Intrusion Detection System Defends Vehicles Against Cyberattacks
This article appeared in Machine Design and has been published here with permission.
When a group of researchers issued early warning that they could remotely hack specific Ford and Toyota vehicles back in 2011, the automotive manufacturers responded with skepticism. There was no way hackers could launch remote attacks on their vehicles unless they had physical access to the vehicles, they clapped back.
It took a few more experiments, but the researchers responded with a paper in 2015 that outlined how a remote attack against an unaltered 2014 Jeep Cherokee resulted in physical control of some aspects of the vehicle’s communications systems. That paper demonstrated remote attacks can be staged against many Fiat-Chrysler vehicles, and subsequently led to a mass recall of 1.4 million vulnerable vehicles.
The rate of technological advancement in vehicles makes research into intrusion detection a burgeoning area of automotive cybersecurity research. It’s an area of focus for Southwest Research Institute, which has now developed an innovative technology that uses digital fingerprinting and algorithms to identify anomalies in communications across automotive systems and components.
The intrusion detection system (IDS) was designed to protect military ground vehicles against cyberthreats to embedded systems and connected vehicle networks, noted SwRI engineers, who are collaborating with the U.S. Army Ground Vehicle Systems Center (GVSC) Ground System Cyber Engineering (GSCE).
Military, passenger, and commercial vehicles use the standard Controller Area Network (CAN) bus protocol to enable communications across various nodes or electronic control units (ECUs).
CAN protocols allow microcontrollers and devices to communicate with other applications without a host computer. For example, it informs a dashboard display when a sensor detects low oil pressure or when headlights have been activated, but also relays operational communications for systems such as the transmission and other critical automotive technology, noted the researchers.
Automakers have relied on the CAN protocol as a reliable platform for transmitting information since 1986. Its shortcoming, however, is that it was not designed with cybersecurity in mind.
There are many ways in which hackers may gain control of a vehicle. From cyber physical features (adaptive cruise control, lane departure warnings, park assist systems) to remote keyless entry, Bluetooth, Wi-Fi and radio data systems, connectivity with external networks have expanded exponentially.
“A cyberattack could potentially send erroneous information across the CAN protocol to alter or impede a vehicle’s operations,” said Jonathan Wolford, an SwRI engineer who co-authored a paper on the subject. “An attack on several connected vehicles could have disastrous effects.”
SwRI researchers report they’ve developed algorithms that can now digitally fingerprint messages on nodes that transmit information through the CAN bus protocol. Digital fingerprinting allows an intrusion detection system to identify when an unknown or invalid node or computer is connected to the vehicle network.
They explained that algorithms use the CAN transceiver’s message transmission to track low-level physical layer characteristics to create these digital fingerprints. Examples of such characteristics are minimum and maximum voltages and the voltage transition rates for each CAN frame.
The researchers further explained how they built fingerprint nodes. They trained the system with baseline data as a way to understand characteristics and better identify anomalies. Digital fingerprinting provides a method for accurately identifying messages sent from unauthorized nodes or when a valid node is sending spurious messages, indicative of a “masquerade attack,” they said. Once the system was trained, the engineers injected false data. The algorithms flagged the invasive data instantly. The system is capable of both identifying threats and defending against them, noted the researchers.
“These attacks are theoretically easier for bad actors who have physical access to a vehicle, but vehicles are also vulnerable from wireless attacks,” said Peter Moldenhauer, an SwRI engineer who co-authored the research. “Our system is designed to build cyber resiliency into the CAN protocol as we move to more connected and automated vehicle networks.”
The IDS system is applicable to military, passenger and commercial vehicles.
The research team won Best Paper Award for the Cyber Technical Session at the 2021 Ground Vehicle Systems Engineering & Technology Symposium (GVSETS) conference. The paper is titled, “Cyberattack Defense through Digital Fingerprinting, Detection Algorithms, and Bus Segmentation in Ground Vehicles.” More information can be found here.