short-paper

Automobile ECU Design to Avoid Data Tampering

Authors:

Richard R. Brooks,

Seok Bae YunAuthors Info & Claims

CISR '15: Proceedings of the 10th Annual Cyber and Information Security Research Conference

Article No.: 10, Pages 1 - 4

https://doi.org/10.1145/2746266.2746276

Published: 07 April 2015 Publication History

Abstract

Modern embedded vehicle systems are based on network architectures. Vulnerabilities from in-vehicle communications are significant. Privacy and security measures are required for vehicular Electronic Control Units (ECUs). We present a security vulnerability analysis, which shows that the vulnerability mainly lies in the ubiquitous on-board diagnostics II (OBD-II) interface and the memory configuration within ECU. Countermeasures using obfuscation and encryption techniques are introduced to protect ECUs from data sniffing and code tampering. A security scheme of deploying lures that look like ECU vulnerabilities to deceive lurking intruders into installing rootkits is proposed. We show that the interactions between the attacker and the system can be modeled as a Markov decision process (MDP).

References

[1]

Karl Koscher, Czeskis Alexei, Franziska, Roesner, Shwetak Patel, and Tadayoshi Kohno. Experimental security analysis of a modern automobile. pages 447--462, 2010.

Digital Library

[2]

Andre Weimerskirch. Security considerations for connected vehicles. SAE Government/Industry Meeting, 2012.

[3]

GM Annual Report. 2013.

[4]

Kyusuk H., Swapna D. Potluri, and K.G. Shinh. On authentication in a connected vehicle: secure integration of mobile devices with vehicular networks. 2013 ACM/IEEE International Conference on Cyber-Physical Systems (ICCPS), pages 160--169, 2013.

Digital Library

[5]

An approach to using honeypots in in-vehicle networks. 2008 IEEE 68th Vehicular Technology Conference, pages 1--5, 2008.

[6]

D. K. Nilsson and U. E. Larson. Conducting forensic investigations of cyber attacks on automobile in-vehicle networks. eforensics, 2008.

Digital Library

[7]

Marko Wolf, AndrÃl' Weimerskirch, and Christof Paar. Secure in-vehicle communication. Embedded Security in Cars, Elsevier, 2006.

[8]

Das Sajal K., Kant Krishna, and Zhang Nan. Handbook on Securing Cyber-Physical Critical Infrastructure. Elsevier, 2012.

Digital Library

[9]

John D. Howard and Thomas A. Longstaff. A common language for computer security incidents. Sandia Report, SAND98-8867, 1998.

[10]

Tobias Hoppe, Stefan Kiltz, and Dittmann Jana. Automotive it-security as a challenge: Basic attacks from the black box perspective on the example of privacy threats. SAFECOMP, LNCS 5775, pages 145--158, 2009.

Digital Library

[11]

Ishtiaq Roufa, Rob Millerb, Hossen Mustafaa, Travis Taylora, Sangho Ohb, Wenyuan Xua, Marco Gruteserb, Wade Trappeb, and Ivan Seskarba. Security and privacy vulnerabilities of in-car wireless networks: a tire pressure monitoring system case study. 19th USENIX Security Symposium, 2010.

Digital Library

[12]

A. M. Wyglinski, Xinming Huang, T. Padir, T.R. Eisenbarth, and Lifeng Lai. Security of autonomous systems employing embedded computing and sensors. IEEE Computer Society, 33, 2013.

Digital Library

[13]

Stephen Checkoway, Damon McCoy, Brian Kantor, Danny Anderson, Hovav Shacham, and Stefan Savage. Comprehensive experimental analyses of automotive attack surfaces. USENIX Security, 2011.

Digital Library

[14]

CuteSoft Components Inc. Javascript obfuscator, 2015.

[15]

Microsoft. Dotfuscator community edition 4.0, 2015.

[16]

Greg Hoglund and James Butler. Rootkits: Subverting the Windows Kernel. Addison-Wesley Professional, 2006.

Digital Library

[17]

Jonathan Rose. Turning the tables: Loadable kernel module rootkits deployed in a honeypot environment. SANS Institute InfoSec Reading Room, 2003.

[18]

Windows rootkit overview. Symantec, 2006.

[19]

Jerzy Filar and Koos Vrieze. Competitive Markov Decision Processes. Springer, 1996.

[20]

Cve -- common vulnerabilities and exposures. MITRE Corporation, http://cve.mitre.org/.

[21]

Common vulnerability scoring system. http://www.first.org/cvss.

[22]

E. Perla and M. Oldani. PART III, Remote Kernel Exploitation in A Guide to Kernel Exploitation: Attacking the Core. Syngress, Amsterdam, NL, 2011.

Digital Library

Cited By

K. PG. AV. HV. T(2024)Advancing Road Safety through Cloud Based RSU Solutions for Smart Internet of VehiclesJournal of ISMAC10.36548/jismac.2024.2.0086:2(176-187)Online publication date: Jun-2024
https://doi.org/10.36548/jismac.2024.2.008
Jin SSeo DKim YKim YWoo SChung J(2024)Single-Frame-Based Data Compression for CAN SecurityInformation10.3390/info1503013215:3(132)Online publication date: 28-Feb-2024
https://doi.org/10.3390/info15030132
Shirvani SBaseri YGhorbani A(2024)Evaluation Framework for Electric Vehicle Security Risk AssessmentIEEE Transactions on Intelligent Transportation Systems10.1109/TITS.2023.330766025:1(33-56)Online publication date: Jan-2024
https://doi.org/10.1109/TITS.2023.3307660
Show More Cited By

Index Terms

Automobile ECU Design to Avoid Data Tampering
1. Hardware
  1. Communication hardware, interfaces and storage
2. Networks

Recommendations

VitroBench: Manipulating in-vehicle networks and COTS ECUs on your bench
Abstract
With the increasing connectivity employed in automotive systems, remote cyber attacks have now become a possibility and concrete threat. Prior works on automotive cyber security solutions have primarily focused evaluation either on real cars or ...
Load Balancing in Multi ECU Configuration
ARTCOM '09: Proceedings of the 2009 International Conference on Advances in Recent Technologies in Communication and Computing

Electronic Control Units (ECUs) are widely used to improve the comfort and reliability of vehicles. It has become the fundamental building block of any automotive subsystem and is interfaced with electro mechanics counterpart. To meet the system wide ...
Load Balancing towards ECU Integration
ARTCOM '09: Proceedings of the 2009 International Conference on Advances in Recent Technologies in Communication and Computing

There has been an exponential increase in the number of electronic components embedded in vehicles. Development processes, techniques and tools have changed to accommodate that evaluation. A wide range of electronic functions such as navigation, ...

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

CISR '15: Proceedings of the 10th Annual Cyber and Information Security Research Conference

April 2015

99 pages

ISBN:9781450333450

DOI:10.1145/2746266

General Chairs:
Joseph P. Trien
Oak Ridge National Laboratory
,
Stacy J. Prowell
Oak Ridge National Laboratory
,
Program Chair:
Robert A. Bridges
Oak Ridge National Laboratory
,
Publications Chair:
John R. Goodall
Oak Ridge National Laboratory

Copyright © 2015 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

In-Cooperation

Oak Ridge National Laboratory

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 07 April 2015

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Short-paper
Research
Refereed limited

Conference

CISR '15

CISR '15: 10th Annual Cyber and Information Security Research Conference

April 7 - 9, 2015

TN, Oak Ridge, USA

Acceptance Rates

CISR '15 Paper Acceptance Rate 18 of 36 submissions, 50%;

Overall Acceptance Rate 69 of 136 submissions, 51%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

25
Total Citations
View Citations
649
Total Downloads

Downloads (Last 12 months)57
Downloads (Last 6 weeks)5

Reflects downloads up to 04 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

K. PG. AV. HV. T(2024)Advancing Road Safety through Cloud Based RSU Solutions for Smart Internet of VehiclesJournal of ISMAC10.36548/jismac.2024.2.0086:2(176-187)Online publication date: Jun-2024
https://doi.org/10.36548/jismac.2024.2.008
Jin SSeo DKim YKim YWoo SChung J(2024)Single-Frame-Based Data Compression for CAN SecurityInformation10.3390/info1503013215:3(132)Online publication date: 28-Feb-2024
https://doi.org/10.3390/info15030132
Shirvani SBaseri YGhorbani A(2024)Evaluation Framework for Electric Vehicle Security Risk AssessmentIEEE Transactions on Intelligent Transportation Systems10.1109/TITS.2023.330766025:1(33-56)Online publication date: Jan-2024
https://doi.org/10.1109/TITS.2023.3307660
Qin HTan YChen YRen WChoo K(2024)TriBoDeS: A Tri-Blockchain-Based Detection and Sharing Scheme for Dangerous Road Condition Information in Internet of VehiclesIEEE Internet of Things Journal10.1109/JIOT.2023.329725911:2(3563-3577)Online publication date: 15-Jan-2024
https://doi.org/10.1109/JIOT.2023.3297259
Piao JJin SSeo DWoo SChung J(2023)MAC-Based Compression Ratio Improvement for CAN SecurityApplied Sciences10.3390/app1304265413:4(2654)Online publication date: 18-Feb-2023
https://doi.org/10.3390/app13042654
Han JJu ZChen XYang MZhang HHuai R(2023)Secure Operations of Connected and Autonomous VehiclesIEEE Transactions on Intelligent Vehicles10.1109/TIV.2023.33047628:11(4484-4497)Online publication date: Nov-2023
https://doi.org/10.1109/TIV.2023.3304762
Bendiab GHameurlaine AGermanos GKolokotronis NShiaeles S(2023)Autonomous Vehicles Security: Challenges and Solutions Using Blockchain and Artificial IntelligenceIEEE Transactions on Intelligent Transportation Systems10.1109/TITS.2023.323627424:4(3614-3637)Online publication date: Apr-2023
https://doi.org/10.1109/TITS.2023.3236274
Jo HChoi W(2022)A Survey of Attacks on Controller Area Networks and Corresponding CountermeasuresIEEE Transactions on Intelligent Transportation Systems10.1109/TITS.2021.307874023:7(6123-6141)Online publication date: Jul-2022
https://doi.org/10.1109/TITS.2021.3078740
Gao CWang GShi WWang ZChen Y(2022)Autonomous Driving Security: State of the Art and ChallengesIEEE Internet of Things Journal10.1109/JIOT.2021.31300549:10(7572-7595)Online publication date: 15-May-2022
https://doi.org/10.1109/JIOT.2021.3130054
EL Madani SMotahhir SEL Ghzizal A(2022)Internet of vehicles: concept, process, security aspects and solutionsMultimedia Tools and Applications10.1007/s11042-022-12386-181:12(16563-16587)Online publication date: 1-May-2022
https://dl.acm.org/doi/10.1007/s11042-022-12386-1
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents