Evaluation of PTP Security Controls on gPTP

in 28th IEEE International Symposium on Computers and Communications (ISCC 2023), Tunis, July 2023 (2023, July 09)

In recent years, the scientific community has been focusing on deterministic Ethernet, which has helped drive the adoption of Time-Sensitive Networking (TSN) standards. Precision Time Protocol (PTP ... [more ▼]

In recent years, the scientific community has been focusing on deterministic Ethernet, which has helped drive the adoption of Time-Sensitive Networking (TSN) standards. Precision Time Protocol (PTP), specified in IEEE1588, is a TSN standard that enables network devices to be synchronized with a degree of precision that is noticeably higher than other Ethernet synchronization protocols. Generic Precision Time Protocol (gPTP), a profile of PTP, is designed to have low latency and jitter, which makes it suitable for industrial applications. However, like PTP, gPTP does not have any built-in security measures. In this work, we assess the efficacy of additional security mechanisms that were suggested for inclusion in IEEE 1588 (PTP) 2019. The analysis consists of implementing these security mechanisms on a physical gPTP-capable testbed and evaluating them on several high-risk attacks against gPTP. [less ▲]

Assessing the Impact of Attacks on an Automotive Ethernet Time Synchronization Testbed

in Fotouhi, Mahdi; Buscemi, Alessio; Boualouache, Abdelwahab (Eds.) et al 2023 IEEE Vehicular Networking Conference (VNC), Istanbul 26-28 April 2023 (2023, April)

Time Sensitive Network (TSN) standards are gaining traction in the scientific community and automotive Original Equipment Manufacturers (OEMs) due their promise of deterministic Ethernet networking. Among ... [more ▼]

Time Sensitive Network (TSN) standards are gaining traction in the scientific community and automotive Original Equipment Manufacturers (OEMs) due their promise of deterministic Ethernet networking. Among these standards, Generalized Precision Time Protocol (gPTP) - IEEE 802.1AS - allows network devices to be synchronized with a precision far higher than other synchronization standards, such as Network Time Protocol (NTP). gPTP is a profile of Precision Time Protocol (PTP) which, due to its robustness to delay variations, has been designated for automotive applications. Nonetheless, gPTP was designed without security controls, which makes it vulnerable to a number of attacks. This work reveals a critical vulnerability caused by a common implementation practice that opens the door to spoofing attacks on gPTP. To assess the impact of this vulnerability, we built two real gPTP-capable testbeds. Our results show high risks of this vulnerability destabilizing the system functionality. [less ▲]

A Survey on Privacy-preserving Electronic Toll Collection Schemes for Intelligent Transportation Systems

in IEEE Transactions on Intelligent Transportation Systems (2023)

As part of Intelligent Transportation Systems (ITS), Electronic toll collection (ETC) is a type of toll collection system (TCS) which is getting more and more popular as it can not only help to finance ... [more ▼]

As part of Intelligent Transportation Systems (ITS), Electronic toll collection (ETC) is a type of toll collection system (TCS) which is getting more and more popular as it can not only help to finance the government's road infrastructure but also it can play a crucial role in pollution reduction and congestion management. As most of the traditional ETC schemes (ETCS) require identifying their users, they enable location tracking. This violates user privacy and poses challenges regarding the compliance of such systems with privacy regulations such as the EU General Data Protection Regulation (GDPR). So far, several privacy-preserving ETC schemes have been proposed. To the best of our knowledge, this is the first survey that systematically reviews and compares various characteristics of these schemes, including components, technologies, security properties, privacy properties, and attacks on ETCS. This survey first categorizes the ETCS based on two technologies, GNSS and DSRC. Then under these categories, the schemes are classified based on whether they provide formal proof of security and support security analysis. We also demonstrate which schemes specifically are/are not resistant to collusion and physical attacks. Then, based on these classifications, several limitations and shortcomings in privacy-preserving ETCS are revealed. Finally, we identify several directions for future research. [less ▲]

5G Vehicle-to-Everything at the Cross-Borders: Security Challenges and Opportunities

in IEEE Internet of Things Journal (2022)

5G Vehicle-to-Everything (5G-V2X) communications will play a vital role in the development of the automotive industry. Indeed and thanks to the Network Slicing (NS) concept of 5G and beyond networks (B5G ... [more ▼]

5G Vehicle-to-Everything (5G-V2X) communications will play a vital role in the development of the automotive industry. Indeed and thanks to the Network Slicing (NS) concept of 5G and beyond networks (B5G), unprecedented new vehicular use–cases can be supported on top of the same physical network. NS promises to enable the sharing of common network infrastructure and resources while ensuring strict traffic isolation and providing necessary network resources to each NS. However, enabling NS in vehicular networks brings new security challenges and requirements that automotive or 5G standards have not yet addressed. Attackers can exploit the weakest link in the slicing chain, connected and automated vehicles, to violate the slice isolation and degrade its performance. Furthermore, these attacks can be more powerful, especially if they are produced in cross-border areas of two countries, which require an optimal network transition from one operator to another. Therefore, this article aims to provide an overview of newly enabled 5G-V2X slicing use cases and their security issues while focusing on cross-border slicing attacks. It also presents the open security issues of 5G-V2X slicing and identifies some opportunities. [less ▲]

The Impact Of Distributed Data Preprocessing On Automotive Data Streams

in 2022 IEEE 96th Vehicular Technology Conference: (VTC2022-Fall) (2022, September)

Vehicles have transformed into sophisticated com- puting machines that not only serve the objective of transporta- tion from point A to point B but serve other objectives including improved experience ... [more ▼]

Vehicles have transformed into sophisticated com- puting machines that not only serve the objective of transporta- tion from point A to point B but serve other objectives including improved experience, safer journey, automated and more efficient and sustainable transportation. With such sophistication comes complex applications and enormous volumes of data generated from diverse types of vehicle sensors and components. Automotive data is not sedentary but moves from the edge (the vehicle) to the cloud (e.g., infrastructure of the vehicle manufacturers, national highway agencies, insurance companies, etc.). The exponential increase in data volume and variety generated in modern vehicles far exceeds the rate of infrastructure scaling and expansion. To mitigate this challenge, the computational and storage capacities of vehicle components can be leveraged to perform in-vehicle operations on the data to either prepare and transform (prepro- cess) the data or extract information from (process) the data. This paper focuses on distributing data preprocessing to the vehicle and highlights the benefits and impact of the distribution including on the consumption of resources (e.g., energy). [less ▲]

Preventing Frame Fingerprinting in Controller Area Network Through Traffic Mutation

in IEEE ICC 2022 Workshop - DDINS, Seoul 16-20 May 2022 (2022, May)

The continuous increase of connectivity in commercial vehicles is leading to a higher number of remote access points to the Controller Area Network (CAN) – the most popular in-vehicle network system. This ... [more ▼]

The continuous increase of connectivity in commercial vehicles is leading to a higher number of remote access points to the Controller Area Network (CAN) – the most popular in-vehicle network system. This factor, coupled with the absence of encryption in the communication protocol, poses serious threats to the security of the CAN bus. Recently, it has been demonstrated that CAN data can be reverse engineered via frame fingerprinting, i.e., identification of frames based on statistical traffic analysis. Such a methodology allows fully remote decoding of in-vehicle data and paves the way for remote pre-compiled vehicle-agnostic attacks. In this work, we propose a first solution against CAN frame fingerprinting based on mutating the traffic without applying modifications to the CAN protocol. The results show that the proposed methodology halves the accuracy of CAN frame fingerprinting. [less ▲]

Transforming IoT Data Preprocessing: A Holistic, Normalized and Distributed Approach

in The Fifth International Workshop on Data: Acquisition To Analysis (2022)

Data preprocessing is an integral part of Artificial Intelligence (AI) pipelines. It transforms raw data into input data that fulfill algorithmic criteria and improve prediction accuracy. As the adoption ... [more ▼]

Data preprocessing is an integral part of Artificial Intelligence (AI) pipelines. It transforms raw data into input data that fulfill algorithmic criteria and improve prediction accuracy. As the adoption of Internet of Things (IoT) gains more momentum, the data volume generated from the edge is exponentially increasing that far exceeds any expansion of infrastructure. Social responsibilities and regulations (e.g., GDPR) must also be adhered when handling IoT data. In addition, we are currently witnessing a shift towards distributing AI to the edge. The aforementioned reasons render the distribution of data preprocessing to the edge an urgent requirement. In this paper, we introduce a modern data preprocessing framework that consists of two main parts. Part1 is a design tool that reduces the complexity and costs of the data preprocessing phase for AI via generalization and normalization. The design tool is a standard template that maps specific techniques into abstract categories and highlights dependencies between them. In addition, it presents a holistic notion of data preprocessing that is not limited to data cleaning. The second part is an IoT tool that adopts the edge-cloud collaboration model to progressively improve the quality of the data. It includes a synchronization mechanism that ensures adaptation to changes in data characteristics and a coordination mechanism that ensures correct and complete execution of preprocessing plans between the cloud and the edge. The paper includes an empirical analysis of the framework using a developed prototype and an automotive use-case. Our results demonstrate reductions in resource consumption (e.g., energy, bandwidth) while maintaining the value and integrity of the data. [less ▲]

CANMatch: A Fully Automated Tool for CAN Bus Reverse Engineering based on Frame Matching

in IEEE Transactions on Vehicular Technology (2021)

Controller Area Network (CAN) is the most frequently used in-vehicle communication system in the automotive industry today. The communication inside the CAN bus is typically encoded using proprietary ... [more ▼]

Controller Area Network (CAN) is the most frequently used in-vehicle communication system in the automotive industry today. The communication inside the CAN bus is typically encoded using proprietary formats in order to prevent easy access to the information exchanged on the bus. However, it is still possible to decode this information through reverse engineering, performed either manually or via automated tools. Existing automated CAN bus reverse engineering methods are still time-consuming and require some manual effort, i.e., to inject diagnostic messages in order to trigger specific responses. In this paper, we propose CANMatch a fully automated CAN bus reverse engineering framework that does not require any manual effort and significantly decreases the execution time by exploiting the reuse of CAN frames across different vehicle models. We evaluate the proposed solution on a dataset of CAN logs, or traces, related to 479 vehicles from 29 different automotive manufacturers, demonstrating its improved performance with respect to the state of the art. [less ▲]

A Near-Field-based TPMS Solution for Heavy Commercial Vehicle Environement

in 2021 IEEE 94th Vehicular Technology Conference (VTC2021-Fall) proceedings (2021, September 27)

Evaluation of TPMS Signal Propagation in a Heavy Commercial Vehicle Environement

E-print/Working paper (2021)