避免数据篡改的汽车ECU设计

Proceedings of the 10th Annual Cyber and Information Security Research Conference Pub Date : 2015-04-07 DOI:10.1145/2746266.2746276

Lu Yu, Juan Deng, R. Brooks, S. Yun

{"title":"避免数据篡改的汽车ECU设计","authors":"Lu Yu, Juan Deng, R. Brooks, S. Yun","doi":"10.1145/2746266.2746276","DOIUrl":null,"url":null,"abstract":"Modern embedded vehicle systems are based on network architectures. Vulnerabilities from in-vehicle communications are significant. Privacy and security measures are required for vehicular Electronic Control Units (ECUs). We present a security vulnerability analysis, which shows that the vulnerability mainly lies in the ubiquitous on-board diagnostics II (OBD-II) interface and the memory configuration within ECU. Countermeasures using obfuscation and encryption techniques are introduced to protect ECUs from data sniffing and code tampering. A security scheme of deploying lures that look like ECU vulnerabilities to deceive lurking intruders into installing rootkits is proposed. We show that the interactions between the attacker and the system can be modeled as a Markov decision process (MDP).","PeriodicalId":106769,"journal":{"name":"Proceedings of the 10th Annual Cyber and Information Security Research Conference","volume":"31 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2015-04-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"26","resultStr":"{\"title\":\"Automobile ECU Design to Avoid Data Tampering\",\"authors\":\"Lu Yu, Juan Deng, R. Brooks, S. Yun\",\"doi\":\"10.1145/2746266.2746276\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Modern embedded vehicle systems are based on network architectures. Vulnerabilities from in-vehicle communications are significant. Privacy and security measures are required for vehicular Electronic Control Units (ECUs). We present a security vulnerability analysis, which shows that the vulnerability mainly lies in the ubiquitous on-board diagnostics II (OBD-II) interface and the memory configuration within ECU. Countermeasures using obfuscation and encryption techniques are introduced to protect ECUs from data sniffing and code tampering. A security scheme of deploying lures that look like ECU vulnerabilities to deceive lurking intruders into installing rootkits is proposed. We show that the interactions between the attacker and the system can be modeled as a Markov decision process (MDP).\",\"PeriodicalId\":106769,\"journal\":{\"name\":\"Proceedings of the 10th Annual Cyber and Information Security Research Conference\",\"volume\":\"31 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2015-04-07\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"26\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 10th Annual Cyber and Information Security Research Conference\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/2746266.2746276\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 10th Annual Cyber and Information Security Research Conference","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2746266.2746276","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 26

摘要

现代嵌入式车辆系统是基于网络架构的。来自车载通信的漏洞是重要的。车辆电子控制单元(ecu)需要隐私和安全措施。通过安全漏洞分析，发现漏洞主要存在于无处不在的车载诊断II (OBD-II)接口和ECU内部的内存配置中。引入了使用混淆和加密技术的对策来保护ecu免受数据嗅探和代码篡改。提出了一种部署看起来像ECU漏洞的诱饵来欺骗潜伏的入侵者安装rootkit的安全方案。我们展示了攻击者和系统之间的交互可以建模为马尔可夫决策过程(MDP)。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Automobile ECU Design to Avoid Data Tampering

Modern embedded vehicle systems are based on network architectures. Vulnerabilities from in-vehicle communications are significant. Privacy and security measures are required for vehicular Electronic Control Units (ECUs). We present a security vulnerability analysis, which shows that the vulnerability mainly lies in the ubiquitous on-board diagnostics II (OBD-II) interface and the memory configuration within ECU. Countermeasures using obfuscation and encryption techniques are introduced to protect ECUs from data sniffing and code tampering. A security scheme of deploying lures that look like ECU vulnerabilities to deceive lurking intruders into installing rootkits is proposed. We show that the interactions between the attacker and the system can be modeled as a Markov decision process (MDP).

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Proceedings of the 10th Annual Cyber and Information Security Research Conference

自引率

0.00%

发文量