Protecting Vehicles From Cyber- Attack

Uploaded on 2016-09-12 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Transport & Travel

Commonly avialble car diagnistic tools used in the Jeep hack

In 2015, two researchers remotely hacked a Jeep Cherokee being driven by a reporter who documented how the researchers controlled everything from the car’s radio and media console to its brakes and steering. For Dr. Shucheng Yu, an associate professor of computer science at the University of Arkansas at Little Rock, the exercise demonstrated how vulnerable smart cars with GPS, Bluetooth, and internet connections are to cyberattacks.

“These cars have become the trend of the future,” Yu said. “There could be some very severe consequences if someone hacked into the car. A car can be fully controlled by the hacker if it is not protected.”

So Yu and his student, Zachary King, a junior majoring in computer science at UALR, spent the summer researching how to keep cars safe from cyberattacks. They worked on the project during an intensive eight-week summer research program at UALR.

King was one of 10 college students from across the country recruited through a National Science Foundation grant-funded project, “REU Site: CyberSAFE@UALR: Cyber Security and Forensics Research at the University of Arkansas at Little Rock.”

The goal of the program is to decrease cyberattacks on people using mobile technology and social networking sites, said Dr. Mengjun Xie, an associate professor of computer science and director of the CyberSAFE@UALR program.

“The basic idea is to integrate cybersecurity and cyber forensics research with the latest technology in mobile cloud computing and social media to provide research opportunities to students,” Xie said.

More than 130 students applied for 10 spots. Participants included undergraduate college students with a grade point average of 3.0 or higher who are majoring in computer science, computer engineering, math, physics, or electrical engineering

Those selected spent eight weeks conducting research full time with a faculty mentor at the University of Arkansas at Little Rock. Participants received a $4,000 stipend, on-campus housing, a meal plan, and travel expenses.

Smart Car Protection

In his project, “Investigating and Securing Communications in the Controller Area Network (CAN)", King created a security protocol to protect smart cars from hacking. He also built an experimental environment that simulates the communication system in a smart car, which allows the security protocol to be tested through simulations.

The research focuses on the development of a security protocol to protect the Controller Area Network (CAN), an internal communications system in vehicles.

“There are many ways that hackers can control CAN,” King said. “Once they access it, hackers can pretty easily control your car however they want. We are proposing to add a layer of security, so if an unauthorized person accesses it, they still wouldn’t be able to control your vehicle.”

The security protocol protects the CAN in two ways. It authenticates messages sent through the network by creating an authentication code. This authentication code allows nodes on the network to differentiate between a valid message and an attacker’s message.

The second security feature protects against replay attacks, when a hacker attempts to breach the network by repeatedly sending an old message. The protocol uses a timestamp to calculate when the network last received the message, which verifies the message’s “freshness.”

Yu and King are continuing their research this fall. In the future, Yu hopes to collaborate with industry and funding agencies to implement the security protocol in commercial vehicles and protect cars from hackers.

As for King, participating in this summer research program has left him considering a career in cybersecurity once he graduates in 2018.

“Three months ago, I wouldn’t have been able to tell you much about cybersecurity and what a security protocol would look like,” he said. “After having completed this program, I am more interested in cybersecurity than I was before, and I may end up going that route.”

Ein News:

 

« Leak Spotlights NSA's Conflicting Missions
Iraqi Military Invent A Unique Robot To Fight ISIS »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

National Cyber Security Centre (NCSC) - United Kingdom

National Cyber Security Centre (NCSC) - United Kingdom

The NCSC acts as a bridge between industry and government, providing a unified source of advice, guidance and support on cyber security, including the management of cyber security incidents.

Qualitest Group

Qualitest Group

Qualitest is the world’s largest pure play Quality Assurance and software testing company.

IoTium

IoTium

Secure Cloud Managed Software Defined IoT Networks. IoTium simplifies establishing and managing secure network infrastructure for Industrial IoT.

BlackRidge Technology

BlackRidge Technology

BlackRidge Technology develops, markets and supports a family of products that provide a next generation cyber security solution for protecting enterprise networks and cloud services.

Meterian

Meterian

The Meterian Platform is a fuss-free solution to protect you against vulnerabilities in your app’s software supply chain.

Nettoken

Nettoken

Nettoken is the first identity management platform designed for everyday internet users, to encourage awareness and control of our ever expanding digital footprint and personal cybersecurity.

boxxe

boxxe

boxxe create flexible IT infrastructures, collaborative global workspaces and data clarity, all underpinned by world-leading security.

Auriga Consulting

Auriga Consulting

Auriga is a center of excellence in Cyber Security, Assurance and Monitoring Services, with a renowned track record of succeeding where others have failed.

Scholarly Networks Security Initiative (SNSI)

Scholarly Networks Security Initiative (SNSI)

SNSI brings together publishers and institutions to solve cyber-challenges threatening the integrity of the scientific record, scholarly systems and the safety of personal data.

Blattner Technologies

Blattner Technologies

Blattner Technologies mission is to be the leading provider of predictive transformation services and tools in the Data Analytics, Artificial Intelligence and Machine Learning industry.

Solvo

Solvo

Solvo enables security teams and other stakeholders to automatically uncover, prioritize, mitigate and remediate cloud infrastructure access risks.

Star Lab

Star Lab

Star Lab specializes in the development and productization of embedded security technologies.

MadWolf Technologies

MadWolf Technologies

MadWolf’s mission is to deliver enterprise-quality managed services and focused applications to organizations operating in the non-profit, association and international development sectors.

TriVigil

TriVigil

TriVigil offer a full-service, comprehensive cybersecurity approach specifically tailored to meet the unique needs of educational institutions.

Custocy

Custocy

Custocy is a unique collaborative AI technology that identifies sophisticated and unknown (zero-day) attacks.

Frenos

Frenos

The Frenos Platform helps enterprises understand their most probable attack paths while highlighting the most effective risk mitigations to deter and defend against today’s adversaries.