Affiliation:
1. Colorado State University
Abstract
<div class="section abstract"><div class="htmlview paragraph">Automotive researchers and industry experts have extensively documented vulnerabilities arising from unauthorized in-vehicle communication through academic research, industry investigations, sponsored events, and learnings from real-world attacks. While current cybersecurity endeavors in the heavy-duty (HD) vehicle space focus on securing conventional communication technologies such as the controller area network (CAN), there is a notable deficiency in defensive research concerning legacy technologies, particularly those utilized between trucks and trailers. In fact, state-of-the-art attacks on these systems have only come to public attention through official disclosures and public presentations as recently as 2020.</div><div class="htmlview paragraph">To address these risks, this paper introduces a system-wide security concept called Legacy Intrusion Detection System (LIDS) for heavy-duty vehicle applications utilizing the SAE J1708/J1587 protocol stack. LIDS relies on coordinated network gateways at each host and employs specialized J1587 security messages to alert other hosts of anomalies. Each gateway uses configurable busload, access control, and transmission rate parameters to perform signature-based and anomaly-based detection on inbound and outbound network traffic for its host.</div><div class="htmlview paragraph">This paper also presents the development process of the gateway and summarizes the experiments conducted to satisfy the hardware, software, and security requirements imposed by the J1708/J1587 stack and the LIDS concept. Subsequently, we deploy, test, and evaluate LIDS on a retrofitted dual air brake system simulator (DABSS) at CSU's Powerhouse Energy Campus. Under the assumptions presented, the experiments show that LIDS is effective against message spoofing attacks originating from a compromised host or rogue device and flooding attacks from hosts. However, LIDS' effectiveness against flooding attacks from rogue nodes depends on the designer's false positive tolerance. This research builds upon learnings in prior work while incorporating guidelines outlined in SAE J3061. To the best of current knowledge, this publication marks the first presentation of cybersecurity defense research on the SAE J1708/J1587 protocol stack.</div></div>
Reference27 articles.
1. Mukherjee , S. , Shirazi , H. , Ray , I. , Daily , J. et al. Practical DoS Attacks on Embedded Networks in Commercial Vehicles Ray , I. , Gaur , M. , Conti , M. , Sanghi , D. , Kamakoti , V. Information Systems Security. ICISS 2016. Lecture Notes in Computer Science 10063 Cham Springer 10.1007/978-3-319-49806-5_2
2. Cho , K. , and Shin , K. Fingerprinting Electronic Control Units for Vehicle Intrusion Detection 25th USENIX Security Symposium (USENIX Security 16) Austin, TX USENIX Association 2016 911 927 10.5555/3241094.3241165
3. Kim , S. , Yeo , G. , Kim , T. et al. ShadowAuth: Backward-Compatible Automatic CAN Authentication for Legacy ECUs Proceedings of the 2022 ACM on Asia Conference on Computer and Communications Security, in ASIA CCS ’22 New York Association for Computing Machinery 2022 534 545 10.1145/3488932.3523263
4. Stachowski , S. , Bielawski , R. , and Weimerskirch , A. 2018
5. Fleet Pulse 2021 greatdane.com/wp-content/uploads/2021/08/6-Trends-That-Will-Define-the-Future-of-Truck-Trailer-Connectivity.pdf