Systems and methods for detecting discrepancies in automobile-network data

US 9,582,669 B1
Filed: 10/28/2014
Issued: 02/28/2017
Est. Priority Date: 10/28/2014
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for detecting discrepancies in automobile-network data, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:

receiving, via a logging device, data that indicates a first state of at least one attribute of an automobile at a moment in time, wherein;

the data has been conveyed via an automobile-network message that was purportedly broadcast over an automobile network of the automobile; and

the logging device is configured to;

connect to the automobile network via a port of the automobile network; and

log automobile-network messages that;

are broadcast over the automobile network; and

convey states of the attribute of the automobile;

receiving, via at least one sensor of a mobile device, additional data that indicates a second state of the same attribute of the automobile at the same moment in time, wherein the mobile device was traveling with the automobile when the automobile-network message was logged by the logging device;

detecting a security incident by determining that a difference between the first state and the second state is indicative of the automobile-network message having been falsified; and

performing a security action by flagging the data as having been falsified.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The disclosed computer-implemented method for detecting discrepancies in automobile-network data may include (1) receiving data that indicates at least one attribute of an automobile and that was conveyed via an automobile-network message that was purportedly broadcast over an automobile network of the automobile, (2) receiving additional data that indicates the same attribute of the automobile and that was not conveyed via any automobile-network message that was broadcast over the automobile network, (3) detecting a discrepancy between the data and the additional data, and (4) performing a security action in response to detecting the discrepancy between the data and the additional data. Various other methods, systems, and computer-readable media are also disclosed.

33 Citations

View as Search Results

13 Claims

1. A computer-implemented method for detecting discrepancies in automobile-network data, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:
- receiving, via a logging device, data that indicates a first state of at least one attribute of an automobile at a moment in time, wherein;
  
  the data has been conveyed via an automobile-network message that was purportedly broadcast over an automobile network of the automobile; and
  
  the logging device is configured to;
  
  connect to the automobile network via a port of the automobile network; and
  
  log automobile-network messages that;
  
  are broadcast over the automobile network; and
  
  convey states of the attribute of the automobile;
  
  receiving, via at least one sensor of a mobile device, additional data that indicates a second state of the same attribute of the automobile at the same moment in time, wherein the mobile device was traveling with the automobile when the automobile-network message was logged by the logging device;
  
  detecting a security incident by determining that a difference between the first state and the second state is indicative of the automobile-network message having been falsified; and
  
  performing a security action by flagging the data as having been falsified.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The computer-implemented method of claim 1, wherein:
    - the data is received from the logging device by the mobile device;
      
      the steps of detecting the security incident and performing the security action are performed by the mobile device; and
      
      performing the security action comprises reporting the security incident to a cloud-based computing system.
  - 3. The computer-implemented method of claim 2, wherein:
    - the data is received from the logging device by a cloud-based computing system;
      
      the additional data is received from the mobile device by the cloud-based computing system; and
      
      the steps of detecting the security incident and performing the security action are performed by the cloud-based computing system.
  - 4. The computer-implemented method of claim 1, wherein:
    - detecting the security incident comprises determining that the difference between the first state and the second state is indicative of the automobile-network message having been tampered with; and
      
      performing the security action comprises flagging the data as having been tampered with.
  - 5. The computer-implemented method of claim 1, wherein:
    - detecting the security incident comprises determining that the difference between the first state and the second state is indicative of the automobile-network message having been collected from a replay device that replayed the automobile-network message; and
      
      performing the security action comprises flagging the data as having been collected from the replay device.
  - 6. The computer-implemented method of claim 1, wherein:
    - detecting the security incident comprises determining that the difference between the first state and the second state is indicative of the automobile-network message having been collected from a filtering device that filtered the automobile-network message; and
      
      performing the security action comprises flagging the data as having been collected from the filtering device.
  - 7. The computer-implemented method of claim 1, wherein the automobile-network message was broadcast over the automobile network by a source device connected to the automobile network.

8. A system for detecting discrepancies in automobile-network data, the system comprising:
- at least one receiving module, stored in memory, that;
  
  receives, via a logging device, data that indicates a first state of at least one attribute of an automobile at a moment in time, wherein;
  
  the data has been conveyed via an automobile-network message that was purportedly broadcast over an automobile network of the automobile; and
  
  the logging device is configured to;
  
  connect to the automobile network via a port of the automobile network; and
  
  log automobile-network messages that;
  
  are broadcast over the automobile network; and
  
  convey states of the attribute of the automobile;
  
  receives, via at least one sensor of a mobile device, additional data that indicates a second state of the same attribute of the automobile at the same moment in time, wherein the mobile device was traveling with the automobile when the automobile-network message was logged by the logging device;
  
  a detecting module, stored in memory, that detects a security incident by determining that a difference between the first state and the second state is indicative of the automobile-network message having been falsified;
  
  a security module, stored in memory, that performs a security action by flagging the data as having been falsified; and
  
  at least one physical processor that executes the receiving module, the detecting module, and the security module.
- View Dependent Claims (9, 10, 11, 12)
- - 9. The system of claim 8, wherein:
    - the receiving module receives the data from the logging device as part of the mobile device;
      
      the mobile device comprises the detecting module and the security module; and
      
      the security module performs the security action by further reporting the security incident to a cloud-based computing system.
  - 10. The system of claim 8, wherein:
    - the detecting module detects the security incident by determining that the difference between the first state and the second state is indicative of the automobile-network message having been tampered with; and
      
      the security module performs the security action by further flagging the data as having been tampered with.
  - 11. The system of claim 8, wherein:
    - the detecting module detects the security incident by determining that the difference between the first state and the second state is indicative of the automobile-network message having been collected from a replay device that replayed the automobile-network message; and
      
      the security module performs the security action by further flagging the data as having been collected from the replay device.
  - 12. The system of claim 8, wherein:
    - the detecting module detects the security incident by determining that the difference between the first state and the second state is indicative of the automobile-network message having been collected from a filtering device that filtered the automobile-network message; and
      
      the security module performs the security action by flagging the data as having been collected from the filtering device.

13. A non-transitory computer-readable medium comprising one or more computer-executable instructions that, when executed by at least one processor of a computing device, cause the computing device to:
- receive, via a logging device, data that indicates a first state of at least one attribute of an automobile at a moment in time, wherein;
  
  the data has been conveyed via an automobile-network message that was purportedly broadcast over an automobile network of the automobile; and
  
  the logging device is configured to;
  
  connect to the automobile network via a port of the automobile network; and
  
  log automobile-network messages that;
  
  are broadcast over the automobile network; and
  
  convey states of the attribute of the automobile;
  
  receive, via at least one sensor of a mobile device, additional data that indicates a second state of the same attribute of the automobile at the same moment in time, wherein the mobile device was traveling with the automobile when the automobile-network message was logged by the logging device;
  
  detect a security incident by determining that a difference between the first state and the second state is indicative of the automobile-network message having been falsified; and
  
  perform a security action by flagging the data as having been falsified.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Gen Digital Inc.
Original Assignee
Symantec Corporation (NortonLifeLock Inc.)
Inventors
Benameur, Azzedine, Shen, Yun, Evans, Nathan
Primary Examiner(s)
Mehedi, Morshed
Assistant Examiner(s)
Naghdali, Khalil

Application Number

US14/525,715
Time in Patent Office

854 Days
Field of Search

726/26
US Class Current

1/1
CPC Class Codes

G06F 21/57   Certifying or maintaining t...

G06F 21/60   Protecting data

G06F 21/64   Protecting data integrity, ...

G06F 2221/034   Test or assess a computer o...

H04L 63/0245   Filtering by information in...

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 63/1466   Active attacks involving in...

H04L 67/12   specially adapted for propr...

H04W 12/128   Anti-malware arrangements, ...

H04W 4/06   Selective distribution of b...

H04W 4/44   for communication between v...

Systems and methods for detecting discrepancies in automobile-network data

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

33 Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for detecting discrepancies in automobile-network data

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

33 Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links