PREVENTING REPLAY-TYPE ATTACKS ON A VEHICLE COMMUNICATIONS SYSTEM

US 20090170539A1
Filed: 12/31/2007
Published: 07/02/2009
Est. Priority Date: 12/31/2007
Status: Active Grant

First Claim

Patent Images

1. A method of preventing replay-type attacks on a vehicle communications system, comprising the steps of:

(a) maintaining a central data structure at a call center, wherein the central data structure includes a plurality of sequence counters associated with a fleet of vehicles, and wherein the plurality of sequence counters includes a first sequence counter that is associated with a specific vehicle and is incremented each time a new message is sent to or received from the vehicle;

(b) maintaining a vehicle data structure at the vehicle, wherein the vehicle data structure includes a second sequence counter that is also associated with the vehicle and is incremented each time a new message is sent to or received from the call center;

(c) sending a wireless message between the call center and the vehicle, the wireless message including the first sequence counter or the second sequence counter; and

(d) comparing the first sequence counter to the second sequence counter, wherein the comparison is used to prevent replay-type attacks by identifying wireless messages that were previously sent between the call center and the vehicle.

View all claims

13 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for preventing replay-type attacks on a vehicle communications system that sends short message service (SMS) messages between a call center and a fleet of vehicles. The method uses separate sequence counters maintained at the call center and at each of the vehicles in the fleet to help prevent or at least minimize the effects of unauthorized third party interference; such as replay-type attacks. Each wireless message is embedded with a sequence counter that is provided by the sender and is compared by the recipient with a separate sequence counter for purposes of validation. Some optional features that can be used in conjunction with the sequence counters include a tolerance window feature, a consecutive message feature, and a proximity feature, to name but a few.

29 Citations

View as Search Results

19 Claims

1. A method of preventing replay-type attacks on a vehicle communications system, comprising the steps of:
- (a) maintaining a central data structure at a call center, wherein the central data structure includes a plurality of sequence counters associated with a fleet of vehicles, and wherein the plurality of sequence counters includes a first sequence counter that is associated with a specific vehicle and is incremented each time a new message is sent to or received from the vehicle;
  
  (b) maintaining a vehicle data structure at the vehicle, wherein the vehicle data structure includes a second sequence counter that is also associated with the vehicle and is incremented each time a new message is sent to or received from the call center;
  
  (c) sending a wireless message between the call center and the vehicle, the wireless message including the first sequence counter or the second sequence counter; and
  
  (d) comparing the first sequence counter to the second sequence counter, wherein the comparison is used to prevent replay-type attacks by identifying wireless messages that were previously sent between the call center and the vehicle.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein step (d) further comprises comparing the first sequence counter to the second sequence counter to determine if the first sequence counter is within a tolerance window.
  - 3. The method of claim 2, wherein the tolerance window has a lower boundary equal to the second sequence counter and an upper boundary that is at least two counts higher.
  - 4. The method of claim 2, wherein step (d) further comprises synchronizing the second sequence counter to the first center sequence counter if it is determined that the first sequence counter is within the tolerance window.
  - 5. The method of claim 1, wherein step (d) further comprises comparing the first sequence counter to a sequence counter in a next message received to determine if the two sequence counters are in consecutive order.
  - 6. The method of claim 5, wherein step (d) further comprises synchronizing the second sequence counter to the sequence counter in the next message received if it is determined that the two sequence counters are in consecutive order.
  - 7. The method of claim 5, wherein, if the two sequence counters are in consecutive order but are less than the second sequence counter, then the method further comprises the step of determining if the two consecutive sequence counters are within a certain proximity of the second sequence counter.
  - 8. The method of claim 7, wherein the certain proximity is a predetermined fraction of the overall range of the second sequence counter.
  - 9. The method of claim 1, wherein the wireless message is a short message service (SMS) message having a payload section that contains the first or second sequence counter.

10. A method of preventing replay-type attacks on a vehicle communications system, comprising the steps of:
- (a) constructing a short message service (SMS) message having a payload section;
  
  (b) inserting a first sequence counter into the payload section of the SMS message, wherein the first sequence counter is associated with a specific vehicle and is incremented each time a new message is sent to the vehicle;
  
  (c) sending the SMS message to the vehicle over a wireless carrier system;
  
  (d) extracting the first sequence counter from the payload section of the SMS message; and
  
  (e) evaluating the first sequence counter with a second sequence counter stored at the vehicle, wherein the evaluation is used to prevent replay-type attacks by providing additional security features beyond those inherent to the SMS protocol.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The method of claim 10, wherein step (e) further comprises evaluating the first sequence counter with the second sequence counter to determine if the first sequence counter is within a tolerance window.
  - 12. The method of claim 11, wherein the tolerance window has a lower boundary equal to the second sequence counter and an upper boundary that is at least two counts higher.
  - 13. The method of claim 11, wherein step (d) further comprises synchronizing the second sequence counter to the first center sequence counter if it is determined that the first sequence counter is within the tolerance window.
  - 14. The method of claim 10, wherein step (e) further comprises evaluating the first sequence counter with a sequence counter in a next message received at the vehicle to determine if the two sequence counters are in consecutive order.
  - 15. The method of claim 14, wherein step (e) further comprises synchronizing the second sequence counter to the sequence counter in the next message received at the vehicle if it is determined that the two sequence counters are in consecutive order.
  - 16. The method of claim 14, wherein, if the two sequence counters are in consecutive order but are less than the second sequence counter, then the method further comprises the step of determining if the two consecutive sequence counters are within a certain proximity of the second sequence counter.
  - 17. The method of claim 16, wherein the certain proximity is a fraction of the overall range of the second sequence counter.
  - 18. The method of claim 10, further comprising the steps of:
    - inserting a command into the payload section;
      
      extracting the command from the payload section at a telematics unit of the vehicle; and
      
      executing the command at the vehicle by forwarding the command from the telematics unit to a vehicle system module (VSM).

19. A system for preventing replay-type attacks, comprising:
- a fleet of vehicles, each vehicle in the fleet having a telematics unit and a vehicle data structure with a sequence counter stored thereon;
  
  a call center having a central data structure with a plurality of sequence counters stored thereon, each of the plurality of sequence counters being associated with an individual vehicle in the fleet and being maintained independently of the other sequence counters; and
  
  a wireless carrier system for connecting the call center to the telematics unit of each of the vehicles in the fleet, wherein wireless messages sent between the call center and the vehicles of the fleet are at least in part authenticated by comparing a sequence counter from the vehicle data structure with a sequence counter from the central data structure.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
GM Global Technology Operations LLC (General Motors Company)
Original Assignee
GM Global Technology Operations Incorporated (Motors Liquidation Co. GUC Trust)
Inventors
Kortge, James M., Alrabady, Ansaf I.

Granted Patent

US 8,213,967 B2
Time in Patent Office

Days
Field of Search
US Class Current

455/466
CPC Class Codes

H04L 63/1441 Countermeasures against mal...

PREVENTING REPLAY-TYPE ATTACKS ON A VEHICLE COMMUNICATIONS SYSTEM

First Claim

13 Assignments

0 Petitions

Accused Products

Abstract

29 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

PREVENTING REPLAY-TYPE ATTACKS ON A VEHICLE COMMUNICATIONS SYSTEM

First Claim

13 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

29 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links