Monitoring 'side channels' to detect vehicle hacks
- By Patrick Marshall
- May 23, 2018
As vehicles get smarter -- with computers monitoring and controlling onboard systems from turn signals to brakes -- the potential for hackers to co-opt those systems and cause damage increases.
That’s especially true because a vehicle's controller-area network bus, which allows microcontrollers and devices to communicate with each other, was not designed with security in mind. Messages that cross a CAN bus are not encrypted or otherwise protected, making it relatively easy for a hacker to insert commands to control a vehicle.
HRL Laboratories, a research company in Culver City, Calif., is under contract with the Department of Homeland Security to develop a method of detecting intrusions into a vehicle's CAN bus. In addition to analyzing data transiting the CAN bus, HRL detects signs of intrusion by looking for revealing changes in the vehicle’s “side-channels” — the power, thermal or electromagnetic emissions from various vehicle devices.
“The notion is that an attacker who modifies the code within the computer is going to cause alterations to the side channels that they will not be able to control very well,” said David Payton, principal research scientist at HRL. By monitoring, say, power fluctuations to the turn signals or brakes and comparing those patterns to what the CAN bus says is going on, he said, researchers can see “what a vehicle is actually doing and compare that with what the vehicle’s software claims it is doing.”
The key value of monitoring the match between the vehicle’s computers and side-channels data about what is actually going on is that the latter is nearly impossible for a hacker to control. A mismatch indicates that a hacker may have taken control.
“We foresee the possibility to incorporate side-channel monitoring as an added cyber-security provision for all types of vehicles, but it may especially be appropriate for security-enhanced vehicles for first responders, VIPs and diplomats,” Payton said.
Payton’s team is working only on the intrusion-detection side of things. What to do once an intrusion is detected is a matter of debate. “Some people argue that the last thing you want to do is disable the vehicle completely because it then becomes an easier target,” Payton said. “I could get you to pull over to the side of the road to attack you just by causing your intrusion system to go off.” At the same time, just tripping a warning light is probably not enough, since people often ignore warning lights. Payton suggested the answer might be some sort of “safe mode” that is triggered when an intrusion is detected and that lets secure, if less-full-featured, backup systems kick in.
Another hurdle the team faces is that CAN bus is a technology that hasn’t been fully standardized. “From one model to the next -- and even within a model -- sometimes different components are used,” Payton noted. The good news is that the system the HRL team is developing is easy to recalibrate.
Finally, the team is still working on methods to filter out noise in its detection of side-channel emissions that can trigger false positives. “As with any system where false positives are possible, we can filter these events and reduce the probability of creating an inconvenience to the vehicle occupants by having a high threshold for repeated detections before signaling a warning,” Payton said. “One method is to ensure a good match between side-channel signals and the vehicle’s CAN bus. We can do this by ensuring that we selectively match to CAN bus states that have a high degree of consistency with the states derived from side-channel signals.”
Moving ahead, the HRL team plans to collect data from different vehicles models to test the consistency of side-channel signals during operation. The team also plans to explore the application of the side-channel technology to other applications, including medical devices and aircraft.
Patrick Marshall is a freelance technology writer for GCN.