Bus watchman

US 9,840,212 B2
Filed: 01/06/2015
Issued: 12/12/2017
Est. Priority Date: 01/06/2014
Status: Active Grant

First Claim

Patent Images

1. A module for providing security to an in-vehicle communication network having a bus and at least one node connected to the bus, the module comprising:

at least one memory having data characterizing messages that the at least one node transmits and receives via the bus during normal operation of the node;

a communication port via which the module receives and transmits messages, the port being configured to be connected to a portion of the in-vehicle network; and

a processor that processes, responsive to the data characterizing messages in the at least one memory, messages received via the port from the portion of the in-vehicle network to;

determine a measure of vehicle health responsive to the data characterizing the messages;

identify, responsive to the measure of vehicle health, an anomalous message in the received messages indicative of exposure of the in-vehicle network to damage from a cyber attack; and

cause the module to transmit at least one signal via the port to the portion of the in-vehicle network that alters the anomalous message so that the at least one node will discard the anomalous message.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A module for providing security to an in-vehicle communication network comprising at least one node, the module being operative to identify an anomalous message in the network indicative of exposure of the in-vehicle network to damage from a cyber attack and transmit at least one signal that alters the anomalous message so that the at least one node will discard it.

Citations

20 Claims

1. A module for providing security to an in-vehicle communication network having a bus and at least one node connected to the bus, the module comprising:
- at least one memory having data characterizing messages that the at least one node transmits and receives via the bus during normal operation of the node;
  
  a communication port via which the module receives and transmits messages, the port being configured to be connected to a portion of the in-vehicle network; and
  
  a processor that processes, responsive to the data characterizing messages in the at least one memory, messages received via the port from the portion of the in-vehicle network to;
  
  determine a measure of vehicle health responsive to the data characterizing the messages;
  
  identify, responsive to the measure of vehicle health, an anomalous message in the received messages indicative of exposure of the in-vehicle network to damage from a cyber attack; and
  
  cause the module to transmit at least one signal via the port to the portion of the in-vehicle network that alters the anomalous message so that the at least one node will discard the anomalous message.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. The module according to claim 1 wherein the in-vehicle network is a CAN in-vehicle network and the received messages are control area network (CAN) messages comprising an arbitration ID, a data portion, and a cyclic redundancy check (CRC) code.
  - 3. The module according to claim 2 wherein the at least one signal that the module transmits comprises at least one CAN dominant bit.
  - 4. The module according to claim 3 wherein the at least one CAN dominant bit comprises at least six consecutive dominant bits transmitted during propagation of the anomalous message in the portion of the in-vehicle network.
  - 5. The module according to claim 3 wherein the at least one CAN dominant bit comprises at least one dominant bit transmitted during propagation of the CRC code during propagation of the anomalous message in the portion of the in-vehicle network.
  - 6. The module according to claim 1 wherein the data in the at least one memory comprises:
    - a menu of response actions that may be undertaken in response to identifying the anomalous message; and
      
      a set of matching rules that may be used as, or in establishing, a criterion for determining a response action in the menu;
      
      wherein the menu of response actions includes transmitting at least one signal via the port to the portion of the in-vehicle network that alters the anomalous message so that the at least one node will discard it.
  - 7. The module according to claim 6 wherein the matching rules and response actions are configured in a decision tree having branches.
  - 8. The module according to claim 7 wherein the processor is configured to traverse the decision tree responsive to features of the anomalous message and navigate along a branch of the decision tree that ends at the action to be undertaken by the module in response to the anomalous message.
  - 9. The module according to claim 1 wherein the module is a hardware module comprising a physical port configured to be connected to the portion of the in-vehicle network.
  - 10. The module according to claim 1 wherein the module is a software module that may be integrated with software of the at least one node of the in-vehicle network.
  - 11. The module according to claim 1 and comprising a communication interface configured to support communication with entities outside of the module.
  - 12. A system for providing security to an in-vehicle communication network, the system comprising:
    - a data monitoring and processing hub; and
      
      at least one module according to claim 11 that communicates with the hub to transmit data responsive to the anomalous message and the vehicle health data for processing by the hub via the communication interface.
  - 13. The module according to claim 9 wherein the hardware module has a physical form factor of an OBD dongle.
  - 14. The module according to claim 13 wherein the dongle has at least first and second communication ports.
  - 15. The module according to claim 14 wherein the dongle is configured to operate as a filter that filters messages it receives via the first or second port to allow a selection but not all of the received messages to propagate to, respectively, the second or first port.
  - 16. The module according to claim 1 and comprising a physical switch that may be operated to select an operating mode of the module.

17. A method of providing security to an in-vehicle communication network having a bus and at least one node connected to the bus, the method comprising:
- monitoring messages in communication traffic propagating in a portion of the in-vehicle network;
  
  determining a measure of vehicle health responsive to data characterizing the monitored messages;
  
  identifying an anomalous message in the monitored messages indicative of exposure of the in-vehicle network to damage from a cyber attack responsive to the measure of vehicle health; and
  
  transmitting at least one signal to the portion of the in-vehicle network that alters the anomalous message so that the at least one node will discard the anomalous message.
- View Dependent Claims (18, 19, 20)
- - 18. The method according to claim 17 wherein the in-vehicle network is a CAN in-vehicle network and the received messages are CAN messages comprising an arbitration ID, a data portion, and a cyclic redundancy check (CRC) code and wherein the at least one signal comprises at least one CAN dominant bit.
  - 19. The method according to claim 18 wherein the at least one CAN dominant bit comprises at least six consecutive dominant bits transmitted during propagation of the anomalous message in the portion of the in-vehicle network.
  - 20. The method according to claim 18 wherein the at least one CAN dominant bit comprises at least one dominant bit transmitted during propagation of the CRC code.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Argus Cyber Security Ltd. (Continental AG)
Original Assignee
Argus Cyber Security Ltd. (Continental AG)
Inventors
Ben Noon, Ofer, Galula, Yaron, Lavi, Oron
Primary Examiner(s)
To, Tuan C

Application Number

US14/590,027
Publication Number

US 20150191135A1
Time in Patent Office

1,071 Days
Field of Search
US Class Current
CPC Class Codes

B60R 16/023   for transmission of signals...

B60R 25/00   Fittings or systems for pre...

G06F 11/30   Monitoring

G06F 21/55   Detecting local intrusion o...

G06F 21/554   involving event detection a...

G06F 21/606   by securing the transmissio...

G06F 21/6281   at program execution time, ...

H04L 12/4625   Single bridge functionality...

H04L 2012/40215   Controller Area Network CAN

H04L 2012/40273   the transportation system b...

H04L 63/0227   Filtering policies mail mes...

H04L 63/123   received data contents, e.g...

H04L 63/14   for detecting or protecting...

H04L 63/1408   by monitoring network traff...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 63/1441   Countermeasures against mal...

H04L 67/12   specially adapted for propr...

Bus watchman

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Bus watchman

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links