System and method for detecting attack when sensor and traffic information are inconsistent

US 10,397,244 B2
Filed: 07/14/2016
Issued: 08/27/2019
Est. Priority Date: 07/30/2015
Status: Active Grant

First Claim

Patent Images

1. A system for detecting an attack, comprising a server and a plurality of vehicles capable of wirelessly communicating with each other,each of the plurality of vehicles including:

a sensor; and

a vehicle processor configured to act as;

a sensor information acquisition interface adapted to acquire sensor information from the sensor; and

a traffic information reception interface adapted to receive traffic information through wireless communication, wherein the traffic information is information that describes a road condition around the vehicle and is sent from an outside of the vehicle,wherein a cryptographic processor is configured to verify electronic signature data of the received traffic information and detect invalid traffic information using signature information notified from the server; and

a transmitter adapted to transmit the sensor information and the traffic information to the server, andthe server including;

a server processor configured to act as;

a specification controller to specify to at least any of the plurality of vehicles signature information indicating the characteristics of the invalid traffic informationa reception controller adapted to receive the sensor information and the traffic information from at least any of the plurality of vehicles;

a verification controller adapted to verify whether the sensor information and the traffic information are inconsistent with each other, the sensor information and the traffic information determined to be inconsistent with each other when the road condition indicated by the traffic information and a road condition derived from the sensor information do not match; and

a notification controller adapted to notify, when the sensor information and the traffic information are inconsistent with each other, at least any of the plurality of vehicles of the inconsistency between the sensor information and the traffic information.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed is a system for detecting an attack, which includes a server and a plurality of vehicles capable of wirelessly communicating with each other. Each of the vehicles has a sensor, a sensor information acquisition unit, a traffic information reception unit, and a transmission unit that transmits the sensor information and the traffic information to the server. The server has a reception unit that receives the sensor information and the traffic information from the vehicles, a verification unit that verifies whether the sensor information and the traffic information are inconsistent with each other, and a notification unit that notifies, when the sensor information and the traffic information are inconsistent with each other, the vehicles of the inconsistency.

9 Citations

View as Search Results

10 Claims

1. A system for detecting an attack, comprising a server and a plurality of vehicles capable of wirelessly communicating with each other,each of the plurality of vehicles including:
- a sensor; and
  
  a vehicle processor configured to act as;
  
  a sensor information acquisition interface adapted to acquire sensor information from the sensor; and
  
  a traffic information reception interface adapted to receive traffic information through wireless communication, wherein the traffic information is information that describes a road condition around the vehicle and is sent from an outside of the vehicle,wherein a cryptographic processor is configured to verify electronic signature data of the received traffic information and detect invalid traffic information using signature information notified from the server; and
  
  a transmitter adapted to transmit the sensor information and the traffic information to the server, andthe server including;
  
  a server processor configured to act as;
  
  a specification controller to specify to at least any of the plurality of vehicles signature information indicating the characteristics of the invalid traffic informationa reception controller adapted to receive the sensor information and the traffic information from at least any of the plurality of vehicles;
  
  a verification controller adapted to verify whether the sensor information and the traffic information are inconsistent with each other, the sensor information and the traffic information determined to be inconsistent with each other when the road condition indicated by the traffic information and a road condition derived from the sensor information do not match; and
  
  a notification controller adapted to notify, when the sensor information and the traffic information are inconsistent with each other, at least any of the plurality of vehicles of the inconsistency between the sensor information and the traffic information.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The system according to claim 1, wherein the notification controller is adapted to notify at least any of the plurality of vehicles of signature information indicating a characteristic of the traffic information inconsistent with the sensor information, and each of the plurality of vehicles has a storage unit adapted to store the signature information received from the server and does not rely on the traffic information consistent with the signature information notified from the notification controller.
  - 3. The system according to claim 2, wherein, when the traffic information includes an identifier of a transmitter of the traffic information, the identifier of the transmitter of the traffic information is used as the signature information on the traffic information.
  - 4. The system according to claim 1, wherein the traffic information includes a position of an object existing on a road, and the verification controller is adapted to determine the inconsistency between the sensor information and the traffic information when being able to estimate from the sensor information that the object does not exist at the position of the object indicated by the traffic information.
  - 5. The system according to claim 4, wherein the traffic information further includes at least any of a movement speed and a movement direction of the object, and the verification controller is adapted to determine the inconsistency between the sensor information and the traffic information when being able to estimate from the sensor information that one of a movement speed and a movement direction of the object existing at the position of the object indicated by the traffic information is inconsistent with one of the movement speed and the movement direction indicated by the traffic information.

6. An system for detecting an attack, comprising:
- a processor configured to act as;
  
  a first acquisition controller adapted to acquire sensor information acquired from a sensor of a vehicle;
  
  a second acquisition controller adapted to acquire traffic information received by the vehicle through wireless communication, wherein the traffic information is information that describes a road condition around the vehicle and is sent from an outside of the vehicle wherein a cryptographic processor is configured to verify electronic signature data of the received traffic information and detect invalid traffic information using signature information notified from the server;
  
  and a verification controller adapted to verify whether the sensor information and the traffic information are inconsistent with each other, the sensor information and the traffic information determined to be inconsistent with each other when the road condition indicated by the traffic information and a road condition derived from the sensor information do not match and wherein the server specifies the vehicle signature information indicating the characteristics of the invalid traffic information.

7. A method for detecting an attack, executed by a system comprising a server and a plurality of vehicles capable of wirelessly communicating with each other, at least one of the plurality of vehicles being a target vehicle and performing:
- a sensor information acquisition step of acquiring sensor information from a sensor wherein a cryptographic processor is configured to verify electronic signature data of the received traffic information and detect invalid traffic information using signature information notified from a server;
  
  a traffic information reception step of receiving traffic information through wireless communication, wherein the traffic information is information that describes a road condition around the vehicle and is sent from an outside of the target vehicle;
  
  and a transmission step of transmitting the sensor information and the traffic information to the server, and the server performing;
  
  a reception step of receiving the sensor information and the traffic information from the target vehicle;
  
  a verification step of verifying whether the sensor information and the traffic information are inconsistent with each other,the sensor information and the traffic information determined to be inconsistent with each other when the road condition indicated by the traffic information and a road condition derived from the sensor information do not match; and
  
  wherein the server specifies the vehicle signature information indicating the characteristics of the invalid traffic information;
  
  and a notification step of notifying, when the sensor information and the traffic information are inconsistent with each other, at least one of the plurality of vehicles of the inconsistency between the sensor information and the traffic information.

8. A method for detecting an attack performed by a computer, the method comprising:
- a first acquisition step of acquiring sensor information acquired from a sensor of a vehicle wherein a cryptographic processor is configured to verify electronic signature data of the received traffic information and detect invalid traffic information using signature information notified from a server,a second acquisition step of acquiring traffic information received by the vehicle through wireless communication, wherein the traffic information is information that describes a current road condition around the vehicle and is sent from an outside of the vehicle;
  
  and a verification step of verifying whether the sensor information and the traffic information are inconsistent with each other, the sensor information and the traffic information determined to be inconsistent with each other when the road condition indicated by the traffic information and a road condition derived from the sensor information do not match and wherein the server specifies the vehicle signature information indicating the characteristics of the invalid traffic information.

9. A non-transitory computer-readable medium having recorded thereon a computer program for causing a computer to perform:
- a sensor information acquisition step of acquiring sensor information from a sensor;
  
  a traffic information reception step of receiving traffic information through wireless communication, wherein the traffic information is information that describes a current road condition around the vehicle and is sent from an outside of a target vehicle of a plurality of vehicles wherein a cryptographic processor verifies electronic signature data of the received traffic information and detect invalid traffic information using signature information notified from a server;
  
  a transmission step of transmitting the sensor information and the traffic information to the server;
  
  a reception step of receiving the sensor information and the traffic information from the target vehicle;
  
  a verification step of verifying whether the sensor information and the traffic information are inconsistent with each other, the sensor information and the traffic information determined to be inconsistent with each other when the road condition indicated by the traffic information and a road condition derived from the sensor information do not match and wherein the server specifies the vehicle signature information indicating the characteristics of the invalid traffic information;
  
  and a notification step of notifying, when the sensor information and the traffic information are inconsistent with each other, at least one of the plurality of vehicles of the inconsistency between the sensor information and the traffic information.

10. A non-transitory computer-readable medium having recorded thereon a computer program for causing a computer to perform:
- a first acquisition step of acquiring sensor information acquired from a sensor of a vehicle;
  
  wherein a cryptographic processor verifies electronic signature data of the received traffic information and detect invalid traffic information using signature information notified from a server;
  
  a second acquisition step of acquiring traffic information received by the vehicle through wireless communication;
  
  and a verification step of verifying whether the sensor information and the traffic information are inconsistent with each other, the sensor information and the traffic information determined to be inconsistent with each other when the road condition indicated by the traffic information and a road condition derived from the sensor information do not match and wherein the server specifies the vehicle signature information indicating the characteristics of the invalid traffic information.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
National University Corporation Yokohama National University, Toyota Jidosha Kabushiki Kaisha (Toyota Motor Corporation)
Original Assignee
Toyota Jidosha Kabushiki Kaisha (Toyota Motor Corporation)
Inventors
Toyama, Tsuyoshi, Oguma, Hisashi, Matsumoto, Tsutomu, Gotoh, Hideki, Moriya, Tomokazu
Primary Examiner(s)
Wright, Bryan F

Application Number

US15/210,392
Publication Number

US 20170032671A1
Time in Patent Office

1,139 Days
Field of Search

726 23
US Class Current
CPC Class Codes

B60W 10/00   Conjoint control of vehicle...

B60W 40/00   Estimation or calculation o...

G06F 21/00   Security arrangements for p...

G06F 21/577   Assessing vulnerabilities a...

G06F 21/64   Protecting data integrity, ...

G06F 21/645   using a third party

G06V 20/56   exterior to a vehicle by us...

G07C 5/008   communicating information t...

G08G 1/0112   from the vehicle, e.g. floa...

G08G 1/0129   for creating historical dat...

G08G 1/017   identifying vehicles G08G1/...

G08G 1/096716   where the received informat...

G08G 1/096741   where the source of the tra...

G08G 1/096775   where the origin of the inf...

G08G 1/096791   where the origin of the inf...

G08G 1/205   Indicating the location of ...

H04L 63/123   received data contents, e.g...

H04L 63/1483   service impersonation, e.g....

H04L 67/12   specially adapted for propr...

H04W 12/106   Packet or message integrity

H04W 4/40 : for vehicles, e.g. vehicle-...

H04W 84/18 : Self-organising networks, e...

View All

System and method for detecting attack when sensor and traffic information are inconsistent

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

9 Citations

10 Claims

Specification

Use Cases

Quick Links

Others

System and method for detecting attack when sensor and traffic information are inconsistent

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

9 Citations

10 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others