Investigating Privacy and Security of Cloud-Connected Autonomous Vehicles

Autonomous cars are intelligent systems that can do Physical tasks without human interaction and are used in Industrial environments, transport, and the military, one of most powerful feature of this technology is that possess intelligent agents that can learn from their environment, furthermore, they have several sensors with connectivity between them. Nowadays most of the car manufacturer use autonomous features like lane-keeping, Adaptive Cruise Control (ACC), advance driver assistance system and automatic parking system resulting in a rapid increase in research of autonomous vehicles e.g. in 2004 and 2005 DARPA challenges for vehicles to autonomously navigate via desert terrain, moreover, the DARPA challenge in 2007 developed and tested cars that independently explored via a mock urban condition amid traffic. Vehicles have huge potential in improving road safety, providing convenience; reducing emissions and congestion by communicating with another vehicle within the same network furthermore, in case of emergency they can also notify other vehicles of the incident. Much architecture for communication between vehicles is centralized, typically using cloud servers. The security and trust of that communication are paramount. Therefore, this research aimed to propose a novel method that can insure data security in the cloud by encrypting and fragmenting data to increase the uncertainty for an attacker so as a result, it becomes difficult for hackers to compromise the confidentiality and integrity of data residing in the cloud. This research presents experimental results in terms of time, CPU utilization and size which allowed to determine the most effective method for securing data in the cloud and hence making it difficult for a hacker to reconstruct data. Splitting and encrypting different size of video and text file or encrypting the whole file shows that less time, CPU usage and size is taken in splitting and encrypting 5KB rather than other sizes or encrypting the whole file, so it saves CPU utilization, time and storage, hence, it is the ideal size as it minimizes the CPU resources and memory as compared to different size fragments. The privacy of data is at a higher level preventing a hacker from accessing the data as it is shared in multiple clouds, furthermore, the proposed technique also proposed a mechanism which ensures the data integrity and confidentiality by encrypting the data header hence making it almost impossible for hacker to reconstruct the original data even if it been hacked by man in middle attack. Finally, the experimental results shows that this method can overcome the issue of overhead in transmission and as a result, makes it an efficient and effective mechanism to encounter the data security problem

Automated and intelligent hacking detection system

Dissertação de mestrado integrado em Informatics EngineeringThe Controller Area Network (CAN) is the backbone of automotive networking, connecting many Electronic ControlUnits (ECUs) that control virtually every vehicle function from fuel injection to parking sensors. It possesses,however, no security functionality such as message encryption or authentication by default. Attackers can easily inject or modify packets in the network, causing vehicle malfunction and endangering the driver and passengers. There is an increasing number of ECUs in modern vehicles, primarily driven by the consumer’s expectation of more features and comfort in their vehicles as well as ever-stricter government regulations on efficiency and emissions. Combined with vehicle connectivity to the exterior via Bluetooth, Wi-Fi, or cellular, this raises the risk of attacks. Traditional networks, such as Internet Protocol (IP), typically have an Intrusion Detection System (IDS) analysing traffic and signalling when an attack occurs. The system here proposed is an adaptation of the traditional IDS into the CAN bus using a One Class Support Vector Machine (OCSVM) trained with live, attack-free traffic. The system is capable of reliably detecting a variety of attacks, both known and unknown, without needing to understand payload syntax, which is largely proprietary and vehicle/model dependent. This allows it to be installed in any vehicle in a plug-and-play fashion while maintaining a large degree of accuracy with very few false positives.A Controller Area Network (CAN) é a principal tecnologia de comunicação interna automóvel, ligando muitas Electronic Control Units (ECUs) que controlam virtualmente todas as funções do veículo desde injeção de combustível até aos sensores de estacionamento. No entanto, não possui por defeito funcionalidades de segurança como cifragem ou autenticação. É possível aos atacantes facilmente injetarem ou modificarem pacotes na rede causando estragos e colocando em perigo tanto o condutor como os passageiros. Existe um número cada vez maior de ECUs nos veículos modernos, impulsionado principalmente pelas expectativas do consumidores quanto ao aumento do conforto nos seus veículos, e pelos cada vez mais exigentes regulamentos de eficiência e emissões. Isto, associada à conexão ao exterior através de tecnologias como o Bluetooth, Wi-Fi, ou redes móveis, aumenta o risco de ataques. Redes tradicionais, como a rede Internet Protocol (IP), tipicamente possuem um Intrusion Detection Systems (IDSs) que analiza o tráfego e assinala a presença de um ataque. O sistema aqui proposto é uma adaptação do IDS tradicional à rede CAN utilizando uma One Class Support Vector Machine (OCSVM) treinada com tráfego real e livre de ataques. O sistema é capaz de detetar com fiabilidade uma variedade de ataques, tanto conhecidos como desconhecidos, sem a necessidade de entender a sintaxe do campo de dados das mensagens, que é maioritariamente proprietária. Isto permite ao sistema ser instalado em qualquer veículo num modo plug-and-play enquanto mantém um elevado nível de desempenho com muito poucos falsos positivos

Edge computing platforms for Internet of Things

Internet of Things (IoT) has the potential to transform many domains of human activity, enabled by the collection of data from the physical world at a massive scale. As the projected growth of IoT data exceeds that of available network capacity, transferring it to centralized cloud data centers is infeasible. Edge computing aims to solve this problem by processing data at the edge of the network, enabling applications with specialized requirements that cloud computing cannot meet. The current market of platforms that support building IoT applications is very fragmented, with offerings available from hundreds of companies with no common architecture. This threatens the realization of IoT's potential: with more interoperability, a new class of applications that combine the collected data and use it in new ways could emerge. In this thesis, promising IoT platforms for edge computing are surveyed. First, an understanding of current challenges in the field is gained through studying the available literature on the topic. Second, IoT edge platforms having the most potential to meet these challenges are chosen and reviewed for their capabilities. Finally, the platforms are compared against each other, with a focus on their potential to meet the challenges learned in the first part. The work shows that AWS IoT for the edge and Microsoft Azure IoT Edge have mature feature sets. However, these platforms are tied to their respective cloud platforms, limiting interoperability and the possibility of switching providers. On the other hand, open source EdgeX Foundry and KubeEdge have the potential for more standardization and interoperability in IoT but are limited in functionality for building practical IoT applications

REDESIGNING THE COUNTER UNMANNED SYSTEMS ARCHITECTURE

Includes supplementary material. Please contact [email protected] for access.When the Islamic State used Unmanned Aerial Vehicles (UAV) to target coalition forces in 2014, the use of UAVs rapidly expanded, giving weak states and non-state actors an asymmetric advantage over their technologically superior foes. This asymmetry led the Department of Defense (DOD) and the Department of Homeland Security (DHS) to spend vast sums of money on counter-unmanned aircraft systems (C-UAS). Despite the market density, many C-UAS technologies use expensive, bulky, and high-power-consuming electronic attack methods for ground-to-air interdiction. This thesis outlines the current technology used for C-UAS and proposes a defense-in-depth framework using airborne C-UAS patrols outfitted with cyber-attack capabilities. Using aerial interdiction, this thesis develops a novel C-UAS device called the Detachable Drone Hijacker—a low-size, weight, and power C-UAS device designed to deliver cyber-attacks against commercial UAVs using the IEEE 802.11 wireless communication specification. The experimentation results show that the Detachable Drone Hijacker, which weighs 400 grams, consumes one Watt of power, and costs $250, can interdict adversarial UAVs with no unintended collateral damage. This thesis recommends that the DOD and DHS incorporates aerial interdiction to support its C-UAS defense-in-depth, using technologies similar to the Detachable Drone Hijacker.DASN-OE, Washington DC, 20310Captain, United States Marine CorpsApproved for public release. Distribution is unlimited

Practical Encryption Gateways to Integrate Legacy Industrial Machinery

Future industrial networks will consist of a mixture of old and new components, due to the very long life-cycles of industrial machines on the one hand and the need to change in the face of trends like Industry 4.0 or the industrial Internet of things on the other. These networks will be very heterogeneous and will serve legacy as well as new use cases in parallel. This will result in an increased demand for network security and precisely within this domain, this thesis tries to answer one specific question: how to make it possible for legacy industrial machines to run securely in those future heterogeneous industrial networks. The need for such a solution arises from the fact, that legacy machines are very outdated and hence vulnerable systems, when assessing them from an IT security standpoint. For various reasons, they cannot be easily replaced or upgraded and with the opening up of industrial networks to the Internet, they become prime attack targets. The only way to provide security for them, is by protecting their network traffic. The concept of encryption gateways forms the basis of our solution. These are special network devices, that are put between the legacy machine and the network. The gateways encrypt data traffic from the machine before it is put on the network and decrypt traffic coming from the network accordingly. This results in a separation of the machine from the network by virtue of only decrypting and passing through traffic from other authenticated gateways. In effect, they protect communication data in transit and shield the legacy machines from potential attackers within the rest of the network, while at the same time retaining their functionality. Additionally, through the specific placement of gateways inside the network, fine-grained security policies become possible. This approach can reduce the attack surface of the industrial network as a whole considerably. As a concept, this idea is straight forward and not new. Yet, the devil is in the details and no solution specifically tailored to the needs of the industrial environment and its legacy components existed prior to this work. Therefore, we present in this thesis concrete building blocks in the direction of a generally applicable encryption gateway solution that allows to securely integrate legacy industrial machinery and respects industrial requirements. This not only entails works in the direction of network security, but also includes works in the direction of guaranteeing the availability of the communication links that are protected by the gateways, works to simplify the usability of the gateways as well as the management of industrial data flows by the gateways

Ein mehrschichtiges sicheres Framework für Fahrzeugsysteme

In recent years, significant developments were introduced within the vehicular domain, evolving the vehicles to become a network of many embedded systems distributed throughout the car, known as Electronic Control Units (ECUs). Each one of these ECUs runs a number of software components that collaborate with each other to perform various vehicle functions. Modern vehicles are also equipped with wireless communication technologies, such as WiFi, Bluetooth, and so on, giving them the capability to interact with other vehicles and roadside infrastructure. While these improvements have increased the safety of the automotive system, they have vastly expanded the attack surface of the vehicle and opened the door for new potential security risks. The situation is made worse by a lack of security mechanisms in the vehicular system which allows the escalation of a compromise in one of the non-critical sub-systems to threaten the safety of the entire vehicle and its passengers. This dissertation focuses on providing a comprehensive framework that ensures the security of the vehicular system during its whole life-cycle. This framework aims to prevent the cyber-attacks against different components by ensuring secure communications among them. Furthermore, it aims to detect attacks which were not prevented successfully, and finally, to respond to these attacks properly to ensure a high degree of safety and stability of the system.In den letzten Jahren wurden bedeutende Entwicklungen im Bereich der Fahrzeuge vorgestellt, die die Fahrzeuge zu einem Netzwerk mit vielen im gesamten Fahrzeug verteile integrierte Systeme weiterentwickelten, den sogenannten Steuergeräten (ECU, englisch = Electronic Control Units). Jedes dieser Steuergeräte betreibt eine Reihe von Softwarekomponenten, die bei der Ausführung verschiedener Fahrzeugfunktionen zusammenarbeiten. Moderne Fahrzeuge sind auch mit drahtlosen Kommunikationstechnologien wie WiFi, Bluetooth usw. ausgestattet, die ihnen die Möglichkeit geben, mit anderen Fahrzeugen und der straßenseitigen Infrastruktur zu interagieren. Während diese Verbesserungen die Sicherheit des Fahrzeugsystems erhöht haben, haben sie die Angriffsfläche des Fahrzeugs erheblich vergrößert und die Tür für neue potenzielle Sicherheitsrisiken geöffnet. Die Situation wird durch einen Mangel an Sicherheitsmechanismen im Fahrzeugsystem verschärft, die es ermöglichen, dass ein Kompromiss in einem der unkritischen Subsysteme die Sicherheit des gesamten Fahrzeugs und seiner Insassen gefährdet kann. Diese Dissertation konzentriert sich auf die Entwicklung eines umfassenden Rahmens, der die Sicherheit des Fahrzeugsystems während seines gesamten Lebenszyklus gewährleistet. Dieser Rahmen zielt darauf ab, die Cyber-Angriffe gegen verschiedene Komponenten zu verhindern, indem eine sichere Kommunikation zwischen ihnen gewährleistet wird. Darüber hinaus zielt es darauf ab, Angriffe zu erkennen, die nicht erfolgreich verhindert wurden, und schließlich auf diese Angriffe angemessen zu reagieren, um ein hohes Maß an Sicherheit und Stabilität des Systems zu gewährleisten

Securing Embedded Systems for Unmanned Aerial Vehicles

This project focuses on securing embedded systems for unmanned aerial vehicles (UAV). Over the past two decades UAVs have evolved from a primarily military tool into one that is used in many commercial and civil applications. As the market for these products increases the need to protect transmitted data becomes more important. UAVs are flying missions that contain crucial data and without the right protection they can be vulnerable to malicious attacks. This project focuses on building a UAV platform and working to protect the data transmitted on it. The platform was able to detect red color and wirelessly transmit the coordinates of the color to a remote laptop. Areas that were focused on for security included the image processing and wireless communications modules