Contemporary vehicles are getting equipped with an increasing number of Electronic Control Units (ECUs) and wireless connectivities. Although these have enhanced vehicle safety and efficiency, they are accompanied with new vulnerabilities. In this paper, we unveil a new important vulnerability applicable to several in-vehicle networks including Control Area Network (CAN), the de facto standard in-vehicle network protocol. Specifically, we propose a new type of Denial-of-Service (DoS), called the busoff attack, which exploits the error-handling scheme of in-vehicle networks to disconnect or shut down good/uncompromised ECUs. This is an important attack that must be thwarted, since the attack, once an ECU is compromised, is easy to be mounted on safetycritical ECUs while its prevention is very difficult. In addition to the discovery of this new vulnerability, we analyze its feasibility using actual in-vehicle network traffic, and demonstrate the attack on a CAN bus prototype as well as on two real vehicles. Based on our analysis and experimental results, we also propose and evaluate a mechanism to detect and prevent the bus-off attack.
Detecting how a vehicle is steered and then alarming drivers in real time is of utmost importance to the vehicle and the driver's safety, since fatal accidents are often caused by dangerous steering. Existing solutions for detecting dangerous maneuvers are implemented either in only high-end vehicles or on smartphones as mobile applications. However, most of them rely on the use of cameras, the performance of which is seriously constrained by their high visibility requirement. Moreover, such an over/sole-reliance on the use of cameras can be a distraction to the driver.To alleviate these problems, we develop a vehicle steering detection middleware called V-Sense which can run on commodity smartphones without additional sensors or infrastructure support. Instead of using cameras, the core of V-Sense senses a vehicle's steering by only utilizing nonvision sensors on the smartphone. We design and evaluate algorithms for detecting and differentiating various vehicle maneuvers, including lane-changes, turns, and driving on curvy roads. Since V-Sense does not rely on use of cameras, its detection of vehicle steering is not affected by the (in)visibility of road objects or other vehicles. We first detail the design, implementation and evaluation of V-Sense and then demonstrate its practicality with two prevalent use cases: camera-free steering detection and fine-grained lane guidance. Our extensive evaluation results show that VSense is accurate in determining and differentiating various steering maneuvers, and is thus useful for a wide range of safety-assistance applications without additional sensors or infrastructure.
No abstract
For better controllability and energy-efficiency, more vehicle functions are being implemented via electronic control systems in place of traditional mechanical control systems. However, such transitions are creating new, unprecedented risks such as software bugs or hardware glitches, all of which can lead to serious safety risks. Recent real-world examples and research literature have been covering them under the name of vehicle misbehavior. In this paper, we present a new way of checking norm operations, called BAD (Brake Anomaly Detection), which detects any vehicle misbehavior in the Brake-by-Wire system. We focus on the braking system since it is a prototypical safety-critical and cyber-physical system. We first propose a new method for constructing norm models of braking and then show how anomalies are detected by BAD using the constructed models. Finally, we discuss how to verify the results, especially in the context of false positives. Our evaluation results show that BAD can effectively detect various types of anomaly in the braking system.
As vehicle maneuver data becomes abundant for assisted or autonomous driving, their implication of privacy invasion/leakage has become an increasing concern. In particular, the surface for fingerprinting a driver will expand significantly if the driver's identity can be linked with the data collected from his mobile or wearable devices which are widely deployed worldwide and have increasing sensing capabilities.In line with this trend, this paper investigates a fast emerging driving data source that has driver's privacy implications. We first show that such privacy threats can be materialized via any mobile device with IMUs (e.g., gyroscope and accelerometer). We then present Dri-Fi (Driver Fingerprint), a driving data analytic engine that can fingerprint the driver with vehicle turn(s). Dri-Fi achieves this based on IMUs data taken only during the vehicle's turn(s). Such an approach expands the attack surface significantly compared to existing driver fingerprinting schemes. From this data, Dri-Fi extracts three new features -acceleration along the end-of-turn axis, its deviation, and the deviation of the yaw rate -and exploits them to identify the driver. Our extensive evaluation shows that an adversary equipped with Dri-Fi can correctly fingerprint the driver within just one turn with 74.1%, 83.5%, and 90.8% accuracy across 12, 8, and 5 drivers -typical of an immediate family or close-friends circle -respectively. Moreover, with measurements on more than one turn, the adversary can achieve up to 95.3%, 95.4%, and 96.6% accuracy across 12, 8, and 5 drivers, respectively.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
customersupport@researchsolutions.com
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.