Global automotive safety system

US 9,616,828 B2
Filed: 01/06/2015
Issued: 04/11/2017
Est. Priority Date: 01/06/2014
Status: Active Grant

First Claim

Patent Images

1. A system for providing security to an in-vehicle communication network, the system comprising:

a data monitoring and processing hub external to the in-vehicle network, the in-vehicle network having a bus and at least one node connected to the bus; and

at least one module selectively operable in a standard protection mode or an override mode to monitor messages in communication traffic propagating in the vehicle'"'"'s in-vehicle network, the module comprising;

a memory having software comprising data characterizing messages that the at least one node transmits and receives during normal operation of the node;

at least one communication port via which the at least one module is configured to monitor the communication traffic, the port being configured to be connected to a portion of the in-vehicle network;

a communication interface configured to support communication with the hub directly or via the at least one communication port;

a processor configured to process, responsive to the software in the memory, messages received via the at least one communication port from the portion of the in-vehicle network to;

determine an operating context for the vehicle;

identify a message in the received messages that is propagating in the in-vehicle network as an anomalous message indicative of exposure of the in-vehicle network to damage from a cyber attack based on the determined operating context of the vehicle;

determine, if operating in the override mode, whether the message identified as anomalous is designated as particular traffic by the override mode, and if so, take no action that interferes with propagation of the message, and otherwise, if operating in either the standard protection mode or the override mode, undertake an action that affects the anomalous message in real time while it is propagating towards its destination; and

transmit data responsive to the anomalous message to the hub for processing by the hub via the communication interface;

whereinthe hub is configured to process the data it receives to determine if the in-vehicle network is under threat of an imminent cyber attack, is under a cyber attack, or has vulnerability to a cyber attack, and transmit information to configure the module in the vehicle to engage the cyber attack responsive to the determination.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for providing security to an in-vehicle communication network, the system comprising: a data monitoring and processing hub; and at least one module configured to monitor messages in communication traffic propagating in a vehicle'"'"'s in-vehicle network, the network having a bus and at least one node connected to the bus, the module comprising: a communication interface configured to support communication with the hub; a memory having software comprising data characterizing messages that the at least one node transmits and receives during normal operation of the node; at least one communication port via which the module receives and transmits messages configured to be connected to a portion of the in-vehicle network; a processor that processes messages received via the port from the portion of the in-vehicle network responsive to the software in the memory to: identify an anomalous message in the received messages indicative of exposure of the in-vehicle network to damage from a cyber attack; determine an action to be taken by the module that affects the anomalous message; and transmit data responsive to the anomalous message to the hub for processing by the hub via the communication interface.

83 Citations

View as Search Results

19 Claims

1. A system for providing security to an in-vehicle communication network, the system comprising:
- a data monitoring and processing hub external to the in-vehicle network, the in-vehicle network having a bus and at least one node connected to the bus; and
  
  at least one module selectively operable in a standard protection mode or an override mode to monitor messages in communication traffic propagating in the vehicle'"'"'s in-vehicle network, the module comprising;
  
  a memory having software comprising data characterizing messages that the at least one node transmits and receives during normal operation of the node;
  
  at least one communication port via which the at least one module is configured to monitor the communication traffic, the port being configured to be connected to a portion of the in-vehicle network;
  
  a communication interface configured to support communication with the hub directly or via the at least one communication port;
  
  a processor configured to process, responsive to the software in the memory, messages received via the at least one communication port from the portion of the in-vehicle network to;
  
  determine an operating context for the vehicle;
  
  identify a message in the received messages that is propagating in the in-vehicle network as an anomalous message indicative of exposure of the in-vehicle network to damage from a cyber attack based on the determined operating context of the vehicle;
  
  determine, if operating in the override mode, whether the message identified as anomalous is designated as particular traffic by the override mode, and if so, take no action that interferes with propagation of the message, and otherwise, if operating in either the standard protection mode or the override mode, undertake an action that affects the anomalous message in real time while it is propagating towards its destination; and
  
  transmit data responsive to the anomalous message to the hub for processing by the hub via the communication interface;
  
  whereinthe hub is configured to process the data it receives to determine if the in-vehicle network is under threat of an imminent cyber attack, is under a cyber attack, or has vulnerability to a cyber attack, and transmit information to configure the module in the vehicle to engage the cyber attack responsive to the determination.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 2. The system according to claim 1 wherein the software in the memory comprises:
    - a menu of response actions that may be undertaken in response to identifying the anomalous message; and
      
      a set of matching rules that may be used as, or in establishing, a criterion for determining a response action in the menu.
  - 3. The system according to claim 2 wherein the matching rules and response actions are configured in a decision tree having branches.
  - 4. The system according to claim 3 wherein the processor is configured to traverse the decision tree responsive to software in the memory and features of the anomalous message to navigate along a branch of the decision tree that ends at the action to be undertaken by the module in response to the anomalous message.
  - 5. The system according to claim 2 wherein the response actions in the library comprise at least one or any combination of more than one response action chosen from:
    - allowing the message, blocking the message, delaying the message;
      
      limiting the frequency of the message, logging the message into a memory comprised in the module;
      
      changing a component of a state feature vector representing a state of the vehicle; and
      
      /or raising an alert responsive to the message.
  - 6. The system according to claim 2 wherein the matching rules comprise at least one or any combination of more than one matching rule chosen from:
    - determine a message ID;
      
      determine data content of the message;
      
      determine a source port of the message;
      
      determine a transmission frequency at which the message is transmitted in the portion of the in-vehicle network;
      
      determine a state of the vehicle; and
      
      /or determine a state of the in-vehicle network.
  - 7. The system according to claim 1 wherein the module is configured to switch to an override operating mode in which the processor enables an entity outside of the in-vehicle network to communicate with a node of the in-vehicle communication network.
  - 8. The system according to claim 1 wherein the processor is configured to accumulate and store in the memory data from a plurality of messages that it monitors.
  - 9. The system according to claim 8 wherein the processor is configured to transmit data comprised in the accumulated data to the hub via the communication interface.
  - 10. The system according to claim 8 wherein the processor is configured to generate at least one message frequency histogram responsive to the accumulated data and transmit the histogram to the hub via the communication interface.
  - 11. The system according to claim 8 wherein the processor is configured to transmit a query to the hub via the communication interface as to whether or not to transmit data it has accumulated to the hub.
  - 12. The system according to claim 8 wherein the hub is configured to transmit a request to the at least one module to send data that the module has generated or accumulated to the hub.
  - 13. The system according to claim 1 wherein the hub is configured to generate and transmit signals responsive to data the hub receives from the at least one module that operate to change the software in the memory.
  - 14. The system according to claim 1 wherein the at least one module comprises a plurality of modules, each of which is connected to an in-vehicle communication system of a different vehicle.
  - 15. The system according to claim 14 wherein the hub receives data from each of the plurality of modules and is configured to generate and transmit signals responsive to the data that operate to change the software in at least one of the plurality of modules.
  - 16. The system according to claim 14 wherein the hub determines a common operating state for two or more vehicles of the plurality of vehicles responsive to the data that the hub receives from their respective at least one module.
  - 17. The system according to claim 16 wherein the hub is configured to determine that the two or more vehicles are under threat of an imminent cyber attack, are under a cyber attack, or have vulnerability to a cyber attack responsive to the common operating state.
  - 18. The system according to claim 17 wherein the system comprises a display screen and the hub is configured to generate a visual display on the screen that shows a number of anomalous messages as a function of time and/or geographical area of their appearance.
  - 19. The system according to claim 1 wherein the module has a physical form factor of an OBD dongle.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Argus Cyber Security Ltd. (Continental AG)
Original Assignee
Argus Cyber Security Ltd. (Continental AG)
Inventors
Ben Noon, Ofer, Galula, Yaron, Lavi, Oron
Primary Examiner(s)
Tolentino, Roderick

Application Number

US14/590,022
Publication Number

US 20150195297A1
Time in Patent Office

826 Days
Field of Search

726 22- 30
US Class Current
CPC Class Codes

B60R 16/023   for transmission of signals...

B60R 25/00   Fittings or systems for pre...

G06F 11/30   Monitoring

G06F 21/55   Detecting local intrusion o...

G06F 21/554   involving event detection a...

G06F 21/606   by securing the transmissio...

G06F 21/6281   at program execution time, ...

H04L 12/4625   Single bridge functionality...

H04L 2012/40215   Controller Area Network CAN

H04L 2012/40273   the transportation system b...

H04L 63/0227   Filtering policies mail mes...

H04L 63/123   received data contents, e.g...

H04L 63/14   for detecting or protecting...

H04L 63/1408   by monitoring network traff...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 63/1441   Countermeasures against mal...

H04L 67/12   specially adapted for propr...

Global automotive safety system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

83 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Global automotive safety system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

83 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links