Search for: All records

The lack of inherent security controls makes traditional Controller Area Network (CAN) buses vulnerable to Machine-In-The-Middle (MitM) cybersecurity attacks. Conventional vehicular MitM attacks involve tampering with the hardware to directly manipulate CAN bus traffic. We show, however, that MitM attacks can be realized without direct tampering of any CAN hardware. Our demonstration leverages how diagnostic applications based on RP1210 are vulnerable to Machine-In-The-Middle attacks. Test results show SAE J1939 communications, including single frame and multi-framed broadcast and on-request messages, are susceptible to data manipulation attacks where a shim DLL is used as a Machine-In-The-Middle. The demonstration shows these attacks can manipulate data that may mislead vehicle operators into taking the wrong actions. A solution is proposed to mitigate these attacks by utilizing machine authentication codes or authenticated encryption with pre-shared keys between the communicating parties. Various tradeoffs, such as communication overhead encryption time and J1939 protocol compliance, are presented while implementing the mitigation strategy. One of our key findings is that the data flowing through RP1210-based diagnostic systems are vulnerable to MitM attacks launched from the host diagnostics computer. Security models should include controls to detect and mitigate these data flows. An example of a cryptographic security control to mitigate the risk of an MitM attack was implemented and demonstrated by using the SAE J1939 DM18 message. This approach, however, utilizes over twice the bandwidth as normal communications. Sensitive data should utilize such a security control. 

Microwave ovens have been widely used in recent years to heat food quickly and efficiently. Users estimate the time to heat the food by prior knowledge or by trial and error process. However, this often results in the food being over-heated or under-heated, destroying the nutrients. In this paper, we present RFTemp, a system that can monitor microwave oven leakage to estimate the temperature of the food that is being heated and thus estimate the accurate time when the food has reached the targeted temperature. To design such a system, we propose an innovative microwave leakage sensing procedure and a novel water-equivalent food model to estimate food temperature. To evaluate the real-world performance of RFTemp we build a prototype using software defined radios and conducted experiments on various food items using household microwave ovens. We show that RFTemp can estimate the temperature of the food with a mean error of 5°C, 2x improvement over contactless infrared thermometer and sensors.