SaTC: CORE: Small: Linking2Source: Security of In-Vehicle Networks via Source Identification

SaTC：核心：小型：Linking2Source：通过源识别确保车载网络安全

• 批准号: 2035770
• 负责人: Hafiz Malik
• 金额: $ 47.65万
• 依托单位: Regents of the University of Michigan - Ann Arbor
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2021
• 资助国家: 美国
• 起止时间: 2021-03-01 至 2025-02-28
• 项目状态: 未结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2035770&HistoricalAwards=false
• 关键词: SaTC; CORE; Small; Linking2Source; Security

Connected autonomous vehicles (AVs) may offer new mobility options to millions of people. Integration of connectivity features into modern vehicles is a main driving force behind the ever-expanding attack surface of connected AVs, rendering them vulnerable to hacking and data theft. Key vulnerabilities arise from the increased coupling of unsecured automotive control networks with multimedia networks and the integration of wireless interfaces such as Bluetooth and Wi-Fi networks. As such, developing robust and reliable solutions to identify, localize, and mitigate cybersecurity threats to connected AVs is of societal importance. Existing solutions, however, are limited in their ability and scope as they are unable to reliably link the received data to the transmitting devices. The goal of this project is to safeguard AVs against growing attack surfaces and vectors by developing a holistic solution called the Linking2Source framework through three seamlessly integrated layers of defense, with each layer aiming to mitigate a specific set of attacks. The project also has a significant educational component, consisting of a set of inquisitive hands-on activities involving vehicle data acquisition, decoding, and data analytics, network packet injection, and intrusion detection aimed at outreach and broadening participation in STEM disciplines, including automotive cybersecurity, cyber-physical system security, statistical data analysis and digital forensics.The first layer of the proposed Linking2Source framework aims to protect in-vehicle networks by developing real-time message authentication, intrusion detection, and localization tools based on unclonable signal attributes for physical fingerprinting of electronic control units (ECUs). The approach exploits uniqueness in physical signal attributes, leverages statistical signal processing and parameter modeling techniques for physical fingerprint estimation, and uses statistical machine learning methods for transmitting ECU identification and localization. The second layer aims to protect in-vehicle networks against firmware/software-level attacks using ECU behavioral fingerprinting through data-driven statistical graph analytics. The approach targeted by the research team here is the transformation of sequential in-vehicle network data into a directed-graph to leverage statistical graph analytics for ECU behavior modeling and intrusion detection. The third layer of defense aims to protect AVs against attacks at the sensing and actuation layer by using dynamical observers that rely on vehicle-physics-based modeling for fault detection and isolation. The faulty signals such as incorrect steering angle commands that are issued by the rogue ECUs and are not in agreement with the vehicle physics could cause unsafe maneuvers such as excessive yaw motions. The project exploits the physics-based vehicle model for verifying the correctness of the issued ECU signals over the in-vehicle network bus. By leveraging the Dempster-Shafer evidence theory, the decisions from these layers of defense are optimally fused to integrate the three defense solutions in the Linking2Source framework. A key component of this project is to use in-vehicle network data both at the physical and datalink layers for modeling physical, behavioral, and vehicle-state fingerprints and using them for attack detection and localization and mitigation of the impact of malicious ECUs using a proactive cancellation policy. The research team will prototype the proposed solutions and evaluate them on the University of Michigan-Dearborn shuttle, on the University of Michigan MCity Test Facility, and on commercial tools, in addition to collecting large-scale data from a network testbed and from a real vehicle driving and sharing it with the research community.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

互联自动驾驶汽车（AV）可以为数百万人提供新的移动选择。将连接功能集成到现代汽车中是互联自动驾驶汽车不断扩大攻击面的主要驱动力，使它们容易受到黑客攻击和数据窃取。关键漏洞来自于不安全的汽车控制网络与多媒体网络的耦合增加以及蓝牙和Wi-Fi网络等无线接口的集成。因此，开发强大可靠的解决方案来识别、定位和减轻互联自动驾驶汽车的网络安全威胁具有社会重要性。然而，现有的解决方案在其能力和范围方面受到限制，因为它们不能可靠地将接收到的数据链接到发送设备。该项目的目标是通过开发一个名为Linking 2Source框架的整体解决方案，通过三个无缝集成的防御层来保护AV免受不断增长的攻击面和载体的影响，每一层都旨在减轻一组特定的攻击。该项目还有一个重要的教育组成部分，包括一系列好奇的实践活动，涉及车辆数据采集，解码和数据分析，网络数据包注入和入侵检测，旨在推广和扩大STEM学科的参与，包括汽车网络安全，网络物理系统安全，统计数据分析和数字取证。建议的Linking 2Source框架的第一层旨在通过开发实时消息认证，入侵检测，以及基于不可克隆信号属性的定位工具，用于电子控制单元（ECU）的物理指纹识别。该方法利用物理信号属性的唯一性，利用统计信号处理和参数建模技术进行物理指纹估计，并使用统计机器学习方法进行ECU识别和定位。第二层旨在通过数据驱动的统计图分析，使用ECU行为指纹识别来保护车载网络免受固件/软件级攻击。研究团队的目标方法是将连续的车载网络数据转换为有向图，以利用统计图分析进行ECU行为建模和入侵检测。第三层防御旨在通过使用依赖于基于车辆物理的故障检测和隔离建模的动态观察器来保护AV免受传感和驱动层的攻击。故障信号（例如由流氓ECU发出的不正确的转向角命令）与车辆物理特性不一致，可能会导致不安全的操纵，例如过度的偏航运动。该项目利用基于物理的车辆模型来验证通过车载网络总线发出的ECU信号的正确性。通过利用Dempster-Shafer证据理论，这些防御层的决策被最佳地融合，以集成Linking 2Source框架中的三个防御解决方案。该项目的一个关键组成部分是在物理和数据链路层使用车载网络数据来建模物理，行为和车辆状态指纹，并使用它们进行攻击检测和定位，并使用主动取消策略减轻恶意ECU的影响。研究小组将对提出的解决方案进行原型设计，并在密歇根大学迪尔伯恩航天飞机、密歇根大学MCity测试设施和商业工具上进行评估，除了收集大量的-从网络试验台和真实的车辆驾驶中获得数据，并与研究界共享。该奖项反映了NSF的法定使命，并被认为值得通过使用基金会的学术价值和更广泛的影响审查标准。

项目成果

Detecting CAN Bus Intrusion by Applying Machine Learning Method to Graph Based Features

将机器学习方法应用于基于图的特征检测 CAN 总线入侵

• DOI: 10.1007/978-3-030-82199-9_49
• 发表时间: 2021
• 期刊: Proceedings of SAI Intelligent Systems Conference
• 作者: Refat, R.U.D.;Elkhail, A.A.;Hafeez, A.;Malik, H.
• 通讯作者: Malik, H.

Vehicle Lateral Motion Stability Under Wheel Lockup Attacks

• DOI: 10.14722/autosec.2022.23010
• 发表时间: 2022
• 期刊: Proceedings Fourth International Workshop on Automotive and Autonomous Vehicle Security
• 作者: Alireza Mohammadi;Hafiz Abid Mahmood Malik

Seamlessly Safeguarding Data Against Ransomware Attacks

• DOI: 10.1109/tdsc.2022.3214781
• 发表时间: 2023-01
• 期刊: IEEE Transactions on Dependable and Secure Computing
• 影响因子: 7.3
• 作者: Abdulrahman Abu Elkhail;Nada Lachtar;Duha Ibdah;Rustam Aslam;Hamza Khan;Anys Bacha;Hafiz Malik

Generation of Time-Varying Feedback-Based Wheel Lock Attack Policies with Minimal Knowledge of the Traction Dynamics

在对牵引动力学了解最少的情况下生成基于时变反馈的轮锁攻击策略

• 发表时间: 2023
• 期刊: Intelligent Computing. SAI 2023. Lecture Notes in Networks and Systems
• 作者: Mohammadi, Alireza;Malik, Hafiz
• 通讯作者: Malik, Hafiz

Fingerprinting ECUs to Implement Vehicular Security for Passenger Safety Using Machine Learning Techniques

利用机器学习技术对 ECU 进行指纹识别以实现车辆安全以确保乘客安全

• 发表时间: 2022
• 期刊: Intelligence Systems (IntelliSys'22
• 作者: Bellaire, Samuel;Bayer, Matthew;Hafeez, Azeem;Refat, Rafi Ud;Malik, Hafiz
• 通讯作者: Malik, Hafiz