Device for detection and prevention of an attack on a vehicle

US 9,560,071 B2
Filed: 10/17/2013
Issued: 01/31/2017
Est. Priority Date: 10/17/2012
Status: Active Grant

First Claim

Patent Images

1. A device executing instructions for detection and prevention of at least one attack on a vehicle via its one or more communication channels, said device comprising:

a database storing real-time and/or offline data; and

at least one hardware processor coupled to the database for executing the following;

instructions to collect said real-time and/or offline data from one or more sources selected from a group consisting of;

one or more sensors,one or more network based services,one or more navigation applications or navigation devices,one or more electronic control units (ECU) of said vehicle,one or more bus-networks of said vehicle,one or more subsystems of said vehicle, andone or more on board diagnostics (OBD);

instructions to send an alert via said one or more communication channels and/or prevent said attack, by breaking or changing the attacked said one or more communication channels;

instructions to monitor simultaneously content, meta-data and physical-data of said real-time and/or offline data collected from said one or more sources;

instructions to detect said attack based on irregularities of—

or irrational-relation between—

said content and said meta-data,said content and said physical-data,said meta-data and said physical-data,at least two said meta-data, orat least two said physical-data.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A new device for detection and prevention of an attack on a vehicle via its communication channels, having: an input-unit configured to collect real-time and/or offline data from various sources such as sensors, network based services, navigation applications, the vehicles electronic control units, the vehicle'"'"'s bus-networks, the vehicle'"'"'s subsystems, and on board diagnostics; a database, for storing the data; a detection-unit in communication with the input-unit; and an action-unit, in communication with the detection unit, configured for sending an alert via the communication channels and/or prevent the attack, by breaking or changing the attacked communication channels. The detection-unit is configured to simultaneously monitor the content, the meta-data and the physical-data of the data and detect the attack.

Citations

20 Claims

1. A device executing instructions for detection and prevention of at least one attack on a vehicle via its one or more communication channels, said device comprising:
- a database storing real-time and/or offline data; and
  
  at least one hardware processor coupled to the database for executing the following;
  
  instructions to collect said real-time and/or offline data from one or more sources selected from a group consisting of;
  
  one or more sensors,one or more network based services,one or more navigation applications or navigation devices,one or more electronic control units (ECU) of said vehicle,one or more bus-networks of said vehicle,one or more subsystems of said vehicle, andone or more on board diagnostics (OBD);
  
  instructions to send an alert via said one or more communication channels and/or prevent said attack, by breaking or changing the attacked said one or more communication channels;
  
  instructions to monitor simultaneously content, meta-data and physical-data of said real-time and/or offline data collected from said one or more sources;
  
  instructions to detect said attack based on irregularities of—
  
  or irrational-relation between—
  
  said content and said meta-data,said content and said physical-data,said meta-data and said physical-data,at least two said meta-data, orat least two said physical-data.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The device according to claim 1, wherein characteristics for said irregularities or said irrational-relation are selected from a group consisting of:
    - a. irregular said source of said real-time and/or offline data;
      
      b. irregular destination for said real-time and/or offline data;
      
      c. irrational action of at least one of said subsystems, when compared with said real-time and/or offline data received by at least one other of said subsystem;
      
      d. irrational action between at least two of said subsystems;
      
      e. irrational action of at least one of said subsystems, when compared with said content received by at least one of said sensors;
      
      f. irrational said meta-data;
      
      g. irrational meta-content;
      
      h. jam or blockage of said communication channels and/or said network-based services; and
      
      i. sudden change in signal features of said network-based services or said sensors.
  - 3. The device according to claim 1, wherein said database further comprises parameters of at least one known-attack, previously detected as said attack.
  - 4. The device according to claim 3, wherein at least one of the following is held true:
    - a. wherein said at least one hardware processor is further configured to extract said parameters of said attack and update said database;
      
      b. wherein said at least one hardware processor is configured to identify said parameters of said known-attack;
      
      c. said parameters are selected from a group consisting of;
      
      i. irregular said real-time and/or offline data'"'"'s content;
      
      ii. irregular source of said real-time and/or offline data;
      
      iii. irregular destination for said real-time and/or offline data;
      
      iv. irrational said real-time and/or offline data'"'"'s content, when compared with data received by at least one other said source;
      
      v. irrational action of at least one of said subsystems, when compared with data received by at least one other subsystem;
      
      vi. irrational action between at least two of said subsystems;
      
      vii. irrational action of at least one of said subsystems, when compared with said real-time and/or offline data received by at least one of said sensors;
      
      viii. irrational meta-data;
      
      ix. irrational meta-content;
      
      x. jam or blockage of said communication channels and/or said network-based services;
      
      xi. sudden change in the signal features of said network-based services and/or said sensors;
      
      xii. said vehicle location;
      
      xiii. a brand of vehicle;
      
      xiv. said sensors;
      
      xv. said communication channels;
      
      xvi. said navigation applicationxvii. said navigation device; and
      
      xviii. communication interfaces; and
      
      ,d. any combination thereof.
  - 5. The device according to claim 3, wherein said device further comprising a remote-server configured to communicate with said database for delivering and/or receiving at least one additional said parameters of said known-attack.
  - 6. The device according to claim 5, wherein at least one of the following is held true:
    - a. said remote-server configured to collect said real-time and/or offline data from at least one additional vehicle, monitor the content, the meta-data and the physical-data of said real-time and/or offline data, detect said attack and update said attack to database;
      
      b. said device is at least partially embedded within one of said vehicle'"'"'s hardware-cards, software-units and/or within said remote-server; and
      
      ,c. any combination thereof.
  - 7. The device according to claim 1, wherein at least one of the following is held true:
    - a. wherein said at least one hardware processor execute a machine-learning engine configured to learn the features and behaviour of said real-time and/or of line data'"'"'s content, meta-data and physical-data and recognize any unfamiliar behavior;
      
      b. wherein said at least one hardware processor is configured to instruct a display to notify and alert a user of said attack;
      
      c. said device is in communication with a remote display configured to notify and alert a user of said attack;
      
      d. said one or more said subsystems are selected from a group consisting of;
      
      i. tire pressure monitoring,ii. stability control,iii. cruise control,iv. airbag control,v. powertrain control module (PCM),vi. transmission control module (TCM),vii. brake control module (BCM),viii. central control module (CCM),ix. central timing module (CTM),x. general electronic module (GEM),xi. body control module (BCM),xii. suspension control module (SCM),xiii. convenience control unit (CCU),xiv. engine control unit (ECU),xv. electric power steering control unit (PSCU),xvi. human machine interface (HMI),xvii. seat control unit,xviii. speed control unit,xix. telephone control unit (TCU),xx. transmission control unit (TCU),xxi. brake control module (ABS or ESC),xxii. crash sensors,xxiii. airbags,xxiv. seatbelts,xxv. tire pressure monitoring system (TPMS),xxvi. electronic stability control system (ESC),xxvii. traction control system (TCS),xxviii. anti lock braking system (ABS),xxix. electronic brake assistance system (EBA),xxx. electronic brake force distribution,xxxi. electronic brake-force distribution (EBD) system,xxxii. emergency shutdown,xxxiii. driven notifications and alerts,xxxiv. pedestrian object recognition,xxxv. lane keeping assistance,xxxvi. collation avoidance,xxxvii. adaptive headlamps control,xxxviii. reverse backup sensors,xxxix. adaptive cruise control,xl. active cruise control (ACC),xli. traction control systems,xlii. electronic stability control,xliii. automated parking system,xliv. multimedia,xlv. active noise cancelation (ANC),xlvi. radio,xlvii. radio data system (RDS),xlviii. driver information functions,xlix. AM/FM or satellite radio,l. DC/DVD player,li. payment systems,lii. in vehicle Wi-Fi router,liii. internal lights,liv. climate control,lv. chairs adjustment,lvi. electric windows,lvii. mirror adjustment,lviii. central locking,lix. battery management,lx. charging management,lxi. vehicle-grid system,lxii. active cruise control (ACC),lxiii. remote control keys,lxiv. theft deterrent systems,lxv. immobilizer system,lxvi. security systems,lxvii. digital cameras,lxviii. night vision,lxix. lasers,lxx. radar,lxxi. RF sensors,lxxii. infotainment system andlxxiii. robotic gear-shaft; and
      
      ,e. any combination thereof.
  - 8. The device according to claim 1, wherein said one or more said sensors are selected from a group consisting of:
    - a. distance sensor,b. velocity sensor,c. temperature sensor,d. satellite transmission sensor,e. cellular transmission sensors,f. video image,g. air-fuel ratio meter,h. blind spot monitor,i. crankshaft position sensor,j. curb feeler, used to warn driver of curbs,k. defect detector, used on railroads to detect axle and signal problems in passing trainsl. engine coolant temperature (ECT) sensor, used to measure the engine temperature,m. hall effect sensor, used to time the speed of wheels and shafts,n. manifold absolute pressure (MAP) sensor, used in regulating fuel metering,o. mass flow sensor, or mass airflow (MAF) sensor, used to tell the mass of air entering the engine,p. oxygen sensor, used to monitor the amount of oxygen in an exhaust of said vehicle,q. parking sensors, used to alert the driver of unseen obstacles during parking maneuvers,r. radar gun, used to detect the speed of other objects,s. speedometer, used measure the instantaneous speed of a land vehicle,t. speed sensor, used to detect the speed of an object,u. throttle position sensor, used to monitor the position of the throttle in an internal combustion engine,v. tire-pressure monitoring sensor, used to monitor the air pressure inside the tires,w. torque sensor, or torque transducer or torque-meter measures torque (twisting force) on a rotating system,x. transmission fluid temperature sensor, used to measure the temperature of the transmission fluid,y. turbine speed sensor (TSS), or input speed sensor (ISS), used to measure the rotational speed of the input shaft or torque converter,z. variable reluctance sensor, used to measure position and speed of moving metal components,aa. vehicle speed sensor (VSS), used to measure the speed of the vehicle,bb. water sensor or water-in-fuel sensor, used to indicate the presence of water in fuel,cc. wheel speed sensor, used for reading the speed of a vehicle'"'"'s wheel rotation,dd. comfort sensors including;
      
      seats position, seat heat, air condition and passengers location, andee. any combination thereof.
  - 9. The device according to claim 1, wherein said ECU is selected from a group consisting of:
    - a. electronic/engine control module (ECM),b. powertrain control module (PCM),c. transmission control module (TCM),d. brake control module (BCM),e. central control module (CCM),f. central timing module (CTM),g. general electronic module (GEM),h. body control module (BCM),i. suspension control module (SCM),j. airbag control unit (ACU),k. body control module (BCU), controls door locks, electric windows, and courtesy lights,l. convenience control unit (CCU),m. door control unit (DCU),n. engine control unit,o. electric power steering control unit (PSCU), integrated into the electric power steering (EPS) power-pack,p. human-machine interface (HMI),q. powertrain control module (PCM),r. seat control unit,s. speed control unit (SCU),t. telephone control unit (TCU),u. telematic control unit (TCU),v. transmission control unit (TCU),w. brake control module (BCM),x. on board or integrated ECU processing remote services, andy. any combination thereof.
  - 10. The device according to claim 1, wherein at least one of the following is held true:
    - a. wherein said at least one hardware processor is configured to initiate further collection of said data from said at least one source;
      
      b. said device further comprises a commercialized anti-virus, malware-application, firewall or other malicious code database, Which can be provided by a third party;
      
      c. said vehicle is driven by a human, by an at least partially autonomous driving system, or by a remote control system or by full autonomous driving system;
      
      d. said vehicle is a robotic platform;
      
      e. said vehicle travels via land, water or air; and
      
      ,f. any combination thereof.
  - 11. The device according to claim 1, wherein at least one of the following is held true:
    - g. said device further comprises an assessment engine configured to evaluate risk-level of said attack to said vehicle and its passengers and prioritize said attack;
      
      h. said one or more network based services are selected from a group consisting of;
      
      web, physical cable, Wi-Fi, cellular, blue tooth, RF, GPS, vehicle to vehicle communication, vehicle to passenger infrastructure, environment to vehicle infrastructure;
      
      i. said one or more navigation applications or devices are selected from a group consisting of;
      
      satellite navigator, cellular navigator and inertial dedicated navigator;
      
      j. said one or more navigation applications or devices are said vehicle'"'"'s own subsystem navigator; and
      
      ,k. any combination thereof.

12. A method for detecting and preventing at least one attack on a vehicle via its one or more communication channels, said method comprising:
- using at least one hardware processor coupled to a database storing real-time and/or offline data for;
  
  collecting real-time and/or offline data from one or more sources selected from a group consisting of;
  
  one or more sensors,one or more network based services,one or more navigation applications or navigation devices,one or more electronic control units (ECU) of said vehicle,one or more bus-networks of said vehicle,one or more subsystems of said vehicle, andone or more on board diagnostics (OBD);
  
  storing said real-time and/or offline data in said database;
  
  monitoring said real-time and/or offline data for an attack; and
  
  if detecting said attack,instructing sending an alert and/or preventing said attack by breaking or changing said one or more communication channels;
  
  wherein said monitoring includes simultaneous examination of content, meta-data and physical-data of said real-time and/or offline data collected from same or different said sources for said detecting of said attack, based on irregularities of—
  
  or irrational-relation between—
  
  said content and said meta-data,said content and said physical-data,said meta-data and said physical-data,at least two said meta-data, orat least two said physical-data.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20)
- - 13. The method according to claim 12, wherein characteristics for said irregularities or said irrational-relation are selected from a group consisting of:
    - a. irregular said source of said real-time and/or offline data;
      
      b. irregular destination for said real-time and/or offline data;
      
      c. irrational action of at least one of said subsystems, when compared with data received by at least one other of said subsystem;
      
      d. irrational action between at least two of said subsystems;
      
      e. irrational action of at least one of said subsystems, when compared with said real-time and/or offline data received by at least one of said sensors;
      
      f. irrational said meta-data;
      
      g. irrational meta-content;
      
      h. jam or blockage of said communication channels and/or said network-based services; and
      
      i. sudden change in signal features of said network-based services or said sensors.
  - 14. The method according to claim 12, wherein said step of storing further comprises storing of parameters of at least one known-attack, previously detected as said attack.
  - 15. The method according to claim 14, further comprising at least one of the following steps:
    - a. extracting said parameters;
      
      b. identifying said parameters of said known-attack and updating for said step of alerting;
      
      c. said parameters are selected from a group consisting of;
      
      i. irregular said real-time and/or offline data'"'"'s content;
      
      ii. irregular source of said real-time and/or offline data;
      
      iii. irregular destination for said real-time and/or offline data;
      
      iv. irrational said real-time and/or offline data'"'"'s content, when compared with data received by at least one other said source;
      
      v. irrational action of at least one of said subsystems, when compared with data received by at least one other subsystem;
      
      vi. irrational action between at least two of said subsystems;
      
      vii. irrational action of at least one of said subsystems, when compared with said real-time and/or offline data received by at least one of said sensors;
      
      viii. irrational meta-data;
      
      ix. irrational meta-content;
      
      x. jam or blockage of said communication channels and/or said network-based services;
      
      xi. sudden change in the signal features of said network-based services and/or said sensors;
      
      xii. said vehicle location;
      
      xiii. a brand of said vehicle;
      
      xiv. said sensors;
      
      xv. said communication channels;
      
      xvi. said navigation applicationxvii. said navigation device; and
      
      ,xviii. communication interfaces; and
      
      ,d. any combination thereof.
  - 16. The method according to claim 14, further comprising step of communicating said database with a remote-server delivering and/or receiving at least one additional said parameters of said known-attack.
  - 17. The method according to claim 16, wherein said remote-server configured for collecting said real-time and/or offline data from at least one additional vehicle, monitoring the content, the meta-data and the physical-data of said real-time and/or offline data, detecting said attack and updating said attack to database.
  - 18. The method according to claim 12, additionally comprising at least one of the following steps:
    - e. said step of detecting further includes learning the features and behaviour of said real-time and/or offline data'"'"'s content, meta-data and physical-data and recognizing any unfamiliar behavior;
      
      f. displaying said alert for notifying and alerting a user of said attack;
      
      g. said one or more said sensors are selected from a group consisting of;
      
      i. distance sensor,ii. velocity sensor,iii. temperature sensor,iv. satellite transmission sensor,v. cellular transmission sensors,vi. video image,vii. air-fuel ratio meter,viii. blind spot monitor,ix. crankshaft position sensor,x. curb feeler, used to warn driver of curbs,xi. defect detector, used on railroads to detect axle and signal problems in passing trainsxii. engine coolant temperature sensor (ECT), used to measure the engine temperature,xiii. hall effect sensor, used to time the speed of wheels and shafts,xiv. manifold absolute pressure (MAP) sensor, used in regulating fuel metering,xv. mass flow sensor, or mass airflow (MAF) sensor, used to tell mass of air entering the engine,xvi. oxygen sensor, used to monitor the amount of oxygen in an exhaust of said vehicle,xvii. parking sensors, used to alert the driver of unseen obstacles during parking maneuvers,xviii. radar gun, used to detect the speed of other objects,xix. speedometer, used measure the instantaneous speed of a land vehicle,xx. speed sensor, used to detect the speed of an object,xxi. throttle position sensor, used to monitor the position of the throttle in an internal combustion engine,xxii. tire-pressure monitoring sensor, used to monitor the air pressure inside the tires,xxiii. torque sensor, or torque transducer or torque-meter measures torque (twisting force) on a rotating system,xxiv. transmission fluid temperature sensor, used to measure the temperature of the transmission fluid,xxv. turbine speed sensor (TSS), or input speed sensor (ISS), used to measure the rotational speed of the input shaft or torque converter,xxvi. variable reluctance sensor, used to measure position and speed of moving metal components,xxvii. vehicle speed sensor (VSS), used to measure the speed of the vehicle,xxviii. water sensor or water-in-fuel sensor, used to indicate the presence of water in fuelxxix. wheel speed sensor, used for reading the speed of a vehicle'"'"'s wheel rotation,xxx. comfort sensors including;
      
      seats position, seat heat, air condition and passengers location, andxxxi. any combination thereof;
      
      h. said one or more said subsystems are selected from a group consisting of;
      
      i. tire pressure monitoring,ii. stability control,iii. cruise control,iv. airbag control,v. powertrain control module (PCM),vi. transmission control module (TCM),vii. brake control module (BCM),viii. central control module (CCM),ix. central timing module (CTM),x. general electronic module (GEM),xi. body control module (BCM),xii. suspension control module (SCM),xiii. convenience control unit (CCU),xiv. convenience control unit (CCU),xv. convenience control unit (CCU),xvi. engine control unit (ECU),xvii. electric power steering control unit (PSCU),xviii. human machine interface (HMI),xix. seat control unit,xx. speed control unit,xxi. telephone control unit (TCU),xxii. transmission control unit (TCU),xxiii. brake control module (ABS or ESC),xxiv. crash sensors,xxv. airbags,xxvi. seatbelts,xxvii. tire pressure monitoring system (TPMS),xxviii. electronic stability control system (ESC),xxix. traction control system (TCS),xxx. anti lock braking system (ABS),xxxi. electronic brake assistance system (EBA),xxxii. electronic brake force distribution,xxxiii. electronic brake-force distribution (EBD) system,xxxiv. emergency shutdown,xxxv. driven notifications and alerts,xxxvi. pedestrian object recognition,xxxvii. lane keeping assistance,xxxviii. collation avoidance,xxxix. adaptive headlamps control,xl. reverse backup sensors,xli. adaptive cruise control,xlii. active cruise control (ACC),xliii. traction control systems,xliv. electronic stability control,xlv. automated parking system,xlvi. multimedia,xlvii. active noise cancelation (ANC),xlviii. radio,xlix. radio data system (RDS),l. driver information functions,li. AM/FM or satellite radio,lii. DC/DVD player,liii. payment systems,liv. in vehicle Wi-Fi router,lv. internal lights,lvi. climate control,lvii. chairs adjustment,lviii. electric windows,lix. mirror adjustment,lx. central locking,lxi. battery management,lxii. charging management,lxiii. vehicle-grid system,lxiv. active cruise control (ACC),lxv. remote control keys,lxvi. theft deterrent systems,lxvii. immobilizer system,lxviii. security systems,lxix. digital cameras,lxx. night vision,lxxi. lasers,lxxii. radar,lxxiii. RF sensors,lxxiv. infotainment system; and
      
      ,lxxv. robotic gear-shaft; and
      
      ,i. any combination thereof.
  - 19. The method according to claim 12, wherein said ECU is selected from a group consisting of:
    - a. electronic engine control module (ECM),b. powertrain control module (PCM),c. transmission control module (TCM),d. brake control module (BCM),e. central control module (CCM),f. central timing module (CTM),g. general electronic module (GEM),h. body control module (BCM),i. suspension control module (SCM),j. airbag control unit (ACU),k. body control module (BCU), controls door locks, electric windows, and courtesy lights,l. convenience control unit (CCU),m. door control unit (DCU),n. engine control unit,o. electric power steering control unit (PSCU), integrated into the electric power steering (EPS) power-pack,p. human-machine interface (HMI),q. powertrain control module (PCM),r. seat control unit,s. speed control unit (SCU),t. telephone control unit (TCU),u. telematic control unit (TCU),v. transmission control unit (TCU),w. brake control module (BCM),x. on board or integrated ECU processing remote services, andy. any combination thereof.
  - 20. The method according to claim 12, further comprising at least one of the following steps:
    - j. evaluating the risk-level of said attack to said vehicle and its passengers and prioritizing said attack;
      
      k. selecting said one or more network based from a group consisting of;
      
      web, physical cable, Wi-Fi, cellular, blue tooth, RF, GPS, vehicle to vehicle communication, vehicle to passenger infrastructure, environment to vehicle infrastructure;
      
      l. selecting said one or more navigation applications or devices from a group consisting of;
      
      satellite navigator, cellular navigator, north finding systems (NFS), or inter-vehicle orientation system and inertial dedicated navigator; and
      
      ,m. any combination thereof.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Tower-Sec Ltd.
Original Assignee
Tower-Sec Ltd.
Inventors
Weisglass, Yuval, Ruvio, Guy, Dickman, Saar
Primary Examiner(s)
LEMMA, SAMSON B

Application Number

US14/436,123
Publication Number

US 20150271201A1
Time in Patent Office

1,202 Days
Field of Search

726/23
US Class Current

1/1
CPC Class Codes

B60R 16/023   for transmission of signals...

B60R 16/0231   Circuits relating to the dr...

G06N 20/00   Machine learning

H04L 63/1408   by monitoring network traff...

H04L 63/1441   Countermeasures against mal...

H04L 63/1466   Active attacks involving in...

H04L 67/12   specially adapted for propr...

Device for detection and prevention of an attack on a vehicle

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Device for detection and prevention of an attack on a vehicle

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links