then issued a Public Key Ku+ and Private Key Ku- to encrypt, decrypt, and sign messages with. Management: Road-Side Units (RSU’s) act as the computation hubs of a VSN. RSU’s are responsible for validating users, distributing keys, collecting information, and authenticating messages. Batch message authentication may be used to improve performance. To authenticate a message, its signature must be checked against the list of valid users. If a batch contains any illegitimate signatures, the batch is rejected (2). Removing Attackers: A Black Hole Attacker, for example, is one who always claims to have the freshest route to a destination, but drops packets instead of routing them. This can be detected by sending a ping to the intended destination. If no valid response is received, the node claiming to have a route can be reporting as suspicious. The RSU will then issue a fake route request to the suspicious node as bait, as seen in figure three. If the suspicious node responds to the fake request, it will be considered malicious and removed from the network (3). As modern vehicles continue to implement increasing levels of autonomy, their security becomes more important than ever. In addition to increasing levels of internal autonomy, modern vehicles are becoming increasingly connected, forming robust networks of vehicles and sensors. As many researchers continue to point out, the cybersecurity of these advanced systems needs to be a primary focus in order to ensure road safety. The aims of this research are twofold: Analyze current cyber-physical systems for vulnerabilities. Find emerging defense, detection, and mitigation techniques for the cyber threats that modern and next-generation systems face. Controller Area Network The Controller Area Network (CAN) has been the automotive standard for connecting Electronic Control Units (ECU’s) for more than 25 years. Connects all ECU’s within the vehicle through a common bus Broadcast Nature allows every node to see all transmitted messages Message Priority field determines order of transmission Fault-Tolerant, Unencrypted, 1Mbps transfer rate Entry Points Bluetooth and Wi-Fi connections CD Media Player On-Board Diagnostics Port Potential Attacks Priority Flooding (Availability) Suppress Target Node (Availability) Modify Target Message (Integrity) Fig. 2 – Controller Area Network (CAN) implementing Security Module for encryption and separation of Infotainment system from Safety-Critical features. Fig. 3 – Vehicular Sensor Network (VSN) consisting of two Roadside Units (RSU’s), four legitimate (black) vehicle nodes, and one malicious (red) vehicle node. Fig. 1 – Simple CAN bus with one malicious (red) node Vehicular Sensor Network A Vehicular Sensor Network (VSN) represents the interconnectivity of smart vehicles and the infrastructure supporting them. VSN’s support Vehicle-to-Vehicle (V2V) and Vehicle-to-Infrastructure (V2I) communication to share information on road and traffic conditions. Integrity of this information is vital in order to prevent traffic congestion and vehicle collisions. Communication Protocols Dedicated Short-Range Communication (DSRC) Wireless Access in Vehicular Environment (WAVE) Ad-hoc On-demand Distance Vector (AODV) Vulnerabilities Malicious vehicles can provide false information (Integrity) Black Hole attackers may interrupt data transmission (Availability) Encryption Symmetric Key Encryption: Each pair of nodes shares a secret key value. This shared key is used to both encrypt and decrypt messages between two nodes. For a network of n nodes, the total number of keys needed is n (n-1) / 2. Public Key Encryption: In a public key system, each node n has a public key Kn+ and a private key Kn-. Public key Kn+ is used by other nodes to encrypt a message destined to node n. Then, n uses its private key Kn to decrypt the messages. Private keys are also used for message signatures. Bibliography Mundhenk, Philipp & Steinhorst, Sebastian & Lukasiewycz, Martin & Fahmy, Suhaib & Chakraborty, Samarjit. (2015). Lightweight Authentication for Secure Automotive Networks /DATE Li, Congcong & Zhang, Xi & Wang, Haiping & Li, Dongfeng. (2018). An Enhanced Secure Identity-Based Certificateless Public Key Authentication Scheme for Vehicular Sensor Networks. Sensors /s S. S. Albouq and E. M. Fredericks, "Lightweight Detection and Isolation of Black Hole Attacks in Connected Vehicles," 2017 IEEE 37th International Conference on Distributed Computing Systems Workshops (ICDCSW), Atlanta, GA, 2017, pp doi: /ICDCSW

Download ppt "Connected and Autonomous Vehicle Cybersecurity Controller Area Network"

Similar presentations

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, 2010. ICWCSC 2010. International.

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.
 Introduction  Benefits of VANET  Different types of attacks and threats  Requirements and challenges  Security Architecture  Vehicular PKI.

 Introduction  Benefits of VANET  Different types of attacks and threats  Requirements and challenges  Security Architecture  Vehicular PKI.
A Survey of Secure Wireless Ad Hoc Routing

A Survey of Secure Wireless Ad Hoc Routing
Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)

Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)
overview Motivation Ongoing research on VANETs Introduction Objectives Applications Possible attacks Conclusion.

overview Motivation Ongoing research on VANETs Introduction Objectives Applications Possible attacks Conclusion.
Wireless Security In wireless networks. Security and Assurance - Goals Integrity Modified only in acceptable ways Modified only by authorized people Modified.

Wireless Security In wireless networks. Security and Assurance - Goals Integrity Modified only in acceptable ways Modified only by authorized people Modified.
بسم الله الرحمن الرحيم NETWORK SECURITY Done By: Saad Al-Shahrani Saeed Al-Smazarkah May 2006.

بسم الله الرحمن الرحيم NETWORK SECURITY Done By: Saad Al-Shahrani Saeed Al-Smazarkah May 2006.
Wireless Sensor Network Security Anuj Nagar CS 590.

Wireless Sensor Network Security Anuj Nagar CS 590.
A Lightweight Hop-by-Hop Authentication Protocol For Ad- Hoc Networks Speaker: Hsien-Pang Tsai Teacher: Kai-Wei Ke Date:2005/01/20.

A Lightweight Hop-by-Hop Authentication Protocol For Ad- Hoc Networks Speaker: Hsien-Pang Tsai Teacher: Kai-Wei Ke Date:2005/01/20.
Mobile IP: Introduction Reference: “Mobile networking through Mobile IP”; Perkins, C.E.; IEEE Internet Computing, Volume: 2 Issue: 1, Jan.- Feb. 1998;

Mobile IP: Introduction Reference: “Mobile networking through Mobile IP”; Perkins, C.E.; IEEE Internet Computing, Volume: 2 Issue: 1, Jan.- Feb. 1998;
MOBILE AD-HOC NETWORK(MANET) SECURITY VAMSI KRISHNA KANURI NAGA SWETHA DASARI RESHMA ARAVAPALLI.

MOBILE AD-HOC NETWORK(MANET) SECURITY VAMSI KRISHNA KANURI NAGA SWETHA DASARI RESHMA ARAVAPALLI.
1 Chapter 9 E- Security. Main security risks 2 (a) Transaction or credit card details stolen in transit. (b) Customer’s credit card details stolen from.

1 Chapter 9 E- Security. Main security risks 2 (a) Transaction or credit card details stolen in transit. (b) Customer’s credit card details stolen from.
An efficient secure distributed anonymous routing protocol for mobile and wireless ad hoc networks Authors: A. Boukerche, K. El-Khatib, L. Xu, L. Korba.

An efficient secure distributed anonymous routing protocol for mobile and wireless ad hoc networks Authors: A. Boukerche, K. El-Khatib, L. Xu, L. Korba.
Presented by: Nandhitha.M Under the guidance of: Mrs. Suma. R Associate profesor and Hod Dept of Computer Science and Engineering.

Presented by: Nandhitha.M Under the guidance of: Mrs. Suma. R Associate profesor and Hod Dept of Computer Science and Engineering.
A Security-Aware Routing Protocol for Wireless Ad Hoc Networks

A Security-Aware Routing Protocol for Wireless Ad Hoc Networks
Chapter 37 Network Security. Aspects of Security data integrity – data received should be same as data sent data availability – data should be accessible.

Chapter 37 Network Security. Aspects of Security data integrity – data received should be same as data sent data availability – data should be accessible.
10. Key Management. Contents Key Management  Public-key distribution  Secret-key distribution via public-key cryptography.

10. Key Management. Contents Key Management  Public-key distribution  Secret-key distribution via public-key cryptography.
Rushing Attacks and Defense in Wireless Ad Hoc Network Routing Protocols ► Acts as denial of service by disrupting the flow of data between a source and.

Rushing Attacks and Defense in Wireless Ad Hoc Network Routing Protocols ► Acts as denial of service by disrupting the flow of data between a source and.
INTRADE (INTELLIGENT TRANSPORTATION FOR DYNAMIC ENVIRONMENT) PROJECT. FINAL WORKSHOP 4 & 5 DECEMBER 2014 Nacera Bahnes, Bouabdellah Kechar, Hafid Haffaf.

INTRADE (INTELLIGENT TRANSPORTATION FOR DYNAMIC ENVIRONMENT) PROJECT. FINAL WORKSHOP 4 & 5 DECEMBER 2014 Nacera Bahnes, Bouabdellah Kechar, Hafid Haffaf.
Secure Communication between Set-top Box and Smart Card in DTV Broadcasting Authors: T. Jiang, Y. Hou and S. Zheng Source: IEEE Transactions on Consumer.

Secure Communication between Set-top Box and Smart Card in DTV Broadcasting Authors: T. Jiang, Y. Hou and S. Zheng Source: IEEE Transactions on Consumer.

Similar presentations

Ads by Google