A robust, reliable and deployable framework for In-vehicle security

Cyber attacks on financial and government institutions, critical infrastructure, voting systems, businesses, modern vehicles, etc., are on the rise. Fully connected autonomous vehicles are more vulnerable than ever to hacking and data theft. This is due to the fact that the protocols used for in-vehicle communication i.e. controller area network (CAN), FlexRay, local interconnect network (LIN), etc., lack basic security features such as message authentication, which makes it vulnerable to a wide range of attacks including spoofing attacks. This research presents methods to protect the vehicle against spoofing attacks. The proposed methods exploit uniqueness in the electronic control unit electronic control unit (ECU) and the physical channel between transmitting and destination nodes for linking the received packet to the source. Impurities in the digital device, physical channel, imperfections in design, material, and length of the channel contribute to the uniqueness of artifacts. I propose novel techniques for electronic control unit (ECU) identification in this research to address security vulnerabilities of the in-vehicle communication. The reliable ECU identification has the potential to prevent spoofing attacks launched over the CAN due to the inconsideration of the message authentication. In this regard, my techniques models the ECU-specific random distortion caused by the imperfections in digital-to-analog converter digital to analog converter (DAC), and semiconductor impurities in the transmitting ECU for fingerprinting. I also model the channel-specific random distortion, impurities in the physical channel, imperfections in design, material, and length of the channel are contributing factors behind physically unclonable artifacts. The lumped element model is used to characterize channel-specific distortions. This research exploits the distortion of the device (ECU) and distortion due to the channel to identify the transmitter and hence authenticate the transmitter.Ph.D.College of Engineering & Computer ScienceUniversity of Michigan-Dearbornhttps://deepblue.lib.umich.edu/bitstream/2027.42/154568/1/Azeem Hafeez Final Disseration.pdfDescription of Azeem Hafeez Final Disseration.pdf : Dissertatio

Physical-Fingerprinting of Electronic Control Unit (ECU) Based on Machine Learning Algorithm for In-Vehicle Network Communication Protocol “CAN-BUS”

The Controller Area Network (CAN) bus serves as a legacy protocol for in-vehicle data communication. Simplicity, robustness, and suitability for real-time systems are the salient features of the CAN bus protocol. However, it lacks the basic security features such as massage authentication, which makes it vulnerable to the spoofing attacks. In a CAN network, linking CAN packet to the sender node is a challenging task. This paper aims to address this issue by developing a framework to link each CAN packet to its source. Physical signal attributes of the received packet consisting of channel and node (or device) which contains specific unique artifacts are considered to achieve this goal. Material and design imperfections in the physical channel and digital device, which are the main contributing factors behind the device-channel specific unique artifacts, are leveraged to link the received electrical signal to the transmitter. Generally, the inimitable patterns of signals from each ECUs exist over the course of time that can manifest the stability of the proposed method. Uniqueness of the channel-device specific attributes are also investigated for time-and frequency-domain. Feature vector is made up of both time and frequency domain physical attributes and then employed to train a neural network-based classifier. Performance of the proposed fingerprinting method is evaluated by using a dataset collected from 16 different channels and four identical ECUs transmitting same message. Experimental results indicate that the proposed method achieves correct detection rates of 95.2% and 98.3% for channel and ECU classification, respectively.Master of Science in EngineeringComputer Engineering, College of Engineering and Computer ScienceUniversity of Michigan-Dearbornhttps://deepblue.lib.umich.edu/bitstream/2027.42/140731/1/Thesis manuscript_v3.pdfDescription of Thesis manuscript_v3.pdf : Thesi

The design and implementation of a smart-parking system for Helsinki Area

The strain on the parking infrastructure for the general public has significantly grown as a result of the ever rising number of vehicles geared by the rapid population growth in urban areas. Consequently, finding a vacant parking space has become quite a challenging task, especially at peak hours. Drivers have to cycle back and forth a number of times before they finally find where to park. This leads to increased fuel consumption, air pollution, and increased likelihood of causing accidents, to mention but a few. Paying for the parking is not straight forward either, as the ticket machines, on top of being located at a distance, in many times, they have several payment methods drivers must prepare for. A system therefore, that would allow drivers to check for the vacant parking places before driving to a busy city, takes care of the parking fee for exact time they have used, manages electronic parking permit, is the right direction towards toppling these difficulties. The main objective of this project was to design and implement a system that would provide parking occupancy estimation, parking fee payment method, parking permit management and parking analytics for the city authorities. The project had three phases. The first and the second phases used qualitative approaches to validate our hypotheses about parking shortcoming in Helsinki area and the recruitment of participants to the pilot of the project, respectively. The third phase involved the design, implementation and installation of the system. The other objective was to study the challenges a smart parking system would face at different stages of its life cycle. The objectives of the project were achieved and the considered assumption about the challenges associated with parking in a busy city were validated. A smart parking system will allow drivers to check for available parking spaces beforehand, they are able to pay for the parking fee, they can get electronic parking permits, and the city authority can get parking analytics for the city plannin

Transmitter Classification With Supervised Deep Learning

International audienceHardware imperfections in RF transmitters introduce features that can be used to identify a specific transmitter amongst others. Supervised deep learning has shown good performance in this task but using datasets not applicable to real world situations where topologies evolve over time. To remedy this, the work rests on a series of datasets gathered in the Future Internet of Things / Cognitive Radio Testbed [4] (FIT/CorteXlab) to train a convolutional neural network (CNN), where focus has been given to reduce channel bias that has plagued previous works and constrained them to a constant environment or to simulations. The most challenging scenarios provide the trained neural network with resilience and show insight on the best signal type to use for identification , namely packet preamble. The generated datasets are published on the Machine Learning For Communications Emerging Technologies Initiatives web site 4 in the hope that they serve as stepping stones for future progress in the area. The community is also invited to reproduce the studied scenarios and results by generating new datasets in FIT/CorteXlab

A comparative study of hash algorithms with the prospect of developing a CAN bus authentication technique

In this paper, the performances of SHA-3 final round candidates along with new versions of other hash algorithms are analyzed and compared. An ARM-Cortex A9 microcontroller and a Spartan -3 FPGA circuit are involved in the study, with emphasis placed on the number of cycles and the authentication speed. These hash functions are implemented and tested resulting in a set of ranked algorithms in terms of the specified metrics. Taking into account the performances of the most efficient algorithms and the proposed hardware platform components, an authentication technique can be developed as a possible solution to the limitations and weaknesses of automotive CAN (Controlled Area Network) bus – based embedded systems in terms of security, privacy and integrity. From there, the main elements of such a potential structure are set forth

A Hardware Platform for Communication and Localization Performance Evaluation of Devices inside the Human Body

Body area networks (BAN) is a technology gaining widespread attention for application in medical examination, monitoring and emergency therapy. The basic concept of BAN is monitoring a set of sensors on or inside the human body which enable transfer of vital parameters between the patient´s location and the physician in charge. As body area network has certain characteristics, which impose new demands on performance evaluation of systems for wireless access and localization for medical sensors. However, real-time performance evaluation and localization in wireless body area networks is extremely challenging due to the unfeasibility of experimenting with actual devices inside the human body. Thus, we see a need for a real-time hardware platform, and this thesis addressed this need. In this thesis, we introduced a unique hardware platform for performance evaluation of body area wireless access and in-body localization. This hardware platform utilizes a wideband multipath channel simulator, the Elektrobit PROPSimâ„¢ C8, and a typical medical implantable device, the Zarlink ZL70101 Advanced Development Kit. For simulation of BAN channels, we adopt the channel model defined for the Medical Implant Communication Service (MICS) band. Packet Reception Rate (PRR) is analyzed as the criteria to evaluate the performance of wireless access. Several body area propagation scenarios simulated using this hardware platform are validated, compared and analyzed. We show that among three modulations, two forms of 2FSK and 4FSK. The one with lowest raw data rate achieves best PRR, in other word, best wireless access performance. We also show that the channel model inside the human body predicts better wireless access performance than through the human body. For in-body localization, we focus on a Received Signal Strength (RSS) based localization algorithm. An improved maximum likelihood algorithm is introduced and applied. A number of points along the propagation path in the small intestine are studied and compared. Localization error is analyzed for different sensor positions. We also compared our error result with the Cramèr- Rao lower bound (CRLB), shows that our localization algorithm has acceptable performance. We evaluate multiple medical sensors as device under test with our hardware platform, yielding satisfactory localization performance

Implementing Deep Learning Techniques in 5G IoT Networks for 3D Indoor Positioning: DELTA (DeEp Learning-Based Co-operaTive Architecture)

In the near future, the fifth-generation wireless technology is expected to be rolled out, offering low latency, high bandwidth and multiple antennas deployed in a single access point. This ecosystem will help further enhance various location-based scenarios such as assets tracking in smart factories, precise smart management of hydroponic indoor vertical farms and indoor way-finding in smart hospitals. Such a system will also integrate existing technologies like the Internet of Things (IoT), WiFi and other network infrastructures. In this respect, 5G precise indoor localization using heterogeneous IoT technologies (Zigbee, Raspberry Pi, Arduino, BLE, etc.) is a challenging research area. In this work, an experimental 5G testbed has been designed integrating C-RAN and IoT networks. This testbed is used to improve both vertical and horizontal localization (3D Localization) in a 5G IoT environment. To achieve this, we propose the DEep Learning-based co-operaTive Architecture (DELTA) machine learning model implemented on a 3D multi-layered fingerprint radiomap. The DELTA begins by estimating the 2D location. Then, the output is recursively used to predict the 3D location of a mobile station. This approach is going to benefit use cases such as 3D indoor navigation in multi-floor smart factories or in large complex buildings. Finally, we have observed that the proposed model has outperformed traditional algorithms such as Support Vector Machine (SVM) and K-Nearest Neighbor (KNN)

Defense in Depth of Resource-Constrained Devices

The emergent next generation of computing, the so-called Internet of Things (IoT), presents significant challenges to security, privacy, and trust. The devices commonly used in IoT scenarios are often resource-constrained with reduced computational strength, limited power consumption, and stringent availability requirements. Additionally, at least in the consumer arena, time-to-market is often prioritized at the expense of quality assurance and security. An initial lack of standards has compounded the problems arising from this rapid development. However, the explosive growth in the number and types of IoT devices has now created a multitude of competing standards and technology silos resulting in a highly fragmented threat model. Tens of billions of these devices have been deployed in consumers\u27 homes and industrial settings. From smart toasters and personal health monitors to industrial controls in energy delivery networks, these devices wield significant influence on our daily lives. They are privy to highly sensitive, often personal data and responsible for real-world, security-critical, physical processes. As such, these internet-connected things are highly valuable and vulnerable targets for exploitation. Current security measures, such as reactionary policies and ad hoc patching, are not adequate at this scale. This thesis presents a multi-layered, defense in depth, approach to preventing and mitigating a myriad of vulnerabilities associated with the above challenges. To secure the pre-boot environment, we demonstrate a hardware-based secure boot process for devices lacking secure memory. We introduce a novel implementation of remote attestation backed by blockchain technologies to address hardware and software integrity concerns for the long-running, unsupervised, and rarely patched systems found in industrial IoT settings. Moving into the software layer, we present a unique method of intraprocess memory isolation as a barrier to several prevalent classes of software vulnerabilities. Finally, we exhibit work on network analysis and intrusion detection for the low-power, low-latency, and low-bandwidth wireless networks common to IoT applications. By targeting these areas of the hardware-software stack, we seek to establish a trustworthy system that extends from power-on through application runtime