System and method for detecting OBD-II CAN BUS message attacks

US 9,703,955 B2
Filed: 07/16/2015
Issued: 07/11/2017
Est. Priority Date: 07/17/2014
Status: Active Grant

First Claim

Patent Images

1. A method for detecting security attacks against a vehicle via the vehicle'"'"'s OBD-II (On-Board Diagnostics II) port, the method comprising:

at an OBD-II CAN (Controller Area Network) message screening system, wherein the OBD-II CAN message screening system is electrically coupled to the vehicle via the OBD-II port;

establishing an OBD-II CAN inbound message whitelist and an OBD-II CAN outbound message blacklist;

in response to receiving an inbound CAN message from a device external to the vehicle, updating statistics of the inbound CAN message and comparing the inbound CAN message with the OBD-II CAN message whitelist;

forwarding the inbound CAN message to the vehicle via the vehicle'"'"'s OBD-II port when the inbound CAN message appears in the OBD-II CAN message whitelist;

in response to receiving an outbound CAN message from the vehicle, updating statistics of the outbound CAN message and comparing the outbound CAN message with the OBD-II CAN message blacklist; and

forwarding the CAN message to an external device via the vehicle'"'"'s OBD-II port when the CAN message does not appear in the OBD-II CAN message blacklist.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present application discloses method and system for detecting potential security attacks against a vehicle networking through an OBD-II port. The system establishes an inbound OBD-II CAN message whitelist and an outbound OBD-II CAN message blacklist, respectively. Upon receipt of a CAN message command, the system updates statistics for the command and determines whether the command is inbound or outbound. In response to an inbound command from a device external to the vehicle, the system compares the inbound command with the whitelist and forwards the inbound CAN message command to the vehicle via the vehicle'"'"'s OBD-II port when inbound command appears in the whitelist. In response to an outbound CAN message command from the vehicle, the system compares the outbound command with the blacklist and prevents the outbound command from being sent to an external vehicle via the vehicle'"'"'s OBD-II port when the outbound command appears in the blacklist.

15 Citations

View as Search Results

15 Claims

1. A method for detecting security attacks against a vehicle via the vehicle'"'"'s OBD-II (On-Board Diagnostics II) port, the method comprising:
- at an OBD-II CAN (Controller Area Network) message screening system, wherein the OBD-II CAN message screening system is electrically coupled to the vehicle via the OBD-II port;
  
  establishing an OBD-II CAN inbound message whitelist and an OBD-II CAN outbound message blacklist;
  
  in response to receiving an inbound CAN message from a device external to the vehicle, updating statistics of the inbound CAN message and comparing the inbound CAN message with the OBD-II CAN message whitelist;
  
  forwarding the inbound CAN message to the vehicle via the vehicle'"'"'s OBD-II port when the inbound CAN message appears in the OBD-II CAN message whitelist;
  
  in response to receiving an outbound CAN message from the vehicle, updating statistics of the outbound CAN message and comparing the outbound CAN message with the OBD-II CAN message blacklist; and
  
  forwarding the CAN message to an external device via the vehicle'"'"'s OBD-II port when the CAN message does not appear in the OBD-II CAN message blacklist.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, further comprising:
    - when the inbound CAN message is not found in the OBD-II CAN message whitelist;
      
      sending alerts to a mobile application via a wireless communication channel when the updated statistics meets a predefined threshold.
  - 3. The method of claim 2, wherein the statistics of the inbound CAN message includes transmission frequency information by which the inbound CAN message is received.
  - 4. The method of claim 2, wherein the wireless communication channel is one of a WiFi, 3G, 4G or Bluetooth communication channel.
  - 5. The method of claim 1, further comprising:
    - when the inbound CAN message is not found in the OBD-II CAN message whitelist, sending alerts to a mobile application via a wireless communication channel.
  - 6. The method of claim 1, further comprising:
    - when the outbound CAN message is not found in the OBD-II CAN message blacklist;
      
      sending alerts to a mobile application via a wireless communication channel when the updated statistics meets a predefined threshold.
  - 7. The method of claim 6, wherein the statistics of the outbound CAN message includes transmission frequency information by which the outbound CAN message is received.
  - 8. The method of claim 1, wherein the device external to the vehicle is a smartphone that is wirelessly coupled to the OBD-II CAN message screening system or a vehicle diagnostic device that is coupled to the OBD-II CAN message screening system.

9. An OBD-II (On-Board Diagnostics II) CAN (Controller Area Network) message screening system comprising:
- an MCU (Micro Controller Unit); and
  
  memory that is electrically coupled to the MCU, wherein the memory stores an inbound OBD-II CAN message whitelist and an outbound OBD-II CAN message blacklist and a plurality of program modules executed by the MCU, and the plurality of program modules further include a CAN message processing module, a communication module, and a message statistic module;
  
  wherein;
  
  the MCU is configured to transmit an inbound OBD-II CAN message received by the communication module to the CAN message processing module and the message statistic module, respectively;
  
  the message statistic module is configured to update statistics of the inbound CAN message command and report the updated statistics to the MCU;
  
  the CAN message processing module is configured to determine whether the inbound OBD-II CAN message appears in the inbound OBD-II CAN message whitelist and report the determination to the MCU; and
  
  the MCU is configured to forward the inbound OBD-II CAN message to a vehicle coupled to the OBD-II CAN message screening system via an OBD-II port in accordance with the determination and the updated statistics;
  
  in response to receiving an outbound CAN message from the vehicle;
  
  the message statistic module is configured to update statistics of the outbound CAN message and report the updated statistics to the MCU;
  
  the CAN message processing module is configured to determine whether the outbound OBD-II CAN message appears in the outbound OBD-II CAN message blacklist and report the determination to the MCU; and
  
  the MCU is configured to forward the outbound OBD-II CAN message to an external device coupled to the OBD-II CAN message screening system via the OBD-II port in accordance with the determination and the updated statistics.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The system of claim 9, wherein, when the CAN message is found in the OBD-II CAN message whitelist, the MCU is configured to send alerts to a mobile application via a wireless communication channel when the updated statistics meets a predefined threshold.
  - 11. The system of claim 10, wherein the statistics of the CAN message includes transmission frequency information by which the CAN message is received.
  - 12. The system of claim 10, wherein the wireless communication channel is one of a WiFi, 3G, 4G or Bluetooth communication channel.
  - 13. The system of claim 9, wherein the device external to the vehicle is a smartphone that is wirelessly coupled to the OBD-II CAN message screening system or a vehicle diagnostic device that is coupled to the OBD-II CAN message screening system.
  - 14. The system of claim 9, wherein the OBD-II port is a 16-pin OBD-II physical interface.
  - 15. The system of claim 9, wherein the MCU is configured to send alerts to a mobile application via a wireless communication channel when the inbound CAN message is not found in the OBD-II CAN message whitelist.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
VisualThreat Inc.
Original Assignee
VisualThreat Inc.
Inventors
Peng, Kai, Pan, JunWu, Yan, Wei
Primary Examiner(s)
Dolly, Kendall

Application Number

US14/801,582
Publication Number

US 20160021127A1
Time in Patent Office

726 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/554   involving event detection a...

G06F 21/85   interconnection devices, e....

G06F 2221/034   Test or assess a computer o...

H04L 63/101   Access control lists [ACL]

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1425   Traffic logging, e.g. anoma...

H04W 12/08   Access security

H04W 12/12   Detection or prevention of ...

H04W 12/128   Anti-malware arrangements, ...

System and method for detecting OBD-II CAN BUS message attacks

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

15 Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for detecting OBD-II CAN BUS message attacks

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

15 Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links