{"title":"Automobile ECU Design to Avoid Data Tampering","authors":"Lu Yu, Juan Deng, R. Brooks, S. Yun","doi":"10.1145/2746266.2746276","DOIUrl":null,"url":null,"abstract":"Modern embedded vehicle systems are based on network architectures. Vulnerabilities from in-vehicle communications are significant. Privacy and security measures are required for vehicular Electronic Control Units (ECUs). We present a security vulnerability analysis, which shows that the vulnerability mainly lies in the ubiquitous on-board diagnostics II (OBD-II) interface and the memory configuration within ECU. Countermeasures using obfuscation and encryption techniques are introduced to protect ECUs from data sniffing and code tampering. A security scheme of deploying lures that look like ECU vulnerabilities to deceive lurking intruders into installing rootkits is proposed. We show that the interactions between the attacker and the system can be modeled as a Markov decision process (MDP).","PeriodicalId":106769,"journal":{"name":"Proceedings of the 10th Annual Cyber and Information Security Research Conference","volume":"31 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2015-04-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"26","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 10th Annual Cyber and Information Security Research Conference","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2746266.2746276","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 26
Abstract
Modern embedded vehicle systems are based on network architectures. Vulnerabilities from in-vehicle communications are significant. Privacy and security measures are required for vehicular Electronic Control Units (ECUs). We present a security vulnerability analysis, which shows that the vulnerability mainly lies in the ubiquitous on-board diagnostics II (OBD-II) interface and the memory configuration within ECU. Countermeasures using obfuscation and encryption techniques are introduced to protect ECUs from data sniffing and code tampering. A security scheme of deploying lures that look like ECU vulnerabilities to deceive lurking intruders into installing rootkits is proposed. We show that the interactions between the attacker and the system can be modeled as a Markov decision process (MDP).
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
