Protecting Vehicles From Cyber- Attack

Commonly avialble car diagnistic tools used in the Jeep hack

In 2015, two researchers remotely hacked a Jeep Cherokee being driven by a reporter who documented how the researchers controlled everything from the car’s radio and media console to its brakes and steering. For Dr. Shucheng Yu, an associate professor of computer science at the University of Arkansas at Little Rock, the exercise demonstrated how vulnerable smart cars with GPS, Bluetooth, and internet connections are to cyberattacks.

“These cars have become the trend of the future,” Yu said. “There could be some very severe consequences if someone hacked into the car. A car can be fully controlled by the hacker if it is not protected.”

So Yu and his student, Zachary King, a junior majoring in computer science at UALR, spent the summer researching how to keep cars safe from cyberattacks. They worked on the project during an intensive eight-week summer research program at UALR.

King was one of 10 college students from across the country recruited through a National Science Foundation grant-funded project, “REU Site: CyberSAFE@UALR: Cyber Security and Forensics Research at the University of Arkansas at Little Rock.”

The goal of the program is to decrease cyberattacks on people using mobile technology and social networking sites, said Dr. Mengjun Xie, an associate professor of computer science and director of the CyberSAFE@UALR program.

“The basic idea is to integrate cybersecurity and cyber forensics research with the latest technology in mobile cloud computing and social media to provide research opportunities to students,” Xie said.

More than 130 students applied for 10 spots. Participants included undergraduate college students with a grade point average of 3.0 or higher who are majoring in computer science, computer engineering, math, physics, or electrical engineering

Those selected spent eight weeks conducting research full time with a faculty mentor at the University of Arkansas at Little Rock. Participants received a $4,000 stipend, on-campus housing, a meal plan, and travel expenses.

Smart Car Protection

In his project, “Investigating and Securing Communications in the Controller Area Network (CAN)", King created a security protocol to protect smart cars from hacking. He also built an experimental environment that simulates the communication system in a smart car, which allows the security protocol to be tested through simulations.

The research focuses on the development of a security protocol to protect the Controller Area Network (CAN), an internal communications system in vehicles.

“There are many ways that hackers can control CAN,” King said. “Once they access it, hackers can pretty easily control your car however they want. We are proposing to add a layer of security, so if an unauthorized person accesses it, they still wouldn’t be able to control your vehicle.”

The security protocol protects the CAN in two ways. It authenticates messages sent through the network by creating an authentication code. This authentication code allows nodes on the network to differentiate between a valid message and an attacker’s message.

The second security feature protects against replay attacks, when a hacker attempts to breach the network by repeatedly sending an old message. The protocol uses a timestamp to calculate when the network last received the message, which verifies the message’s “freshness.”

Yu and King are continuing their research this fall. In the future, Yu hopes to collaborate with industry and funding agencies to implement the security protocol in commercial vehicles and protect cars from hackers.

As for King, participating in this summer research program has left him considering a career in cybersecurity once he graduates in 2018.

“Three months ago, I wouldn’t have been able to tell you much about cybersecurity and what a security protocol would look like,” he said. “After having completed this program, I am more interested in cybersecurity than I was before, and I may end up going that route.”

Ein News:

 

« Leak Spotlights NSA's Conflicting Missions
Iraqi Military Invent A Unique Robot To Fight ISIS »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

National Defense Industry Association (NDIA)

National Defense Industry Association (NDIA)

The National Defense Industrial Association Cyber Division contributes to US national security by promoting interaction between the cyber defense industry, government and military.

2Secure

2Secure

2Secure is one of Sweden's largest private security companies. Service inlcude personal security, corporate security, information and cyber security.

Cyber Triage

Cyber Triage

Cyber Triage is an automated incident response software any company can use to investigate their network alerts.

NTOP

NTOP

NTOP develop high-quality network traffic analysis and DDoS protection software used by small individuals as well by large telecom operators.

SecuDrive

SecuDrive

SecuDrive, provides hardware encrypted external storage devices to protect a company’s sensitive and important data.

Signifyd

Signifyd

Signifyd is the world's largest provider of Guaranteed e-Commerce Fraud Protection.

GuardSquare

GuardSquare

GuardSquare is the global reference in mobile application protection. We develop premium software for the protection of mobile applications against reverse engineering and hacking.

GreyCampus

GreyCampus

GreyCampus is a leading provider of training for working professionals in the areas of Project Management, Big Data, Data Science, Service Management, Quality Management and Information Security.

Anglo African

Anglo African

Anglo African is an information technology firm providing end-to-end solutions to different industries, from IT Infrastructure to DataCom as well as Cloud & InfoSec services.

Central Intelligence Agency (CIA)

Central Intelligence Agency (CIA)

The CIA is an independent agency responsible for providing national security intelligence to senior US policymakers. This includes cyber security related activities.

Hawk AI

Hawk AI

Hawk AI’s mission is to help financial institutions detect financial crime more effectively and efficiently using AI to enhance rules and find anomalies.

Dataminr

Dataminr

Dataminr Pulse helps organizations strengthen business resilience with AI-powered, real-time risk and event discovery—and the integrated tools to manage responses.

Red Helix

Red Helix

Red Helix (formerly Phoenix Datacom) is a market leader in network performance and cyber security.

Oduma Solutions

Oduma Solutions

Oduma Solutions is a wholly owned Ghanaian Cybersecurity company that offers information security services to organisations seeking to improve their security posture.

Emantra

Emantra

Emantra specialises in the enablement of Secure Cloud services through it’s comprehensive Sovereign Cloud Hosting, Secure Access Service Edge, and managed services.

Sasken Technologies

Sasken Technologies

Sasken’s Cybersecurity Services enables enterprises to develop, maintain, and take digital products to the market with security postures that empower operational excellence.