Search for: All records

Modern heavy vehicles rely on insecure protocols (CAN and SAE-J1939) to facilitate communication between the embedded devices that control their various subsys- tems. Due to the growing integration of wireless-enabled embedded devices, vehicles are becoming increasingly vulnerable to remote cyberattacks against their embedded networks. We propose an efficient deep-learning-based approach for mitigating such attacks through real-time J1939 signal reconstruction. Our approach uses random feature masking during training to build a generalized model of a vehicle’s network. To reduce the computa- tional and storage burden of the model, we employ 8-bit Quantization-Aware Training (QAT), enabling its deploy- ment on resource-constrained embedded devices while maintaining high performance. We evaluate Transformer and LSTM-based architectures, demonstrating that both effectively reconstruct signals with minimal computa- tional and storage overhead. Our approach achieves sig- nal reconstruction with error levels below 1% of their operating range while maintaining a very low storage footprint of under 1 MB, demonstrating that lightweight deep-learning models can enhance resiliency against real- time attacks in heavy vehicles. 

The lack of inherent security controls makes traditional Controller Area Network (CAN) buses vulnerable to Machine-In-The-Middle (MitM) cybersecurity attacks. Conventional vehicular MitM attacks involve tampering with the hardware to directly manipulate CAN bus traffic. We show, however, that MitM attacks can be realized without direct tampering of any CAN hardware. Our demonstration leverages how diagnostic applications based on RP1210 are vulnerable to Machine-In-The-Middle attacks. Test results show SAE J1939 communications, including single frame and multi-framed broadcast and on-request messages, are susceptible to data manipulation attacks where a shim DLL is used as a Machine-In-The-Middle. The demonstration shows these attacks can manipulate data that may mislead vehicle operators into taking the wrong actions. A solution is proposed to mitigate these attacks by utilizing machine authentication codes or authenticated encryption with pre-shared keys between the communicating parties. Various tradeoffs, such as communication overhead encryption time and J1939 protocol compliance, are presented while implementing the mitigation strategy. One of our key findings is that the data flowing through RP1210-based diagnostic systems are vulnerable to MitM attacks launched from the host diagnostics computer. Security models should include controls to detect and mitigate these data flows. An example of a cryptographic security control to mitigate the risk of an MitM attack was implemented and demonstrated by using the SAE J1939 DM18 message. This approach, however, utilizes over twice the bandwidth as normal communications. Sensitive data should utilize such a security control.