Experimental Security Analysis of a Modern Automobile

Koscher, Karl; Czeskis, Alexei; Roesner, Franziska; Patel, Shwetak; Kohno, Tadayoshi; Checkoway, Stephen; McCoy, Damon; Kantor, Brian; Anderson, Danny; Shacham, Hovav; Savage, Stefan

doi:10.1109/sp.2010.34

Cited by 1,336 publications

(620 citation statements)

References 8 publications

Supporting

Mentioning

611

Contrasting

Unclassified

Order By: Relevance

“…Relevant research has focused primarily on proof-ofconcept attacks [3] on the integrity of sensing and actuation or the availability of communications. Defence is usually about resilience through redundancy [11] or prevention through authentication and encrypted communication [12].…”

Section: Literature Reviewmentioning

confidence: 99%

See 1 more Smart Citation

Decision tree-based detection of denial of service and command injection attacks on robotic vehicles

Vuong

Loukas

Gan

et al. 2015

2015 IEEE International Workshop on Information Forensics and Security (WIFS)

View full text Add to dashboard Cite

Abstract-Mobile cyber-physical systems, such as automobiles, drones and robotic vehicles, are gradually becoming attractive targets for cyber attacks. This is a challenge because intrusion detection systems built for conventional computer systems tend to be unsuitable. They can be too demanding for resource-restricted cyber-physical systems or too inaccurate due to the lack of realworld data on actual attack behaviours. Here, we focus on the security of a small remote-controlled robotic vehicle. Having observed that certain types of cyber attacks against it exhibit physical impact, we have developed an intrusion detection system that takes into account not only cyber input features, such as network traffic and disk data, but also physical input features, such as speed, physical jittering and power consumption. As the system is resource-restricted, we have opted for a decision tree-based approach for generating simple detection rules, which we evaluate against denial of service and command injection attacks. We observe that the addition of physical input features can markedly reduce the false positive rate and increase the overall accuracy of the detection.

show abstract

Section: Literature Reviewmentioning

confidence: 99%

“…A cyber-attack against or through an associated network affects the movement of a vehicle in a manner that gives rise to a range of new security challenges. Such incidents have already been reported to have occurred both in the wild [1], [2] and in controlled experimental environments [3], [4] and competitions [5].…”

Section: Introductionmentioning

confidence: 99%

Decision tree-based detection of denial of service and command injection attacks on robotic vehicles

Vuong

Loukas

Gan

et al. 2015

2015 IEEE International Workshop on Information Forensics and Security (WIFS)

View full text Add to dashboard Cite

show abstract

“…But in exchange we must consider the "nonsensical" and unpredictable behavior caused by code defects. We must also consider a wide array of traditional and nontraditional security concerns; the nature of what constitutes a security exploit in a self-driving car is quite different vulnerabilities exposed by traditional IT software [1].…”

Section: Trusting Self-driving Carsmentioning

confidence: 99%

A Philosophy for Developing Trust in Self-driving Cars

Wagner

Koopman

2015

Road Vehicle Automation 2

View full text Add to dashboard Cite

For decades, our lives have depended on the safe operation of automated mechanisms around and inside us. The autonomy and complexity of these mechanisms is increasing dramatically. Autonomous systems such as self-driving cars rely heavily on inductive inference and complex software, both of which confound traditional software-safety techniques that are focused on amassing sufficient confirmatory evidence to support safety claims. In this paper we survey existing methods and tools that, taken together, can enable a new and more productive philosophy for software safety that is based on Karl Popper's idea of falsificationism. Trusting self-driving carsFor decades, our lives have depended on the safe operation of automated mechanisms around and inside us. However, the autonomy of these mechanisms is increasing dramatically, going from comparatively simple drive-by-wire control to fully autonomous self-driving cars. The safety risks posed by autonomous systems cannot be mitigated through mechanical interlocks or similar tried-and-true techniques. Furthermore these autonomous systems will operate in unstructured environments (including highways not designed for self-driving cars and unpredictable weather conditions) that will present a myriad of unexpected situations. Without question, automation holds the promise of reducing the rates of accidents; for example, self-driving cars have the potential to virtually eliminate accidents due to inattentive drivers. However, when he pays attention, a human driver has tremendous capacity for reacting responsibly to circumstances for which he has not been explicitly trained. With the human out of the loop, the autonomous car is far less capable of handling unforeseen circumstances. By definition, an "unstructured environment" such as a real-world road network includes plenty of unforeseen con-PREPRINT: G. Meyer & S. Beiker (eds.) Road Vehicle Automation 2

show abstract

“…However, over the last few years, autonomous vehicles have become a routine target for experimental cyber attacks, as demonstrated as early as 2009 by the University of Washington [1], [2] and in numerous blackhat conferences since then. As a result, there is a need for protection systems appropriate for active attacks against an autonomous vehicle's integrity or availability, and the corresponding impact on its actuation.…”

Section: Introductionmentioning

confidence: 99%

Behaviour-Based Anomaly Detection of Cyber-Physical Attacks on a Robotic Vehicle

Bezemskij

Loukas

Anthony

et al. 2016

2016 15th International Conference on Ubiquitous Computing and Communications and 2016 International Symposium on Cyberspace An

View full text Add to dashboard Cite

Abstract-Security is one of the key challenges in cyberphysical systems, because by their nature, any cyber attack against them can have physical repercussions. This is a critical issue for autonomous vehicles; if compromised in terms of their communications or computation they can cause considerable physical damage due to their mobility. Our aim here is to facilitate the automatic detection of cyber attacks on a robotic vehicle. For this purpose, we have developed a detection mechanism, which monitors real-time data from a large number of sources onboard the vehicle, including its sensors, networks and processing. Following a learning phase, where the vehicle is trained in a non-attack state on what values are considered normal, it is then subjected to a series of different cyberphysical and physical-cyber attacks. We approach the problem as a binary classification problem of whether the robot is able to self-detect when and whether it is under attack. Our experimental results show that the approach is promising for most attacks that the vehicle is subjected to. We further improve its performance by using weights that accentuate the anomalies that are less common thus improving overall performance of the detection mechanism for unknown attacks.

show abstract

Experimental Security Analysis of a Modern Automobile

Cited by 1,336 publications

References 8 publications

Decision tree-based detection of denial of service and command injection attacks on robotic vehicles

Decision tree-based detection of denial of service and command injection attacks on robotic vehicles

A Philosophy for Developing Trust in Self-driving Cars

Behaviour-Based Anomaly Detection of Cyber-Physical Attacks on a Robotic Vehicle

Contact Info

Product

Resources

About