Protecting Vehicles From Cyber- Attack

Uploaded on 2016-09-12 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Transport & Travel

Commonly avialble car diagnistic tools used in the Jeep hack

In 2015, two researchers remotely hacked a Jeep Cherokee being driven by a reporter who documented how the researchers controlled everything from the car’s radio and media console to its brakes and steering. For Dr. Shucheng Yu, an associate professor of computer science at the University of Arkansas at Little Rock, the exercise demonstrated how vulnerable smart cars with GPS, Bluetooth, and internet connections are to cyberattacks.

“These cars have become the trend of the future,” Yu said. “There could be some very severe consequences if someone hacked into the car. A car can be fully controlled by the hacker if it is not protected.”

So Yu and his student, Zachary King, a junior majoring in computer science at UALR, spent the summer researching how to keep cars safe from cyberattacks. They worked on the project during an intensive eight-week summer research program at UALR.

King was one of 10 college students from across the country recruited through a National Science Foundation grant-funded project, “REU Site: CyberSAFE@UALR: Cyber Security and Forensics Research at the University of Arkansas at Little Rock.”

The goal of the program is to decrease cyberattacks on people using mobile technology and social networking sites, said Dr. Mengjun Xie, an associate professor of computer science and director of the CyberSAFE@UALR program.

“The basic idea is to integrate cybersecurity and cyber forensics research with the latest technology in mobile cloud computing and social media to provide research opportunities to students,” Xie said.

More than 130 students applied for 10 spots. Participants included undergraduate college students with a grade point average of 3.0 or higher who are majoring in computer science, computer engineering, math, physics, or electrical engineering

Those selected spent eight weeks conducting research full time with a faculty mentor at the University of Arkansas at Little Rock. Participants received a $4,000 stipend, on-campus housing, a meal plan, and travel expenses.

Smart Car Protection

In his project, “Investigating and Securing Communications in the Controller Area Network (CAN)", King created a security protocol to protect smart cars from hacking. He also built an experimental environment that simulates the communication system in a smart car, which allows the security protocol to be tested through simulations.

The research focuses on the development of a security protocol to protect the Controller Area Network (CAN), an internal communications system in vehicles.

“There are many ways that hackers can control CAN,” King said. “Once they access it, hackers can pretty easily control your car however they want. We are proposing to add a layer of security, so if an unauthorized person accesses it, they still wouldn’t be able to control your vehicle.”

The security protocol protects the CAN in two ways. It authenticates messages sent through the network by creating an authentication code. This authentication code allows nodes on the network to differentiate between a valid message and an attacker’s message.

The second security feature protects against replay attacks, when a hacker attempts to breach the network by repeatedly sending an old message. The protocol uses a timestamp to calculate when the network last received the message, which verifies the message’s “freshness.”

Yu and King are continuing their research this fall. In the future, Yu hopes to collaborate with industry and funding agencies to implement the security protocol in commercial vehicles and protect cars from hackers.

As for King, participating in this summer research program has left him considering a career in cybersecurity once he graduates in 2018.

“Three months ago, I wouldn’t have been able to tell you much about cybersecurity and what a security protocol would look like,” he said. “After having completed this program, I am more interested in cybersecurity than I was before, and I may end up going that route.”

Ein News:

 

« Leak Spotlights NSA's Conflicting Missions
Iraqi Military Invent A Unique Robot To Fight ISIS »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Global Forum on Cyber Expertise (GFCE)

Global Forum on Cyber Expertise (GFCE)

GFCE is a global platform for countries, international organizations and private companies to exchange best practices and expertise on cyber capacity building.

Advanced Software Products Group (ASPG)

Advanced Software Products Group (ASPG)

ASPG offers a wide range of innovative mainframe software solutions for Data Security, Access Management, System Management and CICS productivity.

Cyacomb

Cyacomb

Cyacomb (formerly Cyan Forensics) provides digital forensics software to help police forces find evidence on computers many times faster than before.

Synectics Solutions

Synectics Solutions

Synectics deliver solutions for reducing risk, combating financial crime, and enabling organisations to meet their compliance and regulatory commitments.

ZeroNorth

ZeroNorth

ZeroNorth provides a new approach to improve software and infrastructure security, simplify continuous compliance reporting and to create more cost-effective risk management programs.

Valire Software

Valire Software

Valire provide a solution for the automated detection of internal fraud.

Swiss Cyber Think Tank (SCTT)

Swiss Cyber Think Tank (SCTT)

The Swiss Cyber Think Tank is a business network for Cyber Risk & Insurability, providing an industry-wide networking platform for insurers, technology and security firms.

ANSI National Accreditation Board (ANAB)

ANSI National Accreditation Board (ANAB)

ANAB is the largest accreditation body in North America. The directory of members provides details of organisations offering certification services for cybersecurity related standards.

Ensurity Technologies

Ensurity Technologies

Ensurity is a deep-tech cybersecurity engineering company; designs and manufactures specialized secure hardware, software, and mobile application solutions.

Infosec Global

Infosec Global

Infosec Global provides technology innovation, thought leadership and expertise in cryptographic life-cycle management.

CyberEdBoard

CyberEdBoard

CyberEdBoard is a private, peer-to-peer education and networking community focused on cybersecurity, technology, business processes and risk management.

Norma Inc.

Norma Inc.

Norma provides the secured wireless environment (WiFi and Bluetooth) with the unauthorized AP detection, and secures your IoT assets from various threats.

Crowe

Crowe

Crowe is a public accounting, consulting, and technology firm that combines deep industry and specialized expertise with innovation.

Eurotech

Eurotech

Eurotech provides Edge Computers and IoT solutions. We help to connect your assets and make them smarter through secure and agnostic hardware and software technologies.

AI or Not

AI or Not

AI or Not - Leverage AI to combat misinformation and elevate the landscape of compliance solutions.

Hudson Rock

Hudson Rock

Hudson Rock’s products — Cavalier & Bayonet — are powered by our cybercrime database, composed of millions of machines compromised by Infostealers in global malware spreading campaigns.