Speaker
Description
Modern vehicles increasingly rely on electronics and small, embedded computer systems called Electronic Control Units (ECUs), which act as central hubs for sensing, computation, and control. Typical automobiles contain dozens of ECUs that connect to internal vehicle networks, typically Controller Area Networks (CANs). These systems, embedded within passenger cars, commercial fleets, and heavy-duty trucks, enable advanced driver assistance, infotainment, telematics, and autonomous capabilities.
Commercial vehicles and heavy-duty trucks benefit from a high-layer network protocol, SAE J1939, which defines CAN message encodings and enables deciphering of vehicle state information. For instance, by monitoring network parameters such as wheel speed, brake pressure, and gear position, it is possible to detect physical events like unauthorized towing or theft. While these insights can enhance visibility into vehicle and driver status, the networks were not designed with modern cybersecurity provisions. A severe lack of authentication and encryption makes CAN/J1939 traffic susceptible to spoofing, replay, and denial-of-service attacks, which can directly translate into safety-critical failures. As a result, nuclear and radioactive transport vehicles have become both security assets and risks.
This paper proposes an in-vehicle, network-centric architecture that treats these pre-existing in-vehicle networks as both a source of actionable cyber-physical security intelligence and a resource that must be actively defended. Using experience gleaned from research and development projects at Oak Ridge National Laboratory, we present three interoperable approaches that can be deployed to improve situational awareness and threat resilience by leveraging sensor-state information communicated through in-vehicle networks.
The first effort, Controller Area Network Transport Security Tracking and Reporting (C-STAR) aims to secure a myriad of heavy-duty, high-risk vehicle shipments by leveraging onboard telemetry and vehicle sensors on a modular and flexible-edge computing platform. This technology intakes automotive network data to make determinations on the physical security of the vehicle. The second effort, CAN-based Driver Identification, aims to fingerprint driver behavior and mental state through continuous two-factor authentication based on their interaction with the vehicle. This technology allows stakeholders to utilize side-channel methods for driver identification where camera systems are unreliable or unavailable. Finally, to address potential cybersecurity issues arising from manipulation of the J1939 network, our Automotive Secure Hijack, Intrusion, and Exploit Layered Detector (Auto-SHIELD) technology is deployed to detect and alert for network intrusions and vehicle sensor anomalies.
This paper will detail our development processes and key findings, including deployment of technologies on real vehicles using aftermarket hardware. We will summarize our findings, capabilities, and how the implementation of Artificial Intelligence could improve operational security in the near future.
