Automobile Intrusion Detection Jun Li Twitter : @bravo_fighter UnicornTeam Qihoo360
2� What this talk is about? Automotive intrusion detection Automotive cyber-security architecture
From the highest viewpoint J 3�
Outline • Quick recap of the status quo of car security research • Little automobile working principle • CAN bus anomaly detection
Car hacking development Remote GM Onstar attack Vuln,Sammy Immobilizer BMW More to via wireless Cracking ConnectedDrive come ? OBD ( Hitag , vuln Sure ! interface Keeloq ) Telsa DARPA&UW Mbrace Performance Jeep Uconnect Qihoo360 OBD Tuning by Charlie&Chris interface modifying attack , etc. firmware Karl et al.
Car explained
Sensor security
ECU (Electronic Control Unit) In automotive electronics, Electronic Control Unit ( ECU ) is a generic term for any secret system that controls one or more of the electrical system or subsystems in a transport vehicle Types of ECU include Electronic/engine Control Module (ECM), Powertrain Control Module (PCM), Transmission Control Module (TCM), Brake Control Module (BCM or EBCM), Central Control Module (CCM), Central Timing Module (CTM), General Electronic Module (GEM), Body Control Module (BCM), Suspension Control Module (SCM), control unit, or control module
9� Electronic Control Module Example
10� Automotive Mechatronics
11� Drive-by-wire system hackable Non-hackable Throttle position sensor
12� Steering-by-wire system Steer-by –wire ( with mechanical fallback clutch ) Universal joint
Automotive Control System Architecture
Vehicle CAN BUS System
Vehicle Communication System Infotainment OBDII System MOST LIN CAN FlexRay Bluetooth Wifi SubGHz
Vehicle Communication System example Music Player Speedometer INS ESP ( electronic stability program ) Infotainment EMU ( engine management System 网关 system ) TCU ( transmission control unit ) CAN-C ESP TCU ACC … ACC ( adaptive cruise EMU control ) INS ( Inertial navigation system ) CAN-B Seat Controller
CAN BUS Signaling
CAN Frame Structure
CAN Bus Access Arbitration 0 dominant 1 recessive 1 0 0 1 0 1 0 1 1 1 1 0 0 1 0 1 1 0 0 1 0
CAN BUS Attack Packets injection Parameter spoofing
Remote Attack Example Jeep Uconnect Vulnerability femotocell WiFi Sprint Internet CAN
Automotive intrusion detection researches
Automotive intrusion detection researches Not considering Temporal feature
Distributed architecture
CAN 总线 安全防御模型 IDS IDS ( Intrusion Detection System )
Difficulties of CAN bus defence ① Real time requirements� ② Hard to trace back to sender� ③ High cost of false positive� ④ … �
CAN Anomaly Detection McAfee&Intel
CAN bus defence IDS
CAN security architecture Bluetooth WiFi Cellular V2X IDS
Experiment Car • Hybrid • Electronic Brake • Electric Power Steering • Electronic Throttle • Cellular Connection • Cloud Service • Bluetooth Key
Experiment car’s CAN network
The CAN database
Why don’t we build a model Take the relation ship of rpm and speed , gear for example , we can create a model of the System‘s behavior
汽 车 工作原理
Anomaly detection system Parameter Cross extraction Prediction Realtime data stream
System model requirements Gear
Build the system model Data Data Feature Data Model analysis preprocess Selection Collection Training &Testing
Data Acquisition Parameter presence on different BUS Engine Acceleration Intake Brake Steering Parameter Speed Gear RPM Pedal Pressure Pedal Wheel o o x x o o o Instrument o o x x o x x Comfort BUS o o o o o x x Power o o o o o x o ECM o o o x o o o ESC
Data Acquisition Setup
Data Analysis Can database is kept highly confidential
Data Preprocess
Data Preprocess Normalization Interpolation Sampling
Normalization Must make sure the maximum and minimum value , don’t calculate from the training data
数据插 值 Observation Interpolation
Sub-Sampling
Sub-Sampling Time_ ms � AccPeda RPM � Speed � MAP � MAF � Throttle � l � 13897 0.287983 0.134259 0.059055 0.167567 0.697107 0.137795 3 � 8 � 2 � 1 � 5 � 0 � 2 � 13897 0.287312 0.134259 0.055118 0.167567 0.697107 0.137795 4 � 5 � 2 � 1 � 5 � 0 � 2 � 13897 0.287312 0.134259 0.051181 0.167567 0.697107 0.137795 5 � 5 � 2 � 1 � 5 � 0 � 2 � 13897 0.285970 � 0.134259 0.047244 0.167567 0.697107 0.137795 6 � 2 � 0 � 5 � 0 � 2 � 13897 0.285970 � 0.134259 � 0.051181 0.167567 0.697107 0.137795 7 � 1 � 5 � 0 � 2 �
Sub-Sampling
Model training
Model training
Results
Result
Model testing
Model testing
Acknowledgement Professor Shuicheng Yan Doctor Ming Lin Doctor Zhanyi Wang Doctor Lin Huang
Thank You ! Q&A
Reference
1. Karl Koscher, Alexei Czeskis, Experimental Security Analysis of a Modern Automobile, 2010 2. Stephen Checkoway,Damon McCoy , Brian Kantor, Comprehensive Experimental Analyses of Automotive Attack Surfaces , 2011. 3. Charlie Miller , Chris Valasek , Adventures in Automotive Networks and Control Units , 2013. 4. Charlie Miller , Chris Valasek , Remote Exploitation of an Unaltered Passenger Vehicle , 2015 5. Dieter Spaar , Sicherheitslücken bei BMWs ConnectedDrive/ Beemer, Open Thyself! – Security vulnerabilities in BMW's ConnectedDrive,2015. 6. Iamthecarvalry.org , Five Star Automotive Cyber Safety Framework , 2015. 7. Pierre Kleberger , Security Aspects of the In-Vehicle Network in the Connected Car , IEEE Intelligent Vehicles Symposium , 2011 8. Marc Rogers , Kevin Mahaffey , How to Hack a Tesla Model S , DEF CON 23,2015 9. Charlie Miller Chris Valasek , Advanced CAN Injection Techniques for Vehicle Networks , BlackhatUSA , 2016 10. Kyong-Tak Cho and Kang G. Shin, Fingerprinting Electronic Control Units for Vehicle Intrusion Detection, 2016
11. Nobuyasu Kanekawa,X-by-Wire Systems,Hitachi Research Lab.2011 12. Paul Yih, Steer-by-Wire: Implication For Vehicle Handling and Safety , Stanford PHD Dissertation , 2005 13. Luigi Coppolion , Dependability aspects of automotive x-by-wire technologies , 2008. 14. Jonas Zaddach,Andrei Costin,Embedded Devices Security and Firmware Reverse Engineering , Blackhat Workshop,2013. 15. Andrei costin , Jonas Zaddach , A large-Scale Analysis of the Security of Embedded Firmwares , EURECOM , 2014. 16. Samy Kamkar , Drive It Like You hacked It , DEF CON23 , 2015 17. David A Brown, Geoffrey Cooper, Automotive Security Best Practices, White Paper by Intel & McAfee,2014. 18. OpenGarages, Car Hacker’s Handbook , openGarage.org,2014. 19. Henning Olsson, OptimumG , Vehicle Data Acquisition Using CAN,2010 20. Varun Chandola , Arindam Banerjee , Vipin Kumar , Anomaly Detection : A Survey , 2009
21. Park, Ming Kuang, Neural learning of driving environment prediction for vehicle power management, Joint Conf. on Neural Networks, 2008. 22. Taylor, P., Adamu-Fika, F., Anand, S., Dunoyer, A., Griffiths, N., and Popham, T. Road type classification through data mining , 2012. 23. Michael Muter, Naim Asaj , Entropy-based anomaly detection for in-vehicle networks", IEEE Intelligent Vehicles Symposium (IV), 2011. 24. Ulf E. Larson, Dennis K. Nilsson,An Approach to Specification-based Attack Detection for In-Vehicle Networks, IEEE Intelligent Vehicles Symposium,2008. 25. Y. L. Murphey, Zhi Hang Chen, L. Kiliaris, Jungme ,I. Tang and T. P. Breckon, Automatic road environment classication, IEEE Trans. on Intelligent Transportation Systems, 2011. 26. Salima Omar, Asri Ngadi, Hamid H.Jebur, Machine Learning Techniques for Anomaly Detection: An Overview. 27. Perter Harrington , Machine Learning In Action , 2013. 28. Jurgen Schmidhuber , Deep learning in neural networks: An overview , 2015. 29. Kaiserslautern , Comparison of Unsupervised Anomaly Detection Techniques , German Research Center for Artificial Intelligence, 2011
Recommend
More recommend
