CPS: Breakthrough: Collaborative Research: Track and Fallback: Intrusion Detection to Counteract Carjack Hacks with Fail-Operational Feedback
This research has been supported by the National Science Foundation, grants CNS-1646317 and CNS-1645987. .
Automotive vehicle cybersecurity becomes more important as automobiles become more connected and intelligent. The security of every vehicle on the road is necessary to ensure the safety of every person on or near roadways, whether a motorist, bicyclist, or pedestrian. Features such as infotainment, telematics, and driver assistance disrupt the automotive market and greatly increase the complexity of vehicles: top-of-the-line cars contain over 200 computers and 100 million lines of software code. With rising complexity comes rising costs to ensure safety and security. A live demonstration has shown that a stock commercial vehicle can be remotely carjacked by hacking its infotainment system and propagating commands through to the control system. Thus, the objective of this project is to protect in-vehicle networks from remote cyber attacks. The method of protection is a distributed in-vehicle network intrusion detection system (IDS) using information flow tracking and sensor data provenance in the cyber domain with novel approaches to address the physical uncertainty and time constraints of an automotive control system. When an intrusion is detected, the IDS triggers a fail-operational mode change to provide graceful degradation of service and initiate recovery without compromising human safety.
The proposed approach differentiates from the state-of-the-art in general-purpose IDSs, as it considers other factors that are heavily influenced by the physical world: real-time latency, spatial sensitivity, mixed-criticality, operational mode changes, fail-safe and fail-operational security countermeasures, and the probabilistic nature of intrusion detection classifiers especially with respect to false positives. These factors lead to novel IDS designs and algorithms that could transform the field of CPS security. The proposed research will be validated with actual vehicle test beds, greatly enhancing the ability to detect, mitigate, and recover from remote carjacking cyber attacks.
Joseph Zambreno, Professor of Electrical Computer and Engineering, PI for this research at Iowa State University.
Gedare Bloom, Assistant Professor of Computer Science, PI for this research at the University of Colorado, Colorado Springs.
Clinton Young, Habeeb Olufowobi, Ebelechukwu Nwafor, Eric Muhati, and Mark Stidd have contributed to this research as graduate Research Assistants.
Bijan Choobineh, Spencer Goodwin, Jordan Svoboda, Kyung-Tae Kim, Saurav Aryal, David Hill Jr., Andre Campbell, Gaylon Robinson, Seamus Downey, and John Henry Clark have contributed as a undergraduate Research Assistants.
- G. Bloom, WeepingCAN: A Stealthy CAN Bus-off Attack, Workshop on Automotive and Autonomous Vehicle Security, February 2021.
- U. Ezeobi, H. Olufowobi, C. Young, J. Zambreno and G. Bloom, Reverse Engineering Controller Area Network Messages using Unsupervised Machine Learning, IEEE Consumer Electronics Magazine, September, 2020.
- H. Olufowobi, C. Young, J. Zambreno and G. Bloom, SAIDuCANT: Specification-based Automotive Intrusion Detection using Controller Area Network (CAN) Timing, IEEE Transactions on Vehicular Technology, vol. 69, issue 2, February, 2020.
- C. Young, J. Svoboda and J. Zambreno, Towards Reverse Engineering Controller Area Network Messages Using Machine Learning, Proceedings of the IEEE World Forum on Internet of Things (WF-IoT), April, 2020.
- C. Young, H. Olufowobi, G. Bloom and J. Zambreno, Survey of Automotive Controller Area Network Intrusion Detection Systems, IEEE Design and Test, vol. 36, issue 6, December, 2019.
- H. Olufowobi, U. Ezeobi, E. Muhati, G. Robinson, C. Young, J. Zambreno and G. Bloom, Anomaly Detection Approach Using Adaptive Cumulative Sum Algorithm for Controller Area Network, Proceedings of the ACM Workshop on Automotive Cybersecurity (AutoSec), March, 2019.
- C. Young, H. Olufowobi, G. Bloom and J. Zambreno, Automotive Intrusion Detection Based on Constant CAN Message Frequencies Across Vehicle Driving Modes, Proceedings of the ACM Workshop on Automotive Cybersecurity (AutoSec), March, 2019.
- G. Bloom, B. Alsulami, E. Nwafor, I. Bertolotti, Design Patterns for the Industrial Internet-of-Things, Proceedings of the IEEE International Workshop on Factory Communication Systems (WFCS), June, 2018.
- G. Bloom, J. Sherrill, G. Gilliland, Aligning Deos and RTEMS with the FACE safety base operating system profile, ACM SIGBED Review, vol. 15, no. 1, pp. 15-21, February 2018.
- E. Nwafor, A. Campbell, D. Hill, and G. Bloom, Towards a Provenance Collection Framework for Internet of Things Devices, Proceedings of the IEEE International Conference on Ubiquitous Intelligence and Computing (UIC), August, 2017.
C. Young, J. Zambreno and G. Bloom, Towards a Fail-Operational Intrusion Detection System for In-Vehicle Networks, Proceedings of the Workshop on Security and Dependability of Critical Embedded Real-Time Systems (CERTS), November, 2016.
- G. Bloom, “Automotive Cybersecurity in the Connected World”, Keynote address at the ISACA Greater Washington DC Annual General Meeting, June, 2018.
- G. Bloom, “Resilience in Automotive Intrusion Detection Systems”, Presentation at the Critical Infrastructure Resilience Institute (CIRI) of the University of Illinois at Urbana-Champaign (UIUC), August, 2018.