WO2018029692A1 - System and method for prevention of attacks in connected vehicles - Google Patents

System and method for prevention of attacks in connected vehicles Download PDF

Info

Publication number
WO2018029692A1
WO2018029692A1 PCT/IL2017/050888 IL2017050888W WO2018029692A1 WO 2018029692 A1 WO2018029692 A1 WO 2018029692A1 IL 2017050888 W IL2017050888 W IL 2017050888W WO 2018029692 A1 WO2018029692 A1 WO 2018029692A1
Authority
WO
WIPO (PCT)
Prior art keywords
ipvx
ecu
processor
identifier
vehicle
Prior art date
Application number
PCT/IL2017/050888
Other languages
French (fr)
Inventor
Chaim Menachem KAWE
Idan Avraham EISENBERG
Ziv Meron HADAD
Original Assignee
Protectivx Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Protectivx Ltd. filed Critical Protectivx Ltd.
Publication of WO2018029692A1 publication Critical patent/WO2018029692A1/en

Links

Classifications

    • BPERFORMING OPERATIONS; TRANSPORTING
    • B60VEHICLES IN GENERAL
    • B60WCONJOINT CONTROL OF VEHICLE SUB-UNITS OF DIFFERENT TYPE OR DIFFERENT FUNCTION; CONTROL SYSTEMS SPECIALLY ADAPTED FOR HYBRID VEHICLES; ROAD VEHICLE DRIVE CONTROL SYSTEMS FOR PURPOSES NOT RELATED TO THE CONTROL OF A PARTICULAR SUB-UNIT
    • B60W50/00Details of control systems for road vehicle drive control not related to the control of a particular sub-unit, e.g. process diagnostic or vehicle driver interfaces
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2101/00Indexing scheme associated with group H04L61/00
    • H04L2101/60Types of network addresses
    • H04L2101/604Address structures or formats

Definitions

  • the present invention relates to cyber-attacks on vehicles. More particularly, the present invention relates to systems and methods for prevention of attacks in networks of connected vehicles.
  • connected vehicles have become available, with access to external communication networks (e.g., connected to the Internet).
  • Modern vehicles often include new connected technologies that aim to provide benefits such as added safety features, improved fuel economy, and greater overall convenience.
  • Some vehicles may support multiple communication modalities, such as Bluetooth, WiFi, GSM/LTE, etc.
  • Connected vehicles often have a multimedia system, which provides a combination of in-vehicle information and entertainment, and is also known as the infotainment system.
  • hackers are defined as an unauthorized intrusion into a computer or a network, where the hacker may alter system or security features to accomplish a goal that differs from the original purpose of the system.
  • a hacker can potentially gain access to a vehicle's network through any of the devices connected to the vehicle, such as one's smartphone, the infotainment system, and WiFi connection or through Electronic Control Units (ECUs) of the vehicle.
  • ECUs Electronic Control Units
  • Once hackers have gained access to the vehicle network they can potentially control devices within the vehicle, such as the vehicle's steering, braking, GPS system, communications, etc.
  • Some vehicles enable connected services from remote servers, such as over-the-air (OTA) updates of firmware and/or software, so hacking the vehicle may provide the hacker with access to the server that provides the services (e.g., OTA services).
  • OTA over-the-air
  • IPvX protocol is the communications protocol that provides an identification and location system for computers on networks, and routes traffic across the Internet.
  • a software application for generating the IPvX protocol may be installed in the infotainment system.
  • a method of preventing attacks on a vehicle network including determining, by a processor, a unique identifier of at least one component of the vehicle network, determining, by the processor, an IPvX identifier for at least one component of the vehicle network, wherein the IPvX identifier corresponds to the determined unique identifier of the at least one component of the vehicle network, authenticating, by the processor, the determined IPvX identifier with data received from the at least one component of the vehicle network, and blocking, by the processor, operation of non-authenticated identities.
  • the digital identity of the at least one component of the vehicle network may be replaced.
  • the determined IPvX identifier may be stored as an initial key stored.
  • a record of the initial key-store may be generated.
  • the method further includes communicating with at least one component of the vehicle network.
  • the communication may be carried out with a controlled area network bus.
  • an alert may be issued when an operation of non-authenticated identity is blocked.
  • a vehicle security system including at least one electronic control unit (ECU), and the system including at least one processor, and a communication analysis module, coupled to the at least one processor, wherein the communication analysis module is configured to determine a unique identifier of at least one ECU, determine an IPvX identifier for at least one ECU, wherein the IPvX identifier corresponds to the determined unique identifier of the ECU, authenticate the determined IPvX identifier with data received from the at least one ECU, and block operation of non-authenticated identities.
  • ECU electronice control unit
  • the communication analysis module is configured to determine a unique identifier of at least one ECU, determine an IPvX identifier for at least one ECU, wherein the IPvX identifier corresponds to the determined unique identifier of the ECU, authenticate the determined IPvX identifier with data received from the at least one ECU, and block operation of non-authenticated identities.
  • the system may further include at least one communication module coupled to the at least one processor and may be configured to communicate with at least one external network.
  • at least one communication module may be configured to communicate with at least one mobile communication device.
  • the communication between the at least one communication module and the at least one mobile communication device may create a joint IPvX address, and wherein the joint IPvX address may correspond to the combination of the IPvX address of the at least one communication module and the IPvX address of the at least one mobile communication device.
  • the processor may be configured to read data from at least one ECU and may send the read data to the at least one external network.
  • the ECU data may be sent to the at least one external network and may be analyzed and authenticated for IPvX identifier of the at least one ECU.
  • the communication analysis module may be configured to generate a record of the initial key-store.
  • the communication between the processor and at least one ECU may be carried out with a controlled area network bus, and wherein each ECU has a unique ID.
  • the communication between the at least one external network and at least one ECU may create a joint IPvX address, and wherein the joint IPvX address may correspond to the combination of the IPvX address of the at least one external network and the IPvX address of the at least one ECU.
  • a vehicle security device including at least one electronic control unit (ECU), the device including at least one processor, configured to determine a unique identifier of at least one ECU, determine an IPvX identifier for at least one ECU, wherein the IPvX identifier corresponds to the determined unique identifier of the ECU, authenticate the determined IPvX identifier with data received from the at least one ECU, and block operation of non- authenticated identities.
  • ECU electronice control unit
  • the device including at least one processor, configured to determine a unique identifier of at least one ECU, determine an IPvX identifier for at least one ECU, wherein the IPvX identifier corresponds to the determined unique identifier of the ECU, authenticate the determined IPvX identifier with data received from the at least one ECU, and block operation of non- authenticated identities.
  • the processor may be configured to communicate with an onboard diagnostics (OBD) system.
  • the device may further include at least one communication module coupled to the at least one processor and configured to communicate with at least one external network.
  • the communication between the processor and at least one ECU may be carried out with a controlled area network bus, and wherein each ECU has a unique ID.
  • FIG. 1 shows a block diagram of an examplary computing device, according to some embodiments of the invention
  • FIG. 2 schematically illustrates a block diagram of a vehicle security system, according to some embodiments of the invention.
  • FIG. 3 shows the structure of an IPvX data packet, according to some embodiments of the invention.
  • Fig. 4 shows a block diagram of a vehicle security device, according to some embodiments of the invention.
  • FIG. 5 shows a flowchart for a method of preventing attacks on a vehicle network, according to some embodiments of the invention.
  • the terms “plurality” and “a plurality” as used herein may include, for example, “multiple” or “two or more”.
  • the terms “plurality” or “a plurality” may be used throughout the specification to describe two or more components, devices, elements, units, parameters, or the like.
  • the term set when used herein may include one or more items.
  • the method embodiments described herein are not constrained to a particular order or sequence. Additionally, some of the described method embodiments or elements thereof can occur or be performed simultaneously, at the same point in time, or concurrently.
  • a device 100 may include a controller 105 that may be, for example, a central processing unit processor (CPU), a chip or any suitable computing or computational device, an operating system 115, a memory 120, executable code 125, a storage system 130 that may include input devices 135 and output devices 140.
  • Controller 105 (or one or more controllers or processors, possibly across multiple units or devices) may be configured to carry out methods described herein, and/or to execute or act as the various modules, units, etc. More than one computing device 100 may be included in, and one or more computing devices 100 may act as the components of, a system according to embodiments of the invention.
  • Operating system 115 may be or may include any code segment (e.g., one similar to executable code 125 described herein) designed and/or configured to perform tasks involving coordination, scheduling, arbitration, supervising, controlling or otherwise managing operation of computing device 100, for example, scheduling execution of software programs or tasks or enabling software programs or other modules or units to communicate.
  • Operating system 115 may be a commercial operating system. It will be noted that an operating system 115 may be an optional component, e.g., in some embodiments, a system may include a computing device that does not require or include an operating system 115.
  • Memory 120 may be or may include, for example, a Random Access Memory (RAM), a read only memory (ROM), a Dynamic RAM (DRAM), a Synchronous DRAM (SD-RAM), a double data rate (DDR) memory chip, a Flash memory, a volatile memory, a non-volatile memory, a cache memory, a buffer, a short term memory unit, a long term memory unit, or other suitable memory units or storage units.
  • Memory 120 may be or may include a plurality of, possibly different memory units.
  • Memory 120 may be a computer or processor non- transitory readable medium, or a computer non- transitory storage medium, e.g., a RAM.
  • Executable code 125 may be any executable code, e.g., an application, a program, a process, task or script. Executable code 125 may be executed by controller 105 possibly under control of operating system 115. For example, executable code 125 may be an application that enforces security in a vehicle as further described hereinafter, for example, to block cyber- attacks on vehicle networks. Although, for the sake of clarity, a single item of executable code 125 is shown in Fig. 1, a system according to some embodiments of the invention may include a plurality of executable code segments similar to executable code 125 that may be loaded into memory 120 and cause controller 105 to carry out methods described herein.
  • Storage system 130 may be or may include, for example, a flash memory as known in the art, a memory that is internal to, or embedded in, a micro controller or chip as known in the art, a hard disk drive, a CD-Recordable (CD-R) drive, a Blu-ray disk (BD), a universal serial bus (USB) device or other suitable removable and/or fixed storage unit.
  • Content may be stored in storage system 130 and may be loaded from storage system 130 into memory 120 where it may be processed by controller 105.
  • some of the components shown in Fig. 1 may be omitted.
  • memory 120 may be a non-volatile memory having the storage capacity of storage system 130. Accordingly, although shown as a separate component, storage system 130 may be embedded or included in memory 120.
  • Input devices 135 may be or may include any suitable input devices, components or systems, e.g., a detachable keyboard or keypad, a mouse and the like.
  • Output devices 140 may include one or more (possibly detachable) displays or monitors, speakers and/or any other suitable output devices.
  • Any applicable input/output (I/O) devices may be connected to computing device 100 as shown by blocks 135 and 140.
  • NIC network interface card
  • USB universal serial bus
  • any suitable number of input devices 135 and output devices 140 may be operatively connected to computing device 100 as shown by blocks 135 and 140.
  • input devices 135 and output devices 140 may be used by a technician or engineer in order to connect to a computing device 100, update software and the like.
  • Input and/or output devices or components 135 and 140 may be adapted to interface or communicate, with control or other units in a vehicle.
  • Embodiments of the invention may include an article such as a computer or processor non-transitory readable medium, or a computer or processor non-transitory storage medium, such as for example a memory, a disk drive, or a USB flash memory, encoding, including or storing instructions, e.g., computer-executable instructions, which, when executed by a processor or controller, carry out methods disclosed herein.
  • a storage medium such as memory 120
  • computer-executable instructions such as executable code 125
  • controller such as controller 105.
  • the storage medium may include, but is not limited to, any type of disk including magneto-optical disks, semiconductor devices such as read-only memories (ROMs), random access memories (RAMs), such as a dynamic RAM (DRAM), erasable programmable readonly memories (EPROMs), flash memories, electrically erasable programmable read-only memories (EEPROMs), magnetic or optical cards, or any type of media suitable for storing electronic instructions, including programmable storage devices.
  • ROMs read-only memories
  • RAMs random access memories
  • DRAM dynamic RAM
  • EPROMs erasable programmable readonly memories
  • flash memories electrically erasable programmable read-only memories (EEPROMs)
  • magnetic or optical cards or any type of media suitable for storing electronic instructions, including programmable storage devices.
  • Embodiments of the invention may include components such as, but not limited to, a plurality of central processing units (CPU) or any other suitable multi-purpose or specific processors or controllers (e.g., controllers similar to controller 105), a plurality of input units, a plurality of output units, a plurality of memory units, and a plurality of storage units.
  • a system may additionally include other suitable hardware components and/or software components.
  • a system may include or may be, for example, a personal computer, a desktop computer, a mobile computer, a laptop computer, a notebook computer, a terminal, a workstation, a server computer, a Personal Digital Assistant (PDA) device, a tablet computer, a network device, or any other suitable computing device.
  • PDA Personal Digital Assistant
  • a system may include or may be, for example, a plurality of components that include a respective plurality of central processing units, e.g., a plurality of CPUs as described, a plurality of CPUs embedded in an on board, system or network, a plurality of chips, a plurality of computer or network devices, or any other suitable computing device.
  • a system as described herein may include one or more devices such as computing device 100.
  • a security system for prevention of attacks on vehicle networks may be implemented as executable code 125 (e.g., to be executed by controller 105) and/or as a combination of executable code 125 and a compatible hardware component (e.g., embedded on at least one ECU), as further described hereinafter.
  • executable code 125 e.g., to be executed by controller 105
  • a compatible hardware component e.g., embedded on at least one ECU
  • the vehicle security system 200 may include at least one vehicle processor 201 (such as controller 105, shown in Fig. 1) coupled to at least one communication module 202 and configured to control operations of the vehicle 210 and components coupled thereto.
  • vehicle processor 201 such as controller 105, shown in Fig. 1
  • communication module 202 configured to control operations of the vehicle 210 and components coupled thereto.
  • the at least one communication module 202 may be paired with at least one mobile communication device 20 (e.g., a smartphone), for instance a user may control infotainment system of the vehicle 210 using the at least one mobile communication device 20.
  • the at least one communication module 202 may also communicate with at least one external network 203, for instance using a virtual private network (VPN).
  • VPN virtual private network
  • communication module 202 may communicate with an external weather cloud based service to receive weather information.
  • processor 201 may execute code to scan and/or read hardware (e.g., a hardware component of the vehicle 210) and/or software data of the system 200, and send this data for storage and further processing in the cloud based service 203.
  • communication to at least one communication module 202 and/or communication from at least one communication module 202 may be at least partially wireless (indicated with dashed arrows in Fig. 2), for instance via Bluetooth and/or via WiFi, GSM/LTE, etc.
  • hardware and/or software data may be analyzed similarly to analysis of hardware and software markers as described in PCT/IL2017/050286.
  • system 200 may include at least one electronic control unit (ECU) 204, 205 coupled to processor 201 and configured to control at least one operation of the vehicle 210.
  • ECU electronice control unit
  • processor 201 may analyze all data received from ECUs 204, 205 coupled thereto.
  • system 200 may include at least one communication analysis module 206 coupled to processor 201 and configured to analyze data from vehicle 210 components in order to detect and/or prevent attacks.
  • at least one communication analysis module 206 may be implemented as a software component embedded into processor 201 and/or a hardware component coupled thereto, for instance embedded into an ECU 204, 205 and/or an additional analysis component.
  • at least one communication analysis module 206 may create a local log and/or record of the initial key- store (IKS).
  • IKS initial key- store
  • operating the at least one communication analysis module 206 on the infotainment may enable scanning the unique hardware and/or software identifiers of this system 200, and send this data to at least one remote server (e.g., external network 203).
  • at least one remote server e.g., external network 203
  • At least one communication analysis module 206 may determine the IPvX address of components of the vehicle 210 (e.g., the infotainment system). In some embodiments, upon determination of the IPvX address, the at least one communication analysis module 206 may replace the digital identity of the corresponding components of the vehicle 210 (e.g., the infotainment system). In some embodiments, at least one external network 203 may continuously monitor components of the vehicle 210 (e.g., the infotainment system) and authenticate its integrity by repeating the IPvX determination process.
  • IPvX may refer to a memory packet 300 that may include a table or other collection of data associating at least one IPvX header with identification data stored in one or more software component and/or hardware component that may be installed in, running on or otherwise associated with system 200.
  • IKS address 301 of system 200 according to the IPvX protocol may include N number of bits, and no less than 128bits.
  • the corresponding IPvX destination address 302 may include at least 128bits.
  • any attempt to connect to the processor 201 from external third-party device and/or server via one or more of the physical and/or wireless communication modalities it enables may be detected immediately by the communication module 202 and/or by at least one external network 203 and blocked.
  • communication with processor 201 in vehicle 210 may be carried out with a controlled area network bus (CAN-BUS) which allows various devices and controllers of the vehicle 210 (e.g., ECUs) to be able to communicate with one another.
  • CAN-BUS controlled area network bus
  • Each ECU 204, 205 may have a unique ID, to identify itself on the CAN-BUS.
  • IDs of the ECUs may be used to create an IPvX address for the entire vehicle.
  • data may be accessed on some ECUs 204 (e.g., the telematics control unit (TCU)) from another ECU 205.
  • TCU telematics control unit
  • This may enable adding IDs of the ECUs to the IPvX address, and thereby monitor, control, and/or block (e.g., by processor 201) access to ECUs that are authenticated by the IPvX protocol.
  • At least one mobile device 20 may be securely paired with the communication module 202 by creating a joint IPvX address that corresponds to the combination of IPvX of the communication module 202 (e.g., "IPvX_a”) and the IPvX of the mobile device 20 (e.g., "IPvX_b").
  • the joint IPvX (a+b) may be continuously monitored by the processor 201 and/or by external network 203.
  • any attempt to connect from an external third-party device and/or server with the communication module 202 may be detected by the processor 201 and/or by external network 203. In some embodiments, such attempt may be carried out either directly or indirectly (e.g., by hacking a device paired with the communication module 202) via at least partially wireless connection.
  • At least one external network 203 may be securely paired with ECUs 204, 205 of the vehicle 210 (e.g., infotainment, telematics, etc.) by creating a joint IPvX address.
  • the joint IPvX may correspond to the combination of IPvX of the communication module 202 (e.g., "IPvX_c") and the IPvX of the external server 203 (e.g., "IPvX_d").
  • the joint IPvX (c+d) may be continuously monitored by the processor 201 and/or by external network 203.
  • any attempt to connect from external third-party device and/or server to the communication module 202 or to the external server 203 either directly or indirectly (e.g., by hacking an active connection with the services server) via one or more physical or wireless communication modalities may be detected and blocked by the processor 201 and/or by external network 203.
  • Fig. 4 shows a block diagram of a vehicle security device 400, according to some embodiments of the invention.
  • the vehicle security device 400 may be coupled (as a hardware device) to processor 201 of system 200 (as shown in Fig. 2) and include components to communicate with elements of vehicle security system 200, as further described hereinafter.
  • OBD on on-board diagnostic
  • An OBD port may allow external electronics to interface with processor 201 of vehicle 210, in order to retrieve data from various ECUs 204, 205 and/or identify abnormalities and control ECUs 204, 205 from outside the vehicle 201.
  • vehicle security device 400 (such as computerized device 100, shown in Fig. 1) may be a computer, micro-computer, or a system-on-chip (SoC) containing a computer processor, memory and computer code, or maybe an external computer device containing a processor, memory, and computer code connected to the CAN-BUS.
  • vehicle security device 400 may communicate with mobile devices 20 via Bluetooth component 401, and/or communicate with external networks 203 via GSM component 402 (e.g., with a SIM card to pass data packets back and forth to at least one external network 203).
  • SoC system-on-chip
  • vehicle security device 400 may include an engine 406 configured execute code so as to allow scanning hardware and/or software data from ECUs 204, 205 of vehicle 210.
  • engine 406 may also allow sending the scanned data to at least one external network 203, for instance via GSM component 402.
  • engine 406 may also allow storing an IKS of the system (e.g., the infotainment system and/or all components of the vehicle 210) and/or synchronize this IKS with corresponding the IPvX which may be repeatedly generated in at least one external network 203.
  • vehicle security device 400 may be coupled to an OBD device.
  • the vehicle security device 400 may have an input side 403 that connects to the OBD port of the vehicle 210.
  • the vehicle security device 400 may also have and output side 404 to enable connecting vehicle diagnostic equipment.
  • vehicle security device 400 may enable scanning ECUs on the CAN-BUS by sending an empty data block and then waiting for a response from the ECUs on the CAN-BUS.
  • the vehicle security device 400 may in fact scan the unique hardware and software identifiers of the vehicle systems 210, send this data to at least one external network 203.
  • determination of the IPvX address may be carried out either locally using the internal processing power (e.g., with a CPU component 405) of the vehicle security device 400, and/or by the processor 201 and/or by at least one external network 203. In some embodiments, determination of the IPvX address may be synchronized between the vehicle security device 400 and the processor 201 and/or by at least one external network 203. In some embodiments, once the IPvX is determined, the digital identity of the vehicle as a system may be replaced with the digital identity of the vehicle security device 400.
  • devices that are on the CAN-BUS may be determined (e.g., by processor 201 and/or by vehicle security device 400), for example in the case of a mechanics inspection device that connects to the CAN-BUS to check that all the devices on the CAN-BUS are working properly, the ECUs may be scanned and record the responses by the vehicle security device 400.
  • vehicle security device 400 may be coupled to a gateway connected to CAN-BUS.
  • At least one processor may determine 501 a unique identifier of at least one component of the vehicle network.
  • the at least one processor may determine 502 an IPvX identifier for at least one component of the vehicle network, wherein the IPvX identifier corresponds to the determined unique identifier of the at least one component of the vehicle network.
  • the at least one processor may authenticate 503 the determined IPvX identifier with data received from the at least one component of the vehicle network and block 504 operation of non-authenticated identities.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Automation & Control Theory (AREA)
  • Human Computer Interaction (AREA)
  • Transportation (AREA)
  • Mechanical Engineering (AREA)
  • Small-Scale Networks (AREA)

Abstract

Systems and methods for preventing attacks on a vehicle network, with determination of a unique identifier of at least one component of the vehicle network, determination of an IPv X identifier for at least one component of the vehicle network, wherein the IPv X identifier corresponds to the determined unique identifier of the at least one component of the vehicle network, authentication of the determined IPv X identifier with data received from the at least one component of the vehicle network, and blocking operations of non-authenticated identities.

Description

SYSTEM AND METHOD FOR PREVENTION OF ATTACKS
IN CONNECTED VEHICLES
FIELD OF INVENTION
[001] The present invention relates to cyber-attacks on vehicles. More particularly, the present invention relates to systems and methods for prevention of attacks in networks of connected vehicles.
BACKGROUND OF THE INVENTION
[002] In recent years, connected vehicles have become available, with access to external communication networks (e.g., connected to the Internet). Modern vehicles often include new connected technologies that aim to provide benefits such as added safety features, improved fuel economy, and greater overall convenience. Some vehicles may support multiple communication modalities, such as Bluetooth, WiFi, GSM/LTE, etc. Connected vehicles often have a multimedia system, which provides a combination of in-vehicle information and entertainment, and is also known as the infotainment system.
[003] Some automotive aftermarket devices are also providing consumers with new features to monitor the status of their vehicles. However, with this increased connectivity, it is also important that consumers and automotive manufacturers be aware of potential cyber security threats.
[004] Hacking is defined as an unauthorized intrusion into a computer or a network, where the hacker may alter system or security features to accomplish a goal that differs from the original purpose of the system. A hacker can potentially gain access to a vehicle's network through any of the devices connected to the vehicle, such as one's smartphone, the infotainment system, and WiFi connection or through Electronic Control Units (ECUs) of the vehicle. Once hackers have gained access to the vehicle network they can potentially control devices within the vehicle, such as the vehicle's steering, braking, GPS system, communications, etc. Some vehicles enable connected services from remote servers, such as over-the-air (OTA) updates of firmware and/or software, so hacking the vehicle may provide the hacker with access to the server that provides the services (e.g., OTA services).
[005] As vehicles (e.g., cars or airplanes) become dependent on connectivity to online services (e.g., for over the air updates, navigation, etc.), incorporate autonomous capabilities, and controlled by fleet management servers, the impact of potential hacking might be very significant. Therefore, connected vehicles need to be protected from hacking attempts, with alerting the driver and neutralizing the attack. [006] PCT application PCT/IL2017/050286 describes systems and methods for authenticating network devices and their users using the IPvX protocol. IPvX protocol is the communications protocol that provides an identification and location system for computers on networks, and routes traffic across the Internet. For example, a software application for generating the IPvX protocol may be installed in the infotainment system.
SUMMARY OF THE INVENTION
[007] There is thus provided, in accordance with some embodiments of the invention, a method of preventing attacks on a vehicle network, the method including determining, by a processor, a unique identifier of at least one component of the vehicle network, determining, by the processor, an IPvX identifier for at least one component of the vehicle network, wherein the IPvX identifier corresponds to the determined unique identifier of the at least one component of the vehicle network, authenticating, by the processor, the determined IPvX identifier with data received from the at least one component of the vehicle network, and blocking, by the processor, operation of non-authenticated identities.
[008] In some embodiments, the digital identity of the at least one component of the vehicle network may be replaced. In some embodiments, the determined IPvX identifier may be stored as an initial key stored. In some embodiments, a record of the initial key-store may be generated. In some embodiments, the method further includes communicating with at least one component of the vehicle network. In some embodiments, the communication may be carried out with a controlled area network bus. In some embodiments, an alert may be issued when an operation of non-authenticated identity is blocked.
[009] There is thus provided, in accordance with some embodiments of the invention, a vehicle security system, the vehicle including at least one electronic control unit (ECU), and the system including at least one processor, and a communication analysis module, coupled to the at least one processor, wherein the communication analysis module is configured to determine a unique identifier of at least one ECU, determine an IPvX identifier for at least one ECU, wherein the IPvX identifier corresponds to the determined unique identifier of the ECU, authenticate the determined IPvX identifier with data received from the at least one ECU, and block operation of non-authenticated identities.
[010] In some embodiments, the system may further include at least one communication module coupled to the at least one processor and may be configured to communicate with at least one external network. In some embodiments, at least one communication module may be configured to communicate with at least one mobile communication device. [Oi l] In some embodiments, the communication between the at least one communication module and the at least one mobile communication device may create a joint IPvX address, and wherein the joint IPvX address may correspond to the combination of the IPvX address of the at least one communication module and the IPvX address of the at least one mobile communication device.
[012] In some embodiments, the processor may be configured to read data from at least one ECU and may send the read data to the at least one external network. In some embodiments, the ECU data may be sent to the at least one external network and may be analyzed and authenticated for IPvX identifier of the at least one ECU. In some embodiments, the communication analysis module may be configured to generate a record of the initial key-store. In some embodiments, the communication between the processor and at least one ECU may be carried out with a controlled area network bus, and wherein each ECU has a unique ID. In some embodiments, the communication between the at least one external network and at least one ECU may create a joint IPvX address, and wherein the joint IPvX address may correspond to the combination of the IPvX address of the at least one external network and the IPvX address of the at least one ECU.
[013] There is thus provided, in accordance with some embodiments of the invention, a vehicle security device, the vehicle including at least one electronic control unit (ECU), the device including at least one processor, configured to determine a unique identifier of at least one ECU, determine an IPvX identifier for at least one ECU, wherein the IPvX identifier corresponds to the determined unique identifier of the ECU, authenticate the determined IPvX identifier with data received from the at least one ECU, and block operation of non- authenticated identities.
[014] In some embodiments, the processor may be configured to communicate with an onboard diagnostics (OBD) system. In some embodiments, the device may further include at least one communication module coupled to the at least one processor and configured to communicate with at least one external network. In some embodiments, the communication between the processor and at least one ECU may be carried out with a controlled area network bus, and wherein each ECU has a unique ID.
BRIEF DESCRIPTION OF THE DRAWINGS
[015] The subject matter regarded as the invention is particularly pointed out and distinctly claimed in the concluding portion of the specification. The invention, however, both as to organization and method of operation, together with objects, features, and advantages thereof, may best be understood by reference to the following detailed description when read with the accompanying drawings in which:
[016] Fig. 1 shows a block diagram of an examplary computing device, according to some embodiments of the invention;
[017] Fig. 2 schematically illustrates a block diagram of a vehicle security system, according to some embodiments of the invention;
[018] Fig. 3 shows the structure of an IPvX data packet, according to some embodiments of the invention;
[019] Fig. 4 shows a block diagram of a vehicle security device, according to some embodiments of the invention; and
[020] Fig. 5 shows a flowchart for a method of preventing attacks on a vehicle network, according to some embodiments of the invention.
[021] It will be appreciated that for simplicity and clarity of illustration, elements shown in the figures have not necessarily been drawn to scale. For example, the dimensions of some of the elements may be exaggerated relative to other elements for clarity. Further, where considered appropriate, reference numerals may be repeated among the figures to indicate corresponding or analogous elements.
DETAILED DESCRIPTION OF THE PRESENT INVENTION
[022] In the following detailed description, numerous specific details are set forth in order to provide a thorough understanding of the invention. However, it will be understood by those skilled in the art that the present invention may be practiced without these specific details. In other instances, well-known methods, procedures, and components have not been described in detail so as not to obscure the present invention.
[023] Although embodiments of the invention are not limited in this regard, discussions utilizing terms such as, for example, "processing," "computing," "calculating," "determining," "establishing", "analyzing", "checking", or the like, may refer to operations) and/or process(es) of a computer, a computing platform, a computing system, or other electronic computing device, that manipulates and/or transforms data represented as physical (e.g., electronic) quantities within the computer's registers and/or memories into other data similarly represented as physical quantities within the computer's registers and/or memories or other information non-transitory storage medium that may store instructions to perform operations and/or processes. Although embodiments of the invention are not limited in this regard, the terms "plurality" and "a plurality" as used herein may include, for example, "multiple" or "two or more". The terms "plurality" or "a plurality" may be used throughout the specification to describe two or more components, devices, elements, units, parameters, or the like. The term set when used herein may include one or more items. Unless explicitly stated, the method embodiments described herein are not constrained to a particular order or sequence. Additionally, some of the described method embodiments or elements thereof can occur or be performed simultaneously, at the same point in time, or concurrently.
[024] Reference is made to Fig. 1 , which shows a block diagram of an examplary computing device, according to some embodiments of the invention. A device 100 may include a controller 105 that may be, for example, a central processing unit processor (CPU), a chip or any suitable computing or computational device, an operating system 115, a memory 120, executable code 125, a storage system 130 that may include input devices 135 and output devices 140. Controller 105 (or one or more controllers or processors, possibly across multiple units or devices) may be configured to carry out methods described herein, and/or to execute or act as the various modules, units, etc. More than one computing device 100 may be included in, and one or more computing devices 100 may act as the components of, a system according to embodiments of the invention.
[025] Operating system 115 may be or may include any code segment (e.g., one similar to executable code 125 described herein) designed and/or configured to perform tasks involving coordination, scheduling, arbitration, supervising, controlling or otherwise managing operation of computing device 100, for example, scheduling execution of software programs or tasks or enabling software programs or other modules or units to communicate. Operating system 115 may be a commercial operating system. It will be noted that an operating system 115 may be an optional component, e.g., in some embodiments, a system may include a computing device that does not require or include an operating system 115.
[026] Memory 120 may be or may include, for example, a Random Access Memory (RAM), a read only memory (ROM), a Dynamic RAM (DRAM), a Synchronous DRAM (SD-RAM), a double data rate (DDR) memory chip, a Flash memory, a volatile memory, a non-volatile memory, a cache memory, a buffer, a short term memory unit, a long term memory unit, or other suitable memory units or storage units. Memory 120 may be or may include a plurality of, possibly different memory units. Memory 120 may be a computer or processor non- transitory readable medium, or a computer non- transitory storage medium, e.g., a RAM.
[027] Executable code 125 may be any executable code, e.g., an application, a program, a process, task or script. Executable code 125 may be executed by controller 105 possibly under control of operating system 115. For example, executable code 125 may be an application that enforces security in a vehicle as further described hereinafter, for example, to block cyber- attacks on vehicle networks. Although, for the sake of clarity, a single item of executable code 125 is shown in Fig. 1, a system according to some embodiments of the invention may include a plurality of executable code segments similar to executable code 125 that may be loaded into memory 120 and cause controller 105 to carry out methods described herein.
[028] Storage system 130 may be or may include, for example, a flash memory as known in the art, a memory that is internal to, or embedded in, a micro controller or chip as known in the art, a hard disk drive, a CD-Recordable (CD-R) drive, a Blu-ray disk (BD), a universal serial bus (USB) device or other suitable removable and/or fixed storage unit. Content may be stored in storage system 130 and may be loaded from storage system 130 into memory 120 where it may be processed by controller 105. In some embodiments, some of the components shown in Fig. 1 may be omitted. For example, memory 120 may be a non-volatile memory having the storage capacity of storage system 130. Accordingly, although shown as a separate component, storage system 130 may be embedded or included in memory 120.
[029] Input devices 135 may be or may include any suitable input devices, components or systems, e.g., a detachable keyboard or keypad, a mouse and the like. Output devices 140 may include one or more (possibly detachable) displays or monitors, speakers and/or any other suitable output devices. Any applicable input/output (I/O) devices may be connected to computing device 100 as shown by blocks 135 and 140. For example, a wired or wireless network interface card (NIC), a universal serial bus (USB) device or external hard drive may be included in input devices 135 and/or output devices 140. It will be recognized that any suitable number of input devices 135 and output devices 140 may be operatively connected to computing device 100 as shown by blocks 135 and 140. For example, input devices 135 and output devices 140 may be used by a technician or engineer in order to connect to a computing device 100, update software and the like. Input and/or output devices or components 135 and 140 may be adapted to interface or communicate, with control or other units in a vehicle.
[030] Embodiments of the invention may include an article such as a computer or processor non-transitory readable medium, or a computer or processor non-transitory storage medium, such as for example a memory, a disk drive, or a USB flash memory, encoding, including or storing instructions, e.g., computer-executable instructions, which, when executed by a processor or controller, carry out methods disclosed herein. For example, a storage medium such as memory 120, computer-executable instructions such as executable code 125 and a controller such as controller 105.
[031] The storage medium may include, but is not limited to, any type of disk including magneto-optical disks, semiconductor devices such as read-only memories (ROMs), random access memories (RAMs), such as a dynamic RAM (DRAM), erasable programmable readonly memories (EPROMs), flash memories, electrically erasable programmable read-only memories (EEPROMs), magnetic or optical cards, or any type of media suitable for storing electronic instructions, including programmable storage devices.
[032] Embodiments of the invention may include components such as, but not limited to, a plurality of central processing units (CPU) or any other suitable multi-purpose or specific processors or controllers (e.g., controllers similar to controller 105), a plurality of input units, a plurality of output units, a plurality of memory units, and a plurality of storage units. A system may additionally include other suitable hardware components and/or software components. In some embodiments, a system may include or may be, for example, a personal computer, a desktop computer, a mobile computer, a laptop computer, a notebook computer, a terminal, a workstation, a server computer, a Personal Digital Assistant (PDA) device, a tablet computer, a network device, or any other suitable computing device.
[033] In some embodiments, a system may include or may be, for example, a plurality of components that include a respective plurality of central processing units, e.g., a plurality of CPUs as described, a plurality of CPUs embedded in an on board, system or network, a plurality of chips, a plurality of computer or network devices, or any other suitable computing device. For example, a system as described herein may include one or more devices such as computing device 100.
[034] According to some embodiments, a security system for prevention of attacks on vehicle networks may be implemented as executable code 125 (e.g., to be executed by controller 105) and/or as a combination of executable code 125 and a compatible hardware component (e.g., embedded on at least one ECU), as further described hereinafter.
[035] Reference is now made to Fig. 2, which schematically illustrates a block diagram of a vehicle security system 200, according to some embodiments of the invention. The vehicle security system 200 may include at least one vehicle processor 201 (such as controller 105, shown in Fig. 1) coupled to at least one communication module 202 and configured to control operations of the vehicle 210 and components coupled thereto.
[036] The at least one communication module 202 may be paired with at least one mobile communication device 20 (e.g., a smartphone), for instance a user may control infotainment system of the vehicle 210 using the at least one mobile communication device 20. The at least one communication module 202 may also communicate with at least one external network 203, for instance using a virtual private network (VPN). For example, communication module 202 may communicate with an external weather cloud based service to receive weather information. In some embodiments, processor 201 may execute code to scan and/or read hardware (e.g., a hardware component of the vehicle 210) and/or software data of the system 200, and send this data for storage and further processing in the cloud based service 203. In some embodiments, communication to at least one communication module 202 and/or communication from at least one communication module 202 may be at least partially wireless (indicated with dashed arrows in Fig. 2), for instance via Bluetooth and/or via WiFi, GSM/LTE, etc. In some embodiments, hardware and/or software data may be analyzed similarly to analysis of hardware and software markers as described in PCT/IL2017/050286.
[037] In some embodiments, system 200 may include at least one electronic control unit (ECU) 204, 205 coupled to processor 201 and configured to control at least one operation of the vehicle 210. For example, an ECU connected to the engine or to the infotainment system processing data from an external hard drive (e.g., a flash drive or CD), where processor 201 may analyze all data received from ECUs 204, 205 coupled thereto.
[038] In some embodiments, system 200 may include at least one communication analysis module 206 coupled to processor 201 and configured to analyze data from vehicle 210 components in order to detect and/or prevent attacks. In some embodiments, at least one communication analysis module 206 may be implemented as a software component embedded into processor 201 and/or a hardware component coupled thereto, for instance embedded into an ECU 204, 205 and/or an additional analysis component. In some embodiments, at least one communication analysis module 206 may create a local log and/or record of the initial key- store (IKS).
[039] In some embodiments, operating the at least one communication analysis module 206 on the infotainment may enable scanning the unique hardware and/or software identifiers of this system 200, and send this data to at least one remote server (e.g., external network 203).
[040] In some embodiments, at least one communication analysis module 206 may determine the IPvX address of components of the vehicle 210 (e.g., the infotainment system). In some embodiments, upon determination of the IPvX address, the at least one communication analysis module 206 may replace the digital identity of the corresponding components of the vehicle 210 (e.g., the infotainment system). In some embodiments, at least one external network 203 may continuously monitor components of the vehicle 210 (e.g., the infotainment system) and authenticate its integrity by repeating the IPvX determination process.
[041] Reference is now made to Fig. 3, which shows the structure of an IPvX data packet 300, according to some embodiments of the invention. It should be noted that the term IPvX may refer to a memory packet 300 that may include a table or other collection of data associating at least one IPvX header with identification data stored in one or more software component and/or hardware component that may be installed in, running on or otherwise associated with system 200. In some embodiments, IKS address 301 of system 200 according to the IPvX protocol may include N number of bits, and no less than 128bits. As a result, the corresponding IPvX destination address 302 may include at least 128bits.
[042] Reference is made back to Fig. 2. It should be noted that all data packets going in or out of the vehicle 210, via communication module 202 (e.g., via Bluetooth, WiFi, GSM/LTE, etc.) are enveloped by the IPvX protocol that is used to authenticate the source of the data. This may enable the at least one external network 203 to distinguish between legitimate (or authenticated) and illegitimate (or not-authenticated) data. In some embodiments, external devices that are not part of the IPvX identity may not be authenticated and therefore cannot pair with processor 201 (e.g., with the infotainment system). In some embodiments, any attempt to connect to the processor 201 from external third-party device and/or server via one or more of the physical and/or wireless communication modalities it enables may be detected immediately by the communication module 202 and/or by at least one external network 203 and blocked.
[043] In some embodiments, communication with processor 201 in vehicle 210 may be carried out with a controlled area network bus (CAN-BUS) which allows various devices and controllers of the vehicle 210 (e.g., ECUs) to be able to communicate with one another. Each ECU 204, 205 may have a unique ID, to identify itself on the CAN-BUS. In some embodiments, IDs of the ECUs may be used to create an IPvX address for the entire vehicle.
[044] In some embodiments, data may be accessed on some ECUs 204 (e.g., the telematics control unit (TCU)) from another ECU 205. This may enable adding IDs of the ECUs to the IPvX address, and thereby monitor, control, and/or block (e.g., by processor 201) access to ECUs that are authenticated by the IPvX protocol.
[045] According to some embodiments, at least one mobile device 20 may be securely paired with the communication module 202 by creating a joint IPvX address that corresponds to the combination of IPvX of the communication module 202 (e.g., "IPvX_a") and the IPvX of the mobile device 20 (e.g., "IPvX_b"). The joint IPvX (a+b) may be continuously monitored by the processor 201 and/or by external network 203.
[046] In some embodiments, any attempt to connect from an external third-party device and/or server with the communication module 202 may be detected by the processor 201 and/or by external network 203. In some embodiments, such attempt may be carried out either directly or indirectly (e.g., by hacking a device paired with the communication module 202) via at least partially wireless connection.
[047] In some embodiments, at least one external network 203 (e.g., over-the-air firmware or software server) may be securely paired with ECUs 204, 205 of the vehicle 210 (e.g., infotainment, telematics, etc.) by creating a joint IPvX address. In some embodiments, the joint IPvX may correspond to the combination of IPvX of the communication module 202 (e.g., "IPvX_c") and the IPvX of the external server 203 (e.g., "IPvX_d"). The joint IPvX (c+d) may be continuously monitored by the processor 201 and/or by external network 203. In some embodiments, any attempt to connect from external third-party device and/or server to the communication module 202 or to the external server 203 either directly or indirectly (e.g., by hacking an active connection with the services server) via one or more physical or wireless communication modalities may be detected and blocked by the processor 201 and/or by external network 203.
[048] Reference is now made to Fig. 4, which shows a block diagram of a vehicle security device 400, according to some embodiments of the invention. The vehicle security device 400 may be coupled (as a hardware device) to processor 201 of system 200 (as shown in Fig. 2) and include components to communicate with elements of vehicle security system 200, as further described hereinafter.
[049] Some vehicles have on on-board diagnostic (OBD) system, which is a computer unit, to monitor emissions, mileage, speed, etc. OBD may generally refer to any vehicle's ability to register and report issues that may occur, or have occurred within the system. An OBD port may allow external electronics to interface with processor 201 of vehicle 210, in order to retrieve data from various ECUs 204, 205 and/or identify abnormalities and control ECUs 204, 205 from outside the vehicle 201.
[050] In some embodiments, vehicle security device 400 (such as computerized device 100, shown in Fig. 1) may be a computer, micro-computer, or a system-on-chip (SoC) containing a computer processor, memory and computer code, or maybe an external computer device containing a processor, memory, and computer code connected to the CAN-BUS. In some embodiments, vehicle security device 400 may communicate with mobile devices 20 via Bluetooth component 401, and/or communicate with external networks 203 via GSM component 402 (e.g., with a SIM card to pass data packets back and forth to at least one external network 203). In some embodiments, vehicle security device 400 may include an engine 406 configured execute code so as to allow scanning hardware and/or software data from ECUs 204, 205 of vehicle 210. In some embodiments, engine 406 may also allow sending the scanned data to at least one external network 203, for instance via GSM component 402. In some embodiments, engine 406 may also allow storing an IKS of the system (e.g., the infotainment system and/or all components of the vehicle 210) and/or synchronize this IKS with corresponding the IPvX which may be repeatedly generated in at least one external network 203.
[051] According to some embodiments, vehicle security device 400 may be coupled to an OBD device. The vehicle security device 400 may have an input side 403 that connects to the OBD port of the vehicle 210. The vehicle security device 400 may also have and output side 404 to enable connecting vehicle diagnostic equipment.
[052] In some embodiments, vehicle security device 400 may enable scanning ECUs on the CAN-BUS by sending an empty data block and then waiting for a response from the ECUs on the CAN-BUS. The vehicle security device 400 may in fact scan the unique hardware and software identifiers of the vehicle systems 210, send this data to at least one external network 203.
[053] In some embodiments, determination of the IPvX address may be carried out either locally using the internal processing power (e.g., with a CPU component 405) of the vehicle security device 400, and/or by the processor 201 and/or by at least one external network 203. In some embodiments, determination of the IPvX address may be synchronized between the vehicle security device 400 and the processor 201 and/or by at least one external network 203. In some embodiments, once the IPvX is determined, the digital identity of the vehicle as a system may be replaced with the digital identity of the vehicle security device 400.
[054] In some embodiments, devices that are on the CAN-BUS may be determined (e.g., by processor 201 and/or by vehicle security device 400), for example in the case of a mechanics inspection device that connects to the CAN-BUS to check that all the devices on the CAN-BUS are working properly, the ECUs may be scanned and record the responses by the vehicle security device 400.
[055] According to some embodiments, vehicle security device 400 may be coupled to a gateway connected to CAN-BUS.
[056] Reference is now made to Fig. 5, which shows a flowchart for a method of preventing attacks on a vehicle network, according to some embodiments of the invention. In some embodiments, at least one processor (such as processor 201 shown in Fig. 2) may determine 501 a unique identifier of at least one component of the vehicle network. In some embodiments, the at least one processor may determine 502 an IPvX identifier for at least one component of the vehicle network, wherein the IPvX identifier corresponds to the determined unique identifier of the at least one component of the vehicle network.
[057] In some embodiments, the at least one processor may authenticate 503 the determined IPvX identifier with data received from the at least one component of the vehicle network and block 504 operation of non-authenticated identities.
[058] While certain features of the invention have been illustrated and described herein, many modifications, substitutions, changes, and equivalents will now occur to those of ordinary skill in the art. It is, therefore, to be understood that the appended claims are intended to cover all such modifications and changes as fall within the true spirit of the invention. [059] Various embodiments have been presented. Each of these embodiments may of course include features from other embodiments presented, and embodiments not specifically described may include various features described herein.

Claims

1. A method of preventing attacks on a vehicle network, the method comprising:
determining, by a processor, a unique identifier of at least one component of the vehicle network;
determining, by the processor, an IPvX identifier for at least one component of the vehicle network, wherein the IPvX identifier corresponds to the determined unique identifier of the at least one component of the vehicle network;
authenticating, by the processor, the determined IPvX identifier with data received from the at least one component of the vehicle network; and
blocking, by the processor, operation of non- authenticated identities.
2. The method as in claim 1 , comprising replacing the digital identity of the at least one component of the vehicle network.
3. The method as in claim 1, comprising storing the determined IPvX identifier as an initial key store.
4. The method as in claim 1, comprising generating a record of the initial key-store.
5. The method as in claim 1, comprising communicating with at least one component of the vehicle network.
6. The method as in claim 5, wherein the communication is carried out with a controlled area network bus.
7. The method as in claim 1 , comprising issuing an alert when an operation of non- authenticated identity is blocked.
8. A vehicle security system, the vehicle comprising at least one electronic control unit (ECU), the system comprising:
at least one processor; and
a communication analysis module, coupled to the at least one processor, wherein the communication analysis module is configured to:
determine a unique identifier of at least one ECU; determine an IPvX identifier for at least one ECU, wherein the IPvX identifier corresponds to the determined unique identifier of the ECU;
authenticate the determined IPvX identifier with data received from the at least one ECU; and
block operation of non-authenticated identities.
9. The system as in claim 8, further comprising at least one communication module coupled to the at least one processor and configured to communicate with at least one external network.
10. The system as in claim 9, wherein the at least one communication module is configured to communicate with at least one mobile communication device.
11. The system as in claim 9, wherein communication between the at least one communication module and the at least one mobile communication device creates a joint IPvX address, and wherein the joint IPvX address corresponds to the combination of the IPvX address of the at least one communication module and the IPvX address of the at least one mobile communication device.
12. The system as in claim 9, wherein the processor is configured to read data from at least one ECU and send the read data to the at least one external network.
13. The system as in claim 12, wherein ECU data sent to the at least one external network is to be analyzed and authenticated for IPvX identifier of the at least one ECU.
14. The system as in claim 8, wherein the communication analysis module is configured to generate a record of the initial key- store.
15. The system as in claim 8, wherein communication between the processor and at least one ECU is carried out with a controlled area network bus, and wherein each ECU has a unique ID.
16. The system as in claim 8, wherein communication between the at least one external network and at least one ECU creates a joint IPvX address, and wherein the joint IPvX address corresponds to the combination of the IPvX address of the at least one external network and the IPvX address of the at least one ECU.
17. A vehicle security device, the vehicle comprising at least one electronic control unit (ECU), the device comprising:
at least one processor, configured to:
determine a unique identifier of at least one ECU;
determine an IPvX identifier for at least one ECU, wherein the IPvX identifier corresponds to the determined unique identifier of the ECU;
authenticate the determined IPvX identifier with data received from the at least one ECU; and
block operation of non-authenticated identities.
18. The device of claim 17, wherein the processor is configured to communicate with an onboard diagnostics (OBD) system.
19. The device of claim 17, further comprising at least one communication module coupled to the at least one processor and configured to communicate with at least one external network.
20. The device of claim 17, wherein communication between the processor and at least one ECU is carried out with a controlled area network bus, and wherein each ECU has a unique ID.
PCT/IL2017/050888 2016-08-12 2017-08-10 System and method for prevention of attacks in connected vehicles WO2018029692A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US201662374032P 2016-08-12 2016-08-12
US62/374,032 2016-08-12

Publications (1)

Publication Number Publication Date
WO2018029692A1 true WO2018029692A1 (en) 2018-02-15

Family

ID=61162815

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IL2017/050888 WO2018029692A1 (en) 2016-08-12 2017-08-10 System and method for prevention of attacks in connected vehicles

Country Status (1)

Country Link
WO (1) WO2018029692A1 (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110153149A1 (en) * 2009-12-17 2011-06-23 Electronics And Telecommunications Research Institute COMMUNICATION APPARATUS AND METHOD FOR VEHICLE USING IPv6 NETWORK
US20140165191A1 (en) * 2012-12-12 2014-06-12 Hyundai Motor Company Apparatus and method for detecting in-vehicle network attack
US20150020152A1 (en) * 2012-03-29 2015-01-15 Arilou Information Security Technologies Ltd. Security system and method for protecting a vehicle electronic system

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110153149A1 (en) * 2009-12-17 2011-06-23 Electronics And Telecommunications Research Institute COMMUNICATION APPARATUS AND METHOD FOR VEHICLE USING IPv6 NETWORK
US20150020152A1 (en) * 2012-03-29 2015-01-15 Arilou Information Security Technologies Ltd. Security system and method for protecting a vehicle electronic system
US20140165191A1 (en) * 2012-12-12 2014-06-12 Hyundai Motor Company Apparatus and method for detecting in-vehicle network attack

Similar Documents

Publication Publication Date Title
US11303661B2 (en) System and method for detection and prevention of attacks on in-vehicle networks
US11271727B2 (en) End-to-end communication security
EP3445015B1 (en) Methods and devices for accessing protected applications
EP3440821B1 (en) Secure controller operation and malware prevention
US9843594B1 (en) Systems and methods for detecting anomalous messages in automobile networks
EP3274845B1 (en) Security systems and method for identification of in-vehicle attack originator
EP3699794A1 (en) System and method for detecting exploitation of a component connected to an in-vehicle network
US20160035147A1 (en) Establishing secure communication for vehicle diagnostic data
US9923722B2 (en) Message authentication library
US20200183373A1 (en) Method for detecting anomalies in controller area network of vehicle and apparatus for the same
US20210006583A1 (en) System and method of secure communication with internet of things devices
Alam Securing vehicle Electronic Control Unit (ECU) communications and stored data
CN110830491A (en) Internet of vehicles information acquisition method and device
US20120330498A1 (en) Secure data store for vehicle networks
WO2017153990A1 (en) System and method for device authentication using hardware and software identifiers
WO2019069308A1 (en) System and method for validation of authenticity of communication at in-vehicle networks
WO2018029692A1 (en) System and method for prevention of attacks in connected vehicles
Humayed An overview of vehicle obd-ii port countermeasures
Kocsis et al. Novel approaches to evaluate the ability of vehicles for secured transportation
Al Zaabi et al. An enhanced conceptual security model for autonomous vehicles
Zhang et al. Securing connected vehicles end to end
US20220044207A1 (en) Vehicle service authorization
Das et al. STRIDE-Based Cybersecurity Threat Modeling, Risk Assessment and Treatment of an Infotainment High Performance Computing (HPC) System
Kämä Security threats from connecting mobile phones to connected vehicles
JP2023144221A (en) On-vehicle device, vehicle, and method

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17838932

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 27/05/2019)

122 Ep: pct application non-entry in european phase

Ref document number: 17838932

Country of ref document: EP

Kind code of ref document: A1