In-Vehicle Communication Security for Commercial Vehicles and Implements

It has been almost a decade since it was theorized that passenger vehicles could be remotely controllable by a malicious adversary. Lately, Charlie Miller and Chris Valasek demonstrated practical attacks on in-vehicle networks of passenger cars which could lead to severe consequences for both the vehicle and the driver. When it comes to heavy duty and commercial utility automobile the additional financial risk is always involved as such vehicles are regularly involved in critical functions like goods carriage, construction etc. Such attacks can adversely affect multiple stakeholders, vendors, commercial firms, truckers, and OEMs begin some of them. In this project, we explore the in-vehicle communication security aspects of commercial vehicles. In particular, we investigate security weaknesses of the SAE J1939 protocol stack and propose practically deployable solutions to counter some of the impending threats.


Challenges

New Designs

Cyber assurance of heavy trucks is a major concern with new designs as well as with supporting legacy systems.

Cybersecurity Experts

Many cybersecurity experts and analysts are used to working with traditional IT networks and are familiar with a set of technologies that may not be directly useful in the commercial vehicle sector.

Recourse Constraints

Security solutions should meet the real-time and resource constraints typically associated with automotive networking.

Dynamic Configurations

Adaptability to dynamic configurations of commercial vehicles like those seen in trailers and marine systems.

Research Objectives

Testbed Prototyping

Prototype a remotely accessible testbed using actual hardware, sensor simulation, CAN, and J1939.

Exploiting Openness of CAN

Exploit the openness of the CAN network and the J1939 protocol specifications.

Attack Vectors Experiments

Experiment with attack vectors, such as the potential vulnerabilities related to telematics units.

Intrusion Detection Capability Needs

Investigate the capability needs of an intrusion detection system.


Publications

  • Ghatak, C., Jabeen, S., Shirazi, H., & Ray, I. (2023). Improving the Resiliency of Embedded Networks in Heavy Vehicles – Towards Fault Tolerance. In Proceedings of the 9th Annual Industrial Control System Security (ICSS’23) Workshop, part of the 2023 Annual Computer Security Applications Conference (ACSAC 2023), Austin, TX, USA, December 5, 2023. Paper | Presentation
  • Shirazi, Hossein, W. Pickard, I. Ray, and H. Wang, “Towards Resiliency of Heavy Vehicles through Compromised Sensor Data Reconstruction”, In 12th ACM Conference on Data and Application Security and Privacy (CODASPY), 2022. Paper | Link
  • Shirazi, Hossein, Indrakshi Ray, and Charles Anderson. “Using Machine Learning to Detect Anomalies in Embedded Networks in Heavy Vehicles.” In International Symposium on Foundations and Practice of Security, pp. 39-55. Springer, Cham, 2019. Paper | Link
  • Mukherjee, Subhojeet, Jeffrey C. Van Etten, Namburi Rani Samyukta, Jacob Walker, Indrakshi Ray, and Indrajit Ray. “TruckSTM: Runtime Realization of Operational State Transitions for Medium and Heavy Duty Vehicles.” ACM Transactions on Cyber-Physical Systems 4, no. 1 (2019): 1-25. Link
  • Mukherjee, Subhojeet, Noah Cain, Jacob Walker, David White, Indrajit Ray, and Indrakshi Ray. “POSTER: PenJ1939: An Interactive Framework for Design and Dissemination of Exploits for Commercial Vehicles.” In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, pp. 2559-2561. 2017. PaperLink
  • Mukherjee, Subhojeet, Jacob Walkery, Indrakshi Rayz, and Jeremy Daily. “A precedence graph-based approach to detect message injection attacks in J1939 based networks.” In 2017 15th Annual Conference on Privacy, Security and Trust (PST), pp. 67-6709. IEEE, 2017. Paper | Link
  • Mukherjee, Subhojeet, Hossein Shirazi, Indrakshi Ray, Jeremy Daily, and Rose Gamble. “Practical DoS attacks on embedded networks in commercial vehicles.” In International Conference on Information Systems Security, pp. 23-42. Springer, Cham, 2016.  Paper | Link
  • Daily, Jeremy, Rose Gamble, Stephen Moffitt, Connor Raines, Paul Harris, Jannah Miran, Indrakshi Ray, Subhojeet Mukherjee, Hossein Shirazi, and James Johnson. “Towards a cyber assurance testbed for heavy vehicle electronic controls.” SAE International Journal of Commercial Vehicles 9, no. 2016-01-8142 (2016): 339-349. Paper | Link

Project’s Latest News

CSU Ventures Platinum Award

Our research won the platinum award in CSU Ventures: Drivers of Innovation category at the CSU graduate showcase.

Paper Accepted

Full-Length paper accepted at The 15th International Conference on Privacy, Security, and Trust, 2017.

Paper Accepted

Poster Paper accepted at The 24th ACM Conference on Computer and Communications Security, 2017.

Participated at Cyber-Truck Challenge

We participated at the inaugural Cyber-Truck Challenge, Warren, Michigan, 2017. The event was a great success. Read more at  CSU source.


Our Team

Indrakshi Ray
Principal Investigator

Colorado State University

Homepage
Hossein Shirazi
Post-Doc Researcher
Colorado State University
Homepage

Our Sponsors

They help make it happen.