Cyber Attacks via Consumer Electronics: Studying the Threat of Covert Malware in Smart and Autonomous Vehicles

adaptive cruise control; Consumer electronics; industry 5.0; intelligent transportation systems; intrusion detection system; security; worm; Adaptive cruise controllers; Autonomous Vehicles; Cyber-attacks; Industry 5.0; Intelligent transportation systems; Intrusion Detection Systems; Malwares; Security; Smart vehicles; Worm; Media Technology; Electrical and Electronic Engineering

Abstract :

[en] In Industry 5.0, man and machine work alongside each other in production, but smart and autonomous vehicles are examples that show this notion is now being extended to the end consumers. In 2015, a Jeep was remotely hacked through its head unit. This incident drew the public attention to vehicles security and showed how entertainment/infotainment consumer electronics can be used to intrude vehicles. In this paper, we study a novel covert attack that can be launched by malwares spreading through Intelligent Transportation Systems, e.g., via consumer electronics. This malware infects a vehicle module, like the Adaptive Cruise Controller (ACC), and manipulates its setting in a way that is not noticeable to human observers, but gives rise to accidents statistics. We show how this is done and analyze the effect mathematically. We also propose a new Intrusion Detection System (IDS) whose architecture is non-disruptive and can be readily adopted by car manufacturers. We evaluate our proposal with real-world datasets. We demonstrate how a malware/attacker can engineer the crash statistics by manipulating the safe distance value in cruise control scenarios. Then, we put an anomaly-based IDS for ACC modules into test and show how it can effectively detect such covert attacks.

Disciplines :

Computer science

Author, co-author :

Sayad Haghighi, Mohammad ; University of Tehran, School of Electrical and Computer Engineering, Tehran, Iran ; Institute for Research in Fundamental Sciences (IPM), School of Computer Science, Tehran, Iran

Farivar, Faezeh ; Islamic Azad University, Department of Computer and Mechatronics Engineering, Tehran, Iran

Jolfaei, Alireza ; Flinders University, College of Science and Engineering, Adelaide, Australia

BAYRAMI ASL, Azin ; Islamic Azad University, Department of Computer and Mechatronics Engineering, Tehran, Iran

Zhou, Wei; Swinburne University of Technology, School of Science, Computing and Engineering Technologies, Hawthorn, Australia

External co-authors :

yes

Language :

English

Title :

Cyber Attacks via Consumer Electronics: Studying the Threat of Covert Malware in Smart and Autonomous Vehicles

Publication date :

November 2023

Journal title :

IEEE Transactions on Consumer Electronics

ISSN :

0098-3063

Publisher :

Institute of Electrical and Electronics Engineers Inc.

Volume :

Issue :

Pages :

825 - 832

Peer reviewed :

Peer Reviewed verified by ORBi

Additional URL :

http://xplorestaging.ieee.org/ielx7/30/10438343/10206012.pdf?arnumber=10206012

Available on ORBilu :

since 05 September 2024

Statistics

Number of views

90 (5 by Unilu)

Number of downloads

67 (1 by Unilu)

More statistics

Scopus citations^®

Scopus citations^®
without self-citations

OpenCitations

OpenAlex citations

WoS citations^™

Bibliography

D. P. F. Möller, H. Vakilzadian, and R. E. Haas, "From industry 4.0 towards industry 5.0," in Proc. IEEE Int. Conf. Elect. Inf. Technol., 2022, pp. 61-68.
M. S. Haghighi and K. Mohamedpour, "Neighbor discovery: Security challenges in wireless ad hoc and sensor networks," in Trends in Telecommunications Technologies. London, U.K.: Intech, 2010.
N. Toorchi, M. A. Attari, M. S. Haghighi, and Y. Xiang, "A Markov model of safety message broadcasting for vehicular networks," in Proc. IEEE Wireless Commun. Netw. Conf., 2013, pp. 1657-1662.
M. S. Haghighi, S. Wen, Y. Xiang, B. Quinn, and W. Zhou, "On the race of worms and patches: Modeling the spread of information in wireless sensor networks," IEEE Trans. Inf. Forensics Security, vol. 11, no. 12, pp. 2854-2865, Dec. 2016.
J. Y. V. Manoj Kumar, A. K. Swain, K. Mahapatra, and S. P. Mohanty, "Fortified-NoC: A robust approach for Trojan-resilient network-on-chips to fortify multicore-based consumer electronics," IEEE Trans. Consum. Electron., vol. 68, no. 1, pp. 57-68, Feb. 2022.
K. Koscher et al., "Experimental security analysis of a modern automobile," in Proc. IEEE Symp. Secur. Privacy, 2010, pp. 447-462.
BBC News. "Fiat chrysler recalls 1.4 million cars after jeep hack." 2015. Accessed: Nov. 1, 2019. [Online]. Available: https://www.bbc.com/news/ technology-33650491
B.-C. Choi, S.-H. Lee, J.-C. Na, and J.-H. Lee, "Secure firmware validation and update for consumer devices in home networking," IEEE Trans. Consum. Electron., vol. 62, no. 1, pp. 39-44, Feb. 2016.
Z. A. Biron, S. Dey, and P. Pisu, "Real-time detection and estimation of denial of service attack in connected vehicle systems," IEEE Trans. Intell. Transp. Syst., vol. 19, no. 12, pp. 3893-3902, Dec. 2018.
S. Amin, A. A. Cárdenas, and S. S. Sastry, "Safe and secure networked control systems under denial-of-service attacks," in Proc. Int. Workshop Hybrid Syst. Comput. Control, 2009, pp. 31-45.
L. Xie, Y. Mo, and B. Sinopoli, "False data injection attacks in electricity markets," in Proc. IEEE Int. Conf. Smart Grid Commun., 2010, pp. 226-231.
Y. Mo and B. Sinopoli, "Secure control against replay attacks," in Proc. Annu. Allerton Conf. Commun. Control Comput., 2009, pp. 911-918.
B. Mokhtar and M. Azab, "Survey on security issues in vehicular ad hoc networks," Alexandria Eng. J., vol. 54, no. 4, pp. 1115-1126, 2015.
D. Djenouri, L. Khelladi, and N. Badache, "A survey of security issues in mobile ad hoc and sensor networks," IEEE Commun. Surveys Tuts., vol. 7, no. 4, pp. 2-28, 4th Quart., 2005.
M. Sayad Haghighi and Z. Aziminejad, "Highly anonymous mobilitytolerant location-based onion routing for VANETs," IEEE Internet Things J., vol. 7, no. 4, pp. 2582-2590, Apr. 2020.
T. Hoppe, S. Kiltz, and J. Dittmann, "Security threats to automotive CAN networks-practical examples and selected short-term countermeasures," in Proc. Int. Conf. Comput. Safety Reliabil. Secur., 2008, pp. 235-248.
C. Miller and C. Valasek, "Adventures in automotive networks and control units," Def. Con., vol. 21, nos. 260-264, pp. 15-31, 2013.
C. Miller and C. Valasek, "A survey of remote automotive attack surfaces," IOActive Labs Res., Seattle, WA, USA, Rep., 2014. [Online]. Available: https://ioactive.com/a-survey-of-remote-automotiveattack-surfaces/
R. Van der Heijden, T. Lukaseder, and F. Kargl, "Analyzing attacks on cooperative adaptive cruise control (CACC)," in Proc. IEEE Veh. Netw. Conf. (VNC), 2017, pp. 45-52.
Y. Shoukry, P. Martin, P. Tabuada, and M. Srivastava, "Non-invasive spoofing attacks for anti-lock braking systems," in Proc. Int. Conf. Cryptograph. Hardw. Embedded Syst., 2013, pp. 55-72.
F. Pasqualetti, F. Dörfler, and F. Bullo, "Attack detection and identification in cyber-physical systems," IEEE Trans. Autom. Control, vol. 58, no. 11, pp. 2715-2729, Nov. 2013.
S. Dadras, R. M. Gerdes, and R. Sharma, "Vehicular platooning in an adversarial environment," in Proc. ACM Symp. Inf. Comput. Commun. Secur., 2015, pp. 167-178.
Z. A. Biron, S. Dey, and P. Pisu, "Resilient control strategy under denial of service in connected vehicles," in Amer. Control Conf. (ACC), 2017, pp. 4971-4976.
S. Oncü, J. Ploeg, N. Van de Wouw, and H. Nijmeijer, "Cooperative adaptive cruise control: Network-aware analysis of string stability," IEEE Trans. Intell. Transp. Syst., vol. 15, no. 4, pp. 1527-1537, Aug. 2014.
W. B. Qin, M. M. Gomez, and G. Orosz, "Stability analysis of connected cruise control with stochastic delays," in Proc. Amer. Control Conf., 2014, pp. 4624-4629.
F. Farivar, M. S. Haghighi, A. Jolfaei, and S. Wen, "On the security of networked control systems in smart vehicle and its adaptive cruise control," IEEE Trans. Intell. Transp. Syst., vol. 22, no. 6, pp. 3824-3831, Jun. 2021.
F. Farivar, M. Sayad Haghighi, A. Jolfaei, and S. Wen, "Covert attacks through adversarial learning: Study of lane keeping attacks on the safety of autonomous vehicles," IEEE/ASME Trans. Mechatronics, vol. 26, no. 3, pp. 1350-1357, Jun. 2021.
I. Mirzadeh, M. S. Haghighi, and A. Jolfaei, "Filtering malicious messages by trust-aware cognitive routing in vehicular ad hoc networks," IEEE Trans. Intell. Transp. Syst., vol. 24, no. 1, pp. 1134-1143, Jan. 2023.
R. Merco, Z. A. Biron, and P. Pisu, "Replay attack detection in a platoon of connected vehicles with cooperative adaptive cruise control," in Proc. Annu. Amer. Control Conf., 2018, pp. 5582-5587.
F. Alotibi and M. Abdelhakim, "Anomaly detection in cooperative adaptive cruise control using physics laws and data fusion," in Proc. IEEE Veh. Technol. Conf., 2019, pp. 1-7.
F. Alotibi and M. Abdelhakim, "Anomaly detection for cooperative adaptive cruise control in autonomous vehicles using statistical learning and kinematic model," IEEE Trans. Intell. Transp. Syst., vol. 22, no. 6, pp. 3468-3478, Jun. 2021.
T. Keijzer and R. M. Ferrari, "A sliding mode observer approach for attack detection and estimation in autonomous vehicle platoons using event triggered communication," in Proc. IEEE Conf. Decis. Control (CDC), 2019, pp. 5742-5747.
F. Farivar, S. Barchinezhad, M. Sayad Haghighi, and A. Jolfaei, "Detection and compensation of covert service-degrading intrusions in cyber physical systems through intelligent adaptive control," in Proc. IEEE Int. Conf. Ind. Technol., 2019, pp. 1143-1148.
M. S. Haghighi, F. Farivar, A. Jolfaei, and M. H. Tadayon, "Intelligent robust control for cyber-physical systems of rotary gantry type under denial of service attack," J. Supercomput., vol. 76, pp. 3063-3085, Apr. 2020.
F. Farivar, M. S. Haghighi, A. Jolfaei, and M. Alazab, "Artificial intelligence for detection, estimation, and compensation of malicious attacks in nonlinear cyber-physical systems and industrial IoT," IEEE Trans. Ind. Informat., vol. 16, no. 4, pp. 2716-2725, Apr. 2020.
R. Merco, F. Ferrante, and P. Pisu, "A hybrid controller for DOS-resilient string-stable vehicle platoons," IEEE Trans. Intell. Transp. Syst., vol. 22, no. 3, pp. 1697-1707, Mar. 2021.
Z. Abdollahi Biron, S. Dey, and P. Pisu, "Sensor fault diagnosis of connected vehicles under imperfect communication network," in Proc. Dyn. Syst. Control Conf., 2016, p. 8.
F. Farivar and M. N. Ahmadabadi, "Continuous reinforcement learning to robust fault tolerant control for a class of unknown nonlinear systems," Appl. Soft Comput., vol. 37, pp. 702-714, Dec. 2015.
S. C. Dekkata and S. Yi, "Improved steering and adaptive cruise control for autonomous vehicles using model predictive control," J. Mechatron. Robot., vol. 3, no. 1, pp. 378-388, 2019.
M. Sayad Haghighi, "A note on the security of ITS: Car crash analysis in cruise control scenarios," 2023, arXiv:2307.08899.
Performance drive. "Acceleration and braking performance dataset." Accessed: Sep. 2, 2022. [Online]. Available: https://performancedrive. com.au/performance-data/
"Motor vehicle census systems," Aust. Bureau Statist., Canberra, ACT, Australia, Rep. 93090DO0012021, Jun. 2021.