Illustration collage of automotive cybersecurity

Intrusion Detection System Defends Vehicles Against Cyberattacks

Nov. 3, 2021
Researchers develop a method for building cyber resiliency into the CAN protocol.

When a group of researchers issued early warning that they could remotely hack specific Ford and Toyota vehicles back in 2011, the automotive manufacturers responded with skepticism. There was no way hackers could launch remote attacks on their vehicles unless they had physical access to the vehicles, they clapped back.

It took a few more experiments, but the researchers responded with a paper in 2015 that outlined how a remote attack against an unaltered 2014 Jeep Cherokee resulted in physical control of some aspects of the vehicle’s communications systems. That paper demonstrated remote attacks can be staged against many Fiat-Chrysler vehicles, and subsequently led to a mass recall of 1.4 million vulnerable vehicles.

The rate of technological advancement in vehicles makes research into intrusion detection a burgeoning area of automotive cybersecurity research. It’s an area of focus for Southwest Research Institute, which has now developed an innovative technology that uses digital fingerprinting and algorithms to identify anomalies in communications across automotive systems and components.

The intrusion detection system (IDS) was designed to protect military ground vehicles against cyberthreats to embedded systems and connected vehicle networks, noted SwRI engineers, who are collaborating with the U.S. Army Ground Vehicle Systems Center (GVSC) Ground System Cyber Engineering (GSCE).

Military, passenger and commercial vehicles use the standard Controller Area Network (CAN) bus protocol to enable communications across various nodes or electronic control units (ECUs).

CAN protocols allow microcontrollers and devices to communicate with other applications without a host computer. For example, it informs a dashboard display when a sensor detects low oil pressure or when headlights have been activated, but also relays operational communications for systems such as the transmission and other critical automotive technology, noted the researchers.

Automakers have relied on the CAN protocol as a reliable platform for transmitting information since 1986. Its shortcoming, however, is that it was not designed with cybersecurity in mind.

There are many ways in which hackers may gain control of a vehicle. From cyber physical features (adaptive cruise control, lane departure warnings, park assist systems) to remote keyless entry, Bluetooth, Wi-Fi and radio data systems, connectivity with external networks have expanded exponentially.

“A cyberattack could potentially send erroneous information across the CAN protocol to alter or impede a vehicle’s operations,” said Jonathan Wolford, an SwRI engineer who co-authored a paper on the subject. “An attack on several connected vehicles could have disastrous effects.”

SwRI researchers report they’ve developed algorithms that can now digitally fingerprint messages on nodes that transmit information through the CAN bus protocol. Digital fingerprinting allows an intrusion detection system to identify when an unknown or invalid node or computer is connected to the vehicle network.

They explained that algorithms use the CAN transceiver’s message transmission to track low-level physical layer characteristics to create these digital fingerprints. Examples of such characteristics are minimum and maximum voltages and the voltage transition rates for each CAN frame.

The researchers further explained how they built fingerprint nodes. They trained the system with baseline data as a way to understand characteristics and better identify anomalies. Digital fingerprinting provides a method for accurately identifying messages sent from unauthorized nodes or when a valid node is sending spurious messages, indicative of a “masquerade attack,” they said. Once the system was trained, the engineers injected false data. The algorithms flagged the invasive data instantly. The system is capable of both identifying threats and defending against them, noted the researchers.

“These attacks are theoretically easier for bad actors who have physical access to a vehicle, but vehicles are also vulnerable from wireless attacks,” said Peter Moldenhauer, an SwRI engineer who co-authored the research. “Our system is designed to build cyber resiliency into the CAN protocol as we move to more connected and automated vehicle networks.”

The IDS system is applicable to military, passenger and commercial vehicles. 

The research team won Best Paper Award for the Cyber Technical Session at the 2021 Ground Vehicle Systems Engineering & Technology Symposium (GVSETS) conference. The paper is titled, “Cyberattack Defense through Digital Fingerprinting, Detection Algorithms, and Bus Segmentation in Ground Vehicles.” More information can be found here.

About the Author

Rehana Begg | Editor-in-Chief, Machine Design

As Machine Design’s content lead, Rehana Begg is tasked with elevating the voice of the design and multi-disciplinary engineer in the face of digital transformation and engineering innovation. Begg has more than 24 years of editorial experience and has spent the past decade in the trenches of industrial manufacturing, focusing on new technologies, manufacturing innovation and business. Her B2B career has taken her from corporate boardrooms to plant floors and underground mining stopes, covering everything from automation & IIoT, robotics, mechanical design and additive manufacturing to plant operations, maintenance, reliability and continuous improvement. Begg holds an MBA, a Master of Journalism degree, and a BA (Hons.) in Political Science. She is committed to lifelong learning and feeds her passion for innovation in publishing, transparent science and clear communication by attending relevant conferences and seminars/workshops. 

Follow Rehana Begg via the following social media handles:

X: @rehanabegg

LinkedIn: @rehanabegg and @MachineDesign

Sponsored Recommendations

50 Years Old and Still Plenty of Drive

Dec. 12, 2024
After 50 years of service in a paper plant, an SEW-EURODRIVE K160 gear unit was checked. Some parts needed attention, but the gears remained pristine.

Explore the power of decentralized conveying

Dec. 12, 2024
Discover the flexible, efficient MOVI-C® Modular Automation System by SEW-EURODRIVE—engineered for quick startup and seamless operation in automation.

Goodbye Complexity, Hello MOVI-C

Dec. 12, 2024
MOVI-C® modular automation system – your one-stop-shop for every automation task. Simple, future-proof, with consulting and service worldwide.

Sawmill Automation: Going Where Direct-Stop and Hydraulic Technologies “Cant”

Aug. 29, 2024
Exploring the productivity and efficiency gains of outfitting a sawmill’s resaw line with VFDs, Ethernet and other automated electromechanical systems.

Voice your opinion!

To join the conversation, and become an exclusive member of Machine Design, create an account today!