Protecting Vehicles From Cyber- Attack

Commonly avialble car diagnistic tools used in the Jeep hack

In 2015, two researchers remotely hacked a Jeep Cherokee being driven by a reporter who documented how the researchers controlled everything from the car’s radio and media console to its brakes and steering. For Dr. Shucheng Yu, an associate professor of computer science at the University of Arkansas at Little Rock, the exercise demonstrated how vulnerable smart cars with GPS, Bluetooth, and internet connections are to cyberattacks.

“These cars have become the trend of the future,” Yu said. “There could be some very severe consequences if someone hacked into the car. A car can be fully controlled by the hacker if it is not protected.”

So Yu and his student, Zachary King, a junior majoring in computer science at UALR, spent the summer researching how to keep cars safe from cyberattacks. They worked on the project during an intensive eight-week summer research program at UALR.

King was one of 10 college students from across the country recruited through a National Science Foundation grant-funded project, “REU Site: CyberSAFE@UALR: Cyber Security and Forensics Research at the University of Arkansas at Little Rock.”

The goal of the program is to decrease cyberattacks on people using mobile technology and social networking sites, said Dr. Mengjun Xie, an associate professor of computer science and director of the CyberSAFE@UALR program.

“The basic idea is to integrate cybersecurity and cyber forensics research with the latest technology in mobile cloud computing and social media to provide research opportunities to students,” Xie said.

More than 130 students applied for 10 spots. Participants included undergraduate college students with a grade point average of 3.0 or higher who are majoring in computer science, computer engineering, math, physics, or electrical engineering

Those selected spent eight weeks conducting research full time with a faculty mentor at the University of Arkansas at Little Rock. Participants received a $4,000 stipend, on-campus housing, a meal plan, and travel expenses.

Smart Car Protection

In his project, “Investigating and Securing Communications in the Controller Area Network (CAN)", King created a security protocol to protect smart cars from hacking. He also built an experimental environment that simulates the communication system in a smart car, which allows the security protocol to be tested through simulations.

The research focuses on the development of a security protocol to protect the Controller Area Network (CAN), an internal communications system in vehicles.

“There are many ways that hackers can control CAN,” King said. “Once they access it, hackers can pretty easily control your car however they want. We are proposing to add a layer of security, so if an unauthorized person accesses it, they still wouldn’t be able to control your vehicle.”

The security protocol protects the CAN in two ways. It authenticates messages sent through the network by creating an authentication code. This authentication code allows nodes on the network to differentiate between a valid message and an attacker’s message.

The second security feature protects against replay attacks, when a hacker attempts to breach the network by repeatedly sending an old message. The protocol uses a timestamp to calculate when the network last received the message, which verifies the message’s “freshness.”

Yu and King are continuing their research this fall. In the future, Yu hopes to collaborate with industry and funding agencies to implement the security protocol in commercial vehicles and protect cars from hackers.

As for King, participating in this summer research program has left him considering a career in cybersecurity once he graduates in 2018.

“Three months ago, I wouldn’t have been able to tell you much about cybersecurity and what a security protocol would look like,” he said. “After having completed this program, I am more interested in cybersecurity than I was before, and I may end up going that route.”

Ein News:

 

« Leak Spotlights NSA's Conflicting Missions
Iraqi Military Invent A Unique Robot To Fight ISIS »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Athena Forensics

Athena Forensics

Athena Forensics is one of the UK's leading providers of Computer Forensics, Mobile Phone Forensics, Cell Site Analysis and Expert Witness Services.

DataSunrise

DataSunrise

DataSunrise Data-Centric high-performance security software protects the sensitive data in real-time in cloud or on premises, and helps organizations to stay compliant.

Secude

Secude

SECUDE is an established global security solutions provider offering innovative data protection for SAP users.

Valtori

Valtori

Government ICT Centre Valtori provides sector-independent ICT services for the central government, while taking into account the special requirements related to security and preparedness.

ReFoMa

ReFoMa

ReFoMa is a consultancy and advisory company with a focus on information Security.

ForAllSecure

ForAllSecure

ForAllSecure’s mission is to make the world’s software safe by pioneering autonomous cybersecurity tools that automatically find and fix vulnerabilities in run-time executable software.

Fluid Attacks

Fluid Attacks

Fluid Attacks specialize in red team operations as well as technology development that continuously enhance our security testing services.

Panacea Infosec

Panacea Infosec

Panacea Infosec is a leading provider of information security compliance services. We help our clients in protecting their data, reducing security risks and fighting cybercrime.

Curity

Curity

The Curity Identity Server brings identity and API security together, enabling highly scalable and secure user access to digital services.

Quartz Network

Quartz Network

Quartz Network is a curated community for change-makers, up-and-comers, and professionals who are ready to grow, adapt, and thrive.

Tozny

Tozny

Tozny offers products with security and privacy in mind that are built on the foundation of end-to-end encryption, and open-source verifiable software.

Quatrro Business Support Services (QBSS)

Quatrro Business Support Services (QBSS)

QBSS is a tech-enabled outsourcing firm that’s changing the way companies think about finance, accounting, human resources and technology services.

Systal Technology Solutions

Systal Technology Solutions

Systal is a global managed network and security service and transformation specialist. We help enterprise-level businesses maximise the security and business value of their complex IT infrastructure.

Agile Defense

Agile Defense

Agile Defense is an Information Technology services provider, delivering leading-edge Digital Transformation solutions to the Federal Government.

Lasso Security

Lasso Security

Lasso Security is a pioneer cybersecurity company ensuring comprehensive protection for businesses leveraging generative AI and other large language model technologies.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.