SECURITY SYSTEM AND METHOD FOR PROTECTING A VEHICLE ELECTRONIC SYSTEM

US 20150020152A1
Filed: 03/28/2013
Published: 01/15/2015
Est. Priority Date: 03/29/2012
Status: Active Grant

First Claim

Patent Images

1-20. -20. (canceled)

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Security system for protecting a vehicle electronic system by selectively intervening in the communications path in order to prevent the arrival of malicious messages at ECUs, in particular at the safety critical ECUs. The security system includes a filter which prevents illegal messages sent by any system or device communicating over a vehicle communications bus from reaching their destination. The filter may, at its discretion according to preconfigured rules, send messages as is, block messages, change the content of the messages, request authentication or limit the rate such messages can be delivered, by buffering the messages and sending them only in preconfigured intervals.

207 Citations

40 Claims

1-20. -20. (canceled)

21. A vehicle electronic control unit (ECU) having an embedded security system, the electronic control unit (ECU) comprising embedded therein:
- a logic unit, configured to control a function of said vehicle;
  
  a computer processor, in communication with said logic unit;
  
  a message receiving unit, configured to intercept a message being communicated over a communication path between a communications bus of said vehicle and said logic unit;
  
  a message analysis unit, implemented on said computer processor, in communication with said message receiving unit, configured to determine whether communication of data based on said intercepted message, over said communication path between said communications bus of said vehicle and said logic unit, is allowable, according to at least one rule applied on said intercepted message; and
  
  a message transmission unit, in communication with said message analysis unit, configured to forward said data over said communication path, only upon said communication of said data being determined to be allowable by said message analysis unit.

22. A security system for vehicle electronic control unit (ECU) protection, the system comprising:
- a computer processor associated with an ECU of a vehicle;
  
  a message receiving unit, configured to intercept a message being communicated over a communication path between a communications bus of said vehicle and said ECU;
  
  a message analysis unit, implemented on said computer processor, in communication with said message receiving unit, configured to determine whether communication of data based on said intercepted message over said communication path between said communications bus of said vehicle and said ECU, is allowable, according to at least one rule applied on said intercepted message; and
  
  a message transmission unit, in communication with said message analysis unit, configured to forward said data over said communication path, only upon said communication of said data being determined to be allowable by said message analysis unit.
- View Dependent Claims (23, 24, 25)
- - 23. The system of claim 22, further comprising a proxy element, configured to proxy for at least one of said communications bus and ECU.
  - 24. The system of claim 22, wherein said computer processor is integrated inside said ECU.
  - 25. The system of claim 22, wherein said computer processor is installed on a hardware component physically coupled to said ECU.

26. A method for vehicle electronic control unit (ECU) protection, the method comprising:
- a) by a computer processor associated with an ECU of a vehicle, intercepting a message being communicated over a communication path between a communications bus of said vehicle and said ECU;
  
  b) determining whether communication of data based on said intercepted message over said communication path between said communications bus of said vehicle and said ECU, is allowable, according to at least one rule applied on said intercepted message; and
  
  c) forwarding said data over said communication path, only upon said communication of said data being determined to be allowable.
- View Dependent Claims (27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40)
- - 27. The method of claim 26, further comprising deriving said data from said received message.
  - 28. The method of claim 26, further comprising proxying for at least one of said communications bus and said ECU.
  - 29. The method of claim 26, wherein said steps of said method are carried out on a computer processor integrated inside said ECU.
  - 30. The method of claim 26, wherein said steps of said method are carried out on a computer processor installed on a hardware component physically coupled to said ECU.
  - 31. The method of claim 26, further comprising limiting said rate of said forwarding of said data.
  - 32. The method of claim 26, further comprising authenticating a party communicating using said intercepted message and conditioning said forwarding on said authenticating.
  - 33. The method of claim 26, further comprising authenticating a party communicating using said intercepted message, using a challenge and response process, and conditioning said forwarding on said authenticating.
  - 34. The method of claim 26, further comprising maintaining a plurality of party specific authentication statuses, periodically and automatically updating said party specific authentication statuses through an authentication process, and conditioning said forwarding on at least one of said authentication statuses.
  - 35. The method of claim 26, further comprising requesting authentication by a party other than the ECU and the security system, of a party communicating using said intercepted message, and conditioning said forwarding on said authenticating.
  - 36. The method of claim 26, further comprising authenticating a party other than all parties communicating using said intercepted message, and conditioning said forwarding on said authenticating.
  - 37. The method of claim 26, further comprising signing said data prior to said forwarding.
  - 38. The method of claim 26, further comprising verifying that said intercepted message bears a valid signature, and conditioning said forwarding on said verifying.
  - 39. The method of claim 26, further comprising selecting said at least one rule amongst a plurality of predefined rules, according to at least one property of said intercepted message, and basing said determining on said at least one selected rule.
  - 40. The method of claim 26, further comprising deriving statistics based on a logging of execution of said steps.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Sheelds Cyber Limited
Original Assignee
Arliou Information Security Technologies Ltd.
Inventors
Litichever, Gil, Levi, Ziv

Granted Patent

US 9,881,165 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/1
CPC Class Codes

G06F 21/604   Tools and structures for ma...

G06F 21/606   by securing the transmissio...

G06F 21/6218   to a system of files or obj...

G06F 21/85   interconnection devices, e....

H04L 12/40143   involving priority mechanis...

H04L 12/40169   Flexible bus arrangements a...

H04L 2012/40215   Controller Area Network CAN

H04L 63/0263   Rule management

H04L 63/0281   Proxies

H04L 63/08   for authentication of entit...

H04L 63/14   for detecting or protecting...

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 63/1458   Denial of Service

H04L 67/12   specially adapted for propr...

H04W 4/48   for in-vehicle communication

SECURITY SYSTEM AND METHOD FOR PROTECTING A VEHICLE ELECTRONIC SYSTEM

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

207 Citations

40 Claims

Specification

Solutions

Use Cases

Quick Links

SECURITY SYSTEM AND METHOD FOR PROTECTING A VEHICLE ELECTRONIC SYSTEM

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

207 Citations

40 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links