Algorithms for Intrusion Detection and Defense Systems Against Cyber Threats in Embedded Devices

November 17, 2021

Story

With the exponential rise in the popularity of embedded systems due to their compact size and efficient performance, the security of embedded systems has become a major concern.

Cyberattacks tend to send false data to a system and may cause it to perform in an undesirable manner which may cause disastrous effects. Hence, it is necessary to develop some systems or algorithms for the detection and prevention of such cyberthreats in embedded devices. 

Recently, the Southwest Research Institute (SwRI) created an intrusion detection and defense system (IDS) to protect the military ground vehicles from cyber threats to embedded systems. The device, which was originally designed for military vehicles, may also be used to check for abnormalities in passenger cars and commercial vehicles. 

Credits: SwRI

SwRI's IDS technology, which was developed in partnership with the United States Army Ground Vehicle Systems Center (GVSC) Ground System Cyber Engineering (GSCE), employs digital fingerprinting and algorithms to detect irregularities in communications across automotive systems and components. The standard Controller Area Network (CAN) bus protocol is used by the military, passenger, and commercial vehicles to facilitate communication between nodes or electronic control units (ECUs).

For instance, the CAN protocol informs the dashboard displays crucial information like low oil pressure or status of headlights. It also relays operational communications for transmissions and other important automobile technologies. Now, in case of a cyberattack, erroneous information can be sent across the CAN protocol to alter the operation of the vehicle. This may lead to disastrous effects. Although CAN is a standard automotive protocol that provides a reliable and flexible platform for communicating information, it does not provide security against cyber threats. 

The new algorithms developed by SwRI digitally fingerprint messages on the nodes that are transmitted via the CAN bus protocol. SwRI's intrusion detection systems use the digital fingerprinting to detect when an unknown/invalid node or computer is connected to the vehicle network. To construct these digital fingerprints, these algorithms leverage the CAN transceiver's message transmission to track low-level physical layer properties, such as the lowest and maximum voltages, as well as the voltage transition rates for each CAN frame.

The system is trained with baseline data for building fingerprints for each node, understanding characteristics, and effectively identifying anomalies. The intrusion system uses digital fingerprinting to reliably identify communications transmitted by unauthorized nodes or when a genuine node sends erroneous messages, indicating a "masquerade assault." The algorithms were able to instantly flag false data provided to the system. Moreover, the system not only detects threats but can also defend against them. 

 

Credits: Green Car Congress
 

Algorithm for Detecting and Defending Against Cyber Threats in Embedded Devices

The algorithm developed by the SwRI further enhances the capabilities of existing CAN bus protocols by giving them the ability for intrusion detection and defending against cyberattacks in embedded devices. The algorithm develops unique digital fingerprints for messages at each node before transmitting them via the CAN bus protocol. These fingerprints can instantaneously detect any erroneous or potentially dangerous data in the system. 

This system can not only detect potential cyber threats but can also defend against them. Thus, the algorithms developed by SwRI give an added advantage of highly efficient security to the existing CAN bus protocols and protects the embedded devices. Although the device was originally designed for military vehicles, it may now be used to check for anomalies in passenger cars and commercial vehicles as well. “The system is designed to build cyber resiliency into the CAN protocol as we move to more connected and automated vehicle networks”.

At the 2021 Ground Vehicle Systems Engineering & Technology Symposium (GVSETS), the SwRI research team earned Best Paper Award for the Cyber Technical Session.