On board vehicle network security

US 9,173,100 B2
Filed: 03/14/2013
Issued: 10/27/2015
Est. Priority Date: 11/16/2011
Status: Active Grant

First Claim

Patent Images

1. A vehicle, comprising:

a plurality of on board computational components;

a first security mechanism to enforce a security measure and form a perimeter network logically including the plurality of on board computational components; and

a microprocessor executable network controller operable to (i) detect an instance of a breach of the security measure, (ii) determine whether a computational component affected by the instance of a breach of the security measure can be isolated from at least one on board computational component not affected by or potentially affected by the instance of a breach of the security measure, and (iii) when the computational component affected by the instance of a breach of the security measure can be isolated from the at least one on board computational component not affected by or potentially affected by the instance of a breach of the security measure, at least one of (a) isolate the at least one on board computational component not affected by or potentially affected by the instance of a breach of a security measure from the computational component affected by the instance of a breach of a security measure and (b) isolate the computational component affected by the instance of a breach of a security measure from the at least one on board computational component not affected by or potentially affected by the instance of a breach of a security measure, wherein the isolation is one or more of;

(1) denying vehicular wireless network access to the computational component affected by the instance of a breach of a security measure, (2) directing communications to and from the computational component affected by the instance of a breach of a security measure to a firewall and/or gateway to enforce a security measure, (3) blocking communications to and from the computational component affected by the instance of a breach of a security measure, and (4) activating a second security mechanism in response to the instance of a breach of a security measure.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present disclosure describes a microprocessor executable network controller operable to at least one of (a) isolate at least one other on board computational component in a vehicular wireless network not affected by a security breach event from a computational component affected by the security breach event and (b) isolate an on board computational component in the vehicular wireless network and affected by the security breach event from the at least one other on board computational component not affected by the security breach event.

239 Citations

24 Claims

1. A vehicle, comprising:
- a plurality of on board computational components;
  
  a first security mechanism to enforce a security measure and form a perimeter network logically including the plurality of on board computational components; and
  
  a microprocessor executable network controller operable to (i) detect an instance of a breach of the security measure, (ii) determine whether a computational component affected by the instance of a breach of the security measure can be isolated from at least one on board computational component not affected by or potentially affected by the instance of a breach of the security measure, and (iii) when the computational component affected by the instance of a breach of the security measure can be isolated from the at least one on board computational component not affected by or potentially affected by the instance of a breach of the security measure, at least one of (a) isolate the at least one on board computational component not affected by or potentially affected by the instance of a breach of a security measure from the computational component affected by the instance of a breach of a security measure and (b) isolate the computational component affected by the instance of a breach of a security measure from the at least one on board computational component not affected by or potentially affected by the instance of a breach of a security measure, wherein the isolation is one or more of;
  
  (1) denying vehicular wireless network access to the computational component affected by the instance of a breach of a security measure, (2) directing communications to and from the computational component affected by the instance of a breach of a security measure to a firewall and/or gateway to enforce a security measure, (3) blocking communications to and from the computational component affected by the instance of a breach of a security measure, and (4) activating a second security mechanism in response to the instance of a breach of a security measure.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The vehicle of claim 1, wherein the security breach instance is one or more of an instance of a virus, malware, unauthorized access, misuse, modification, denial-of-service attack, spoofing, man-in-the-middle attack, ARP poisoning, smurf attack, buffer overflow, heap overflow, format string attack, SQL injection, identity theft (or MAC spoofing), network injection, caffe latte attack, or denial of a computer network and/or network-accessible resource, wherein the network controller receives a warning signal associated with the security breach instance from a gateway, a firewall, a honeypot, a network node impacted by the security breach instance, and a network probe, and wherein the first security mechanism is one or more of:
    - encryption, checks on MAC addresses, disabling ESSID broadcasting, isolating the vehicular network by a firewall and/or gateway, hiding the SSID (Service Set Identifier), MAC ID filtering, static IP addressing , IEEE 802.11, 802.11i, and/or 802.1x security, use of the wired equivalent privacy encryption, TKIP, EAP, LEAP, PEAP, WPAv 1, and/or WPAv2 protocols, end-to-end encryption, and RF shielding substantially surrounding an interior of the vehicle to attenuate signals and prevent wireless signals from propagating outside the vehicle.
  - 3. The vehicle of claim 2, wherein the computational component affected by the security breach instance is an on board computational component, wherein the at least one board computational component is one or more of an on-board sensor, processing module, software application, expansion module, critical device, non-critical device, and cellular upgrade module, and wherein the computational component affected by the security breach instance and the at least one on board computational component are both within a perimeter network of the vehicle.
  - 4. The vehicle of claim 2, wherein the computational component affected by the security breach instance is outside of a perimeter network of the vehicle containing the at least one on board computational component and wherein the at least one board computational component is one or more of an on board sensor, a media controller, a gateway, a firewall, a processing module, a network controller, an input/output system, a display controller, an audio controller, an arbitration module, a health check module, a critical system controller, a non-critical system controller, an on board sensor monitor, a displayed object movement module, a diagnostic module, a media filter, a network selector, a remote control module, a computational module selector, an expansion module, an application, and a plug-in module.
  - 5. The vehicle of claim 1, wherein the computational component affected by the security breach instance is outside of a perimeter network of the vehicle containing the at least one on board computational component and wherein the microprocessor executable network controller analyzes the security breach instance by one or more of reviewing historical behavior and comparing the behavior to templates characteristic of differing types of attacks and/or applying rules to the historical behavior and updating firewall settings to protect against a further security breach instance.
  - 6. The vehicle of claim 1, wherein the computational component affected by the security breach instance is an external computational device and wherein the at least one on board computational component not affected by the security breach instance is isolated from the external computational device by the vehicular wireless network denying vehicular wireless network access by the external computational component.
  - 7. The vehicle of claim 1, wherein at least one of the following is true about the isolation:
    - communications between the at least one on board computational component in a vehicular wireless network not affected by the security breach instance and the computational component affected by the security breach instance, the communications not normally passing through a gateway and/or firewall are redirected through and filtered by the gateway and/or firewall and communications between the at least one on board computational component in a vehicular wireless network not affected by the security breach instance and the computational component affected by the security breach instance are blocked in whole or part.
  - 8. The vehicle of claim 1, wherein the at least one computational component is inside of a perimeter network of the vehicle, wherein the at least one on board computational component in a vehicular wireless network not affected by the security breach instance is a critical component, wherein the computational component affected by the security breach instance is a node on the vehicular wireless network and physically and/or logically positioned outside of but interiorly and/or internally to the perimeter network, and wherein isolation is effected by enabling a critical communication security mechanism that is one or more of encryption of access restrictions in the at least one on board computational component in a vehicular wireless network, disabling ESSID broadcasting, hiding the SSID, performing MAC ID filtering, performing static IP addressing, implementing IEEE 802.11, 802.11i, and/or 802.1x security, using wired equivalent privacy encryption, using one or more of TKIP, EAP, LEAP, PEAP, WPAv 1,and/or WPAv2 protocols, and using end-to-end encryption.

9. A method, comprising:
- in a vehicle comprising a plurality of on board computational components, a first security mechanism to enforce security measure and form a perimeter network logically including the plurality of on board computational components, and a microprocessor executable network controller, the microprocessor executable network controller identifying a possible security breach instance;
  
  in response, the microprocessor executable network controller determining whether a computational component affected by the possible security breach instance can be isolated from at least one on board computational component not affected by or potentially affected by the possible security breach instance; and
  
  when the computational component affected by the possible security breach instance can be isolated from the at least one on board computational component not affected by or potentially affected by the possible security breach instance, the microprocessor executable network controller at least one of (a) isolating the at least one on board computational component not affected by or potentially affected by the possible security breach instance from the computational component affected by the possible security breach instance and (b) isolating the computational component affected by the possible security breach instance from the at least one on board computational component not affected by or potentially affected by the possible security breach instance, wherein the isolation is one or more of;
  
  (1) denying vehicular wireless network access to the computational component affected by the possible security breach instance, (2) directing communications to and from the computational component affected by the possible security breach instance to a firewall and/or gateway to enforce a security measure, (3) blocking communications to and from the computational component affected by the possible security breach instance, and (4) activating a second security mechanism in response to the possible security breach instance.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The method of claim 9, wherein the security breach instance is one or more of an instance of a virus, malware, unauthorized access, misuse, modification, denial-of-service attack, spoofing, man-in-the-middle attack, ARP poisoning, smurf attack, buffer overflow, heap overflow, format string attack, SQL injection, identity theft (or MAC spoofing), network injection, caffe latte attack, or denial of a computer network and/or network-accessible resource, wherein the network controller receives a warning signal associated with the security breach instance from a gateway, a firewall, a honeypot, a network node impacted by the security breach instance, and a network probe, and wherein the first security mechanism is one or more of:
    - encryption, checks on MAC addresses, disabling ESSID broadcasting, isolating the vehicular network by a firewall and/or gateway, hiding the SSID (Service Set Identifier), MAC ID filtering, static IP addressing , IEEE 802.11, 802.11i, and/or 802.1x security, use of the wired equivalent privacy encryption, TKIP, EAP, LEAP, PEAP, WPAv 1, and/or WPAv2 protocols, end-to-end encryption, and RF shielding substantially surrounding an interior of the vehicle to attenuate signals and prevent wireless signals from propagating outside the vehicle.
  - 11. The method of claim 10, wherein the computational component affected by the security breach instance is an on board computational component, wherein the at least one board computational component is one or more of an on-board sensor, processing module, software application, expansion module, critical device, non-critical device, and cellular upgrade module, and wherein the computational component affected by the security breach instance and the at least one on board computational component are both within a perimeter network of the vehicle.
  - 12. The method of claim 10, wherein the computational component affected by the security breach instance is outside of a perimeter network of the vehicle containing the at least one on board computational component and wherein the at least one board computational component is one or more of an on board sensor, a media controller, a gateway, a firewall, a processing module, a network controller, an input/output system, a display controller, an audio controller, an arbitration module, a health check module, a critical system controller, a non-critical system controller, an on board sensor monitor, a displayed object movement module, a diagnostic module, a media filter, a network selector, a remote control module, a computational module selector, an expansion module, an application, and a plug-in module.
  - 13. The method of claim 9, wherein the computational component affected by the security breach instance is outside of a perimeter network of the vehicle containing the at least one on board computational component and wherein the microprocessor executable network controller detects a possible security breach instance by one or more of reviewing historical behavior and comparing the behavior to templates characteristic of differing types of attacks and/or applying rules to the historical behavior and updating firewall settings to protect against a further security breach instance.
  - 14. The method of claim 9, wherein the computational component affected by the security breach instance is an external computational device and wherein the at least one on board computational component not affected by the security breach instance isolation is isolated from the external computational device by the vehicular wireless network denying vehicular wireless network access by the external computational component.
  - 15. The method of claim 9, wherein at least one of the following is true about the isolation:
    - communications between the at least one on board computational component in a vehicular wireless network not affected by the security breach instance and the computational component affected by the security breach instance, the communications not normally passing through a gateway and/or firewall are redirected through and filtered by the gateway and/or firewall and communications between the at least one on board computational component in a vehicular wireless network not affected by the security breach instance and the computational component affected by the security breach instance are blocked in whole or part.
  - 16. The method of claim 9, wherein the at least one computational component is inside of a perimeter network of the vehicle, wherein the at least one on board computational component in a vehicular wireless network not affected by the security breach instance is a critical component, wherein the computational component affected by the security breach instance is a node on the vehicular wireless network and physically and/or logically positioned outside of but interiorly and/or internally to the perimeter network, and wherein isolation is effected by enabling a critical communication security mechanism that is one or more of encryption of access restrictions in the at least one on board computational component in a vehicular wireless network, disabling ESSID broadcasting, hiding the SSID, performing MAC ID filtering, performing static IP addressing, implementing IEEE 802.11, 802.11i, and/or 802.1x security, using wired equivalent privacy encryption, using one or more of TKIP, EAP, LEAP, PEAP, WPAv 1,and/or WPAv2 protocols, and using end-to-end encryption.

17. In a vehicle comprising a plurality of on board computational components, a non-transient, tangible computer readable medium comprising a first security mechanism to enforce security measure and form a perimeter network logically including the plurality of on board computational components and a microprocessor executable network controller on board a selected vehicle that, when executed, detects an instance of a breach of the security measure, determines whether a computational component affected by the instance of a breach of the security measure can be isolated from at least one on board computational component not affected by or potentially affected by the instance of a breach of the security measure, and, when the computational component affected by the instance of a breach of the security measure can be isolated from the at least one on board computational component not affected by or potentially affected by the instance of a breach of the security measure, and at least one of isolates the at least one on board computational component not affected by or potentially affected by the instance of a breach of the security measure from the computational component affected by the instance of a breach of the security measure isolates the computational component affected by the instance of a breach of a security measure from the at least one on board computational component not affected by or potentially affected by the instance of a breach of the security measure, wherein the isolation is one or more of:
- (1) denying vehicular wireless network access to the computational component affected by the instance of a breach of the security measure, (2) directing communications to and from the computational component affected by the instance of a breach of the security measure to a firewall and/or gateway to enforce a security measure, (3) blocking communications to and from the computational component affected by the instance of a breach of the security measure, and (4) activating a second security mechanism in response to the instance of a breach of the security measure.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
- - 18. The computer readable medium of claim 17, wherein the security breach instance is one or more of an instance of a virus, malware, unauthorized access, misuse, modification, denial-of-service attack, spoofing, man-in-the-middle attack, ARP poisoning, smurf attack, buffer overflow, heap overflow, format string attack, SQL injection, identity theft (or MAC spoofing), network injection, caffe latte attack, or denial of a computer network and/or network-accessible resource and wherein the network controller receives a warning signal associated with the security breach instance from a gateway, a firewall, a honeypot, a network node impacted by the security breach instance, and a network probe, and wherein the first security mechanism is one or more of:
    - encryption, checks on MAC addresses, disabling ESSID broadcasting, isolating the vehicular network by a firewall and/or gateway, hiding the SSID (Service Set Identifier), MAC ID filtering, static IP addressing , IEEE 802.11, 802.11i, and/or 802.1x security, use of the wired equivalent privacy encryption, TKIP, EAP, LEAP, PEAP, WPAv 1, and/or WPAv2 protocols, end-to-end encryption, and RF shielding substantially surrounding an interior of the vehicle to attenuate signals and prevent wireless signals from propagating outside the vehicle.
  - 19. The computer readable medium of claim 18, wherein the computational component affected by the security breach instance is an on board computational component, wherein the at least one on board computational component is one or more of an on-board sensor, processing module, software application, expansion module, critical device, non-critical device, and cellular upgrade module, and wherein the computational component affected by the security breach instance and the at least one on board computational component are both within a perimeter network of the vehicle.
  - 20. The computer readable medium of claim 18, wherein the computational component affected by the security breach instance is outside of a perimeter network of the vehicle containing the at least one on board computational component and wherein the at least one on board computational component is one or more of an on board sensor, a media controller, a gateway, a firewall, a processing module, a network controller, an input/output system, a display controller, an audio controller, an arbitration module, a health check module, a critical system controller, a non-critical system controller, an on board sensor monitor, a displayed object movement module, a diagnostic module, a media filter, a network selector, a remote control module, a computational module selector, an expansion module, an application, and a plug-in module.
  - 21. The computer readable medium of claim 17, wherein the computational component affected by the security breach instance is outside of a perimeter network of the vehicle containing the at least one on board computational component and wherein the microprocessor executable network controller detects a possible security breach instance by one or more of reviewing historical behavior and comparing the behavior to templates characteristic of differing types of attacks and/or applying rules to the historical behavior and updating firewall settings to protect against a further security breach instance.
  - 22. The computer readable medium of claim 17, wherein the computational component affected by the security breach instance is an external computational device and wherein the at least one on board computational component not affected by the security breach instance is isolated from the external computational device by the vehicular wireless network denying vehicular wireless network access by the external computational component.
  - 23. The computer readable medium of claim 17, wherein at least one of the following is true about the isolation:
    - communications between the at least one on board computational component in a vehicular wireless network not affected by the security breach instance and the computational component affected by the security breach instance, the communications not normally passing through a gateway and/or firewall are redirected through and filtered by the gateway and/or firewall and communications between the at least one on board computational component in a vehicular wireless network not affected by the security breach instance and the computational component affected by the security breach instance are blocked in whole or part.
  - 24. The computer readable medium of claim 17, wherein the at least one computational component is inside of a perimeter network of the vehicle, wherein the at least one on board computational component in a vehicular wireless network not affected by the security breach instance is a critical component, wherein the computational component affected by the security breach instance is a node on the vehicular wireless network and physically and/or logically positioned outside of but interiorly and/or internally to the perimeter network, and wherein isolation is effected by enabling a critical communication security mechanism that is one or more of encryption of access restrictions the at least one other on board computational component in a vehicular wireless network, disabling ESSID broadcasting, hiding the SSID, performing MAC ID filtering, performing static IP addressing, implementing IEEE 802.11, 802.11i, and/or 802.1x security, using wired equivalent privacy encryption, using one or more of TKIP, EAP, LEAP, PEAP, WPAv 1, and/or WPAv2 protocols, and using end-to-end encryption.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
AutoConnect Holdings LLC
Original Assignee
AutoConnect Holdings LLC
Inventors
Ricci, Christopher P.
Primary Examiner(s)
Mehrmanesh, Amir

Application Number

US13/828,960
Publication Number

US 20130227648A1
Time in Patent Office

957 Days
Field of Search

726 2- 30, 701/1, 701/24, 701/31.4, 701/31.5, 701/32.6, 701/486, 709227-232
US Class Current

1/1
CPC Class Codes

G06F 11/0739   in a data processing system...

G06F 11/0748   in a remote unit communicat...

G06F 11/079   Root cause analysis, i.e. e...

G06F 11/1675   Temporal synchronisation or...

G06F 11/2023   Failover techniques

G06F 11/2035   without idle spare hardware

G06F 11/2038   with a single idle spare pr...

G06F 21/85   interconnection devices, e....

G06F 2201/81   Threshold

G06F 2221/2149   Restricted operating enviro...

G06F 3/0484   for the control of specific...

G06F 3/0488   using a touch-screen or dig...

H04L 2012/40215   Controller Area Network CAN

H04L 2012/40273   the transportation system b...

H04L 63/02   for separating internal fro...

H04L 63/1441   Countermeasures against mal...

H04L 67/12   specially adapted for propr...

H04W 12/088   using filters or firewalls

H04W 12/122   Counter-measures against at...

H04W 12/125   Protection against power ex...

H04W 12/126 : Anti-theft arrangements, e....

H04W 12/128 : Anti-malware arrangements, ...

View All

On board vehicle network security

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

239 Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

On board vehicle network security

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

239 Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links