公开(公告)号：US11108789B2

公开(公告)日：2021-08-31

申请号：US16316452

申请日：2017-01-13

Applicant: THE REGENTS OF THE UNIVERSITY OF MICHIGAN

Inventor： Kang G. Shin ,  Kyong-Tak Cho

IPC: H04L12/40 ,  H04L29/06

Abstract: Research efforts to detect and prevent possible attacks on vehicles have led to various defense schemes that are capable of preventing attacks and/or determining the presence/absence of an attack on the in-vehicle network. However, these efforts still cannot identify which Electronic Control Unit (ECU) on the in-vehicle network actually mounted the attack. Moreover, they cannot detect attacks by an adversary that impersonates ECUs injecting in-vehicle messages aperiodically. Identifying the source of an attack is essential for efficient forensic, isolation, security patch, etc. To fill these gaps, a method is presented for detecting and identifying compromised ECUs in a vehicle network.

公开(公告)号：US11180154B2

公开(公告)日：2021-11-23

申请号：US16162699

申请日：2018-10-17

Applicant: The Regents of The University of Michigan

Inventor： Kang G. Shin ,  Dongyao Chen ,  Kyong-Tak Cho

IPC: B60W40/09 ,  B60W40/08

Abstract: Driver fingerprinting using sensor data was known to be feasible only with access to in-car data. This disclosure presents a novel technique for identifying a vehicle driver from only one vehicle turn and using zero-permission sensors residing in the mobile device. Through extensive evaluations, extracted features are shown to reflect only the drivers unique turning style and thus functions as the core of driver fingerprinting.

公开(公告)号：US11044260B2

公开(公告)日：2021-06-22

申请号：US15472861

申请日：2017-03-29

Applicant: THE REGENTS OF THE UNIVERSITY OF MICHIGAN

Inventor： Kang G. Shin ,  Kyong-Tak Cho

IPC: H04L29/06 ,  G06F21/55 ,  G06F1/12 ,  H04L29/08

Abstract: An anomaly-based intrusion detection system is presented for use in vehicle networks. The intrusion detection system measures and exploits the intervals of periodic in-vehicle messages for fingerprinting electronic control units. Fingerprints are then used for constructing a baseline of clock behaviors, for example with a Recursive Least Squares algorithm. Based on the baseline, the intrusion detection system uses cumulative sum to detect any abnormal shifts in the identification errors—a clear sign of an intrusion. This approach allows quick identification of in-vehicle network intrusions with low false positive rates.

公开(公告)号：US10992705B2

公开(公告)日：2021-04-27

申请号：US16071400

申请日：2017-01-20

Applicant: THE REGENTS OF THE UNIVERSITY OF MICHIGAN

Inventor： Kang G. Shin ,  Kyong-Tak Cho

IPC: G06F21/44 ,  G06F11/07 ,  H04L29/06 ,  H04L12/40 ,  G06F11/26

Abstract: An important new vulnerability was discovered and is applicable to several in-vehicle networks including Control Area Network (CAN), the de facto standard in-vehicle network protocol. Specifically, a bus-off attack exploits the safe mode of CAN to disconnect or shut down uncompromised (healthy) ECUs. This is an important attack that must be thwarted, since once the attacker compromises an ECU, it is easy to mount the attack on safety-critical ECUs while its prevention/detection is very difficult. Based on analysis and experimental results, a mechanism to detect and/or prevent a bus-off attack is proposed and evaluated.