Some attacks against vehicles' passive entry security systems and their solutions

Recently, several companies have introduced passive entry systems for automotive applications. These systems are intended to increase user comfort by eliminating the requirement that the user has to reach for the customer identification device (CID), a credit card like tool, to gain access to the vehicle compartment. While this extra level of comfort is a desirable feature, especially in luxury vehicles, it introduces several key attacks against the system. This paper describes several techniques of potential attacks against the passive entry system and proposes solutions to protect the vehicle from such attacks.     

A secure multifactor remote user authentication scheme for Internet of Multimedia Things environment

To attain ubiquitous connectivity of everything, Internet of Things (IoT) systems must include “multimedia things.” Internet of Multimedia Things (IoMT) is a heterogeneous network of smart multimedia things connected together and with other physical devices to the Internet so as to achieve globally available multimedia services and applications. Due to the ever increasing amount of multimedia data in IoT environments, securing these systems becomes crucial. This is because these systems are easily susceptible to attacks when information or any service is accessed by the users. In this paper, we propose a secure three‐factor remote user authentication scheme for IoMT systems using ECC. The formal security proof performed using ROR model and BAN logic confirms that an attacker will not be able to extract sensitive user information. Through informal security analysis, we justify the resistance of the scheme against several security attacks. The performance comparison shows that the scheme is efficient in terms of computational cost, security features, and attack resistance. Furthermore, simulation of the scheme using AVISPA and Proverif proves that the scheme is secure against all active and passive attacks.     

Attacks and defences on intelligent connected vehicles: a survey

Intelligent vehicles are advancing at a fast speed with the improvement of automation and connectivity, which opens up new possibilities for different cyber-attacks, including in-vehicle attacks (e.g., hijacking attacks) and vehicle-to-everything communicationattacks (e.g., data theft). These problems are becoming increasingly serious with the development of 4G LTE and 5G communication technologies. Although many efforts are made to improve the resilience to cyber attacks, there are still many unsolved challenges. This paper first identifies some major security attacks on intelligent connected vehicles. Then, we investigate and summarize the available defences against these attacks and classify them into four categories: cryptography, network security, software vulnerability detection, and malware detection. Remaining challenges and future directions for preventing attacks on intelligent vehicle systems have been discussed as well.     

Secure multi‐factor remote user authentication scheme for Internet of Things environments

Because of the exponential growth of Internet of Things (IoT), several services are being developed. These services can be accessed through smart gadgets by the user at any place, every time and anywhere. This makes security and privacy central to IoT environments. In this paper, we propose a lightweight, robust, and multi‐factor remote user authentication and key agreement scheme for IoT environments. Using this protocol, any authorized user can access and gather real‐time sensor data from the IoT nodes. Before gaining access to any IoT node, the user must first get authenticated by the gateway node as well as the IoT node. The proposed protocol is based on XOR and hash operations, and includes: (i) a 3‐factor authentication (ie, password, biometrics, and smart device); (ii) mutual authentication ; (iii) shared session key ; and (iv) key freshness . It satisfies desirable security attributes and maintains acceptable efficiency in terms of the computational overheads for resource constrained IoT environment. Further, the informal and formal security analysis using AVISPA proves security strength of the protocol and its robustness against all possible security threats. Simulation results also prove that the scheme is secure against attacks.     

A Hybrid Feature Selection Method for Improved Detection of Wired/Wireless Network Intrusions

Internet has become an essential aspect of communication in the day to day life of everyone around the world. With the increased usage of Internet, attacks have also increased and the need for various levels of security is on the rise, both in wired and wireless environments. Intrusion detection system (IDS) has become a mandatory level of security for organizations to protect themselves from intruders. Improving the accuracy of IDS is crucial and it is the present focus of researchers. Feature selection has its role in enhancing accuracy by extracting the most relevant features. This study proposes a hybrid method for feature selection that picks and combines the best features from different feature selection methods. This method can be applied for feature reduction in any application domain. In this work, the proposed hybrid method is employed for intrusion detection and six predominant features are picked from NSL-KDD dataset. An exhaustive performance investigation has proved that the proposed feature selection method increases the detection rate by 5% thereby improving the accuracy of intrusion detection system by 3%.     

Design and analysis of intrusion detection systems for wireless mesh networks

Intrusion is any unwanted activity that can disrupt the normal functions of wired or wireless networks. Wireless mesh networking technology has been pivotal in providing an affordable means to deploy a network and allow omnipresent access to users on the Internet. A multitude of emerging public services rely on the widespread, high-speed, and inexpensive connectivity provided by such networks. The absence of a centralized network infrastructure and open shared medium makes WMNs particularly susceptible to malevolent attacks, especially in multihop networks. Hence, it is becoming increasingly important to ensure privacy, security, and resilience when designing such networks. An effective method to detect possible internal and external attack vectors is to use an intrusion detection system. Although many Intrusion Detection Systems (IDSs) were proposed for Wireless Mesh Networks (WMNs), they can only detect intrusions in a particular layer. Because WMNs are vulnerable to multilayer security attacks, a cross-layer IDS are required to detect and respond to such attacks. In this study, we analyzed cross-layer IDS options in WMN environments. The main objective was to understand how such schemes detect security attacks at several OSI layers. The suggested IDS is verified in many scenarios, and the experimental results show its efficiency.     

智能网联汽车的安全风险及对策

智能网联汽车集人工智能、车联网、大数据、移动互联等新技术于一身,给人们带来了许多传统汽车无法提供的新功能,让用户获得了比传统汽车更智能、舒适、便捷的用车体验。但是,智能网联汽车需要实时联网,深度依赖网络,存在诸多安全风险,需要予以重视。文中分析了智能网联汽车的安全风险,并提出了制定智能网联汽车信息安全标准、构建智能网联汽车数据安全防护体系、建立常态化的风险评估机制、提升车企技术水平、应用标识密钥技术、确保数据跨境流动安全等对策,以提升智能网联汽车的安全性。     

基于票据的车联网安全和隐私保护方案

随着车联网的发展,车辆通信将在提高行车安全,驾驶效率和舒适度方面发挥重要作用。车辆将访问多种应用,考虑到现有行车安全应用面临的严峻威胁,加之对用户验证、授权和计费的需求,攻击防护安全对于车载自组网来说尤为重要。在车辆使用基于位置的服务或行车安全服务时,攻击者可能会窃听通信内容,获取用户身份信息和位置隐私。为了提高车载自组织网安全,提出了一种采用分布式车辆公钥基础设施(VPKI)对车辆通信安全、位置隐私和身份匿名进行保护的方案。该方案采用票据为应用服务提供匿名访问控制和认证,并且可以解析和撤销不法车辆身份。最后,通过实验分析方案的效率来证明VPKI的可实施性。     

A novel intrusion detection model for the CAN bus packet of in-vehicle network based on attention mechanism and autoencoder

The attacks on in-vehicle Controller Area Network (CAN) bus messages severely disrupt normal communication between vehicles. Therefore, researches on intrusion detection models for CAN have positive business value for vehicle security, and the intrusion detection technology for CAN bus messages can effectively protect the in-vehicle network from unlawful attacks. Previous machine learning-based models are unable to effectively identify intrusive abnormal messages due to their inherent shortcomings. Hence, to address the shortcomings of the previous machine learning-based intrusion detection technique, we propose a novel method using Attention Mechanism and AutoEncoder for Intrusion Detection (AMAEID). The AMAEID model first converts the raw hexadecimal message data into binary format to obtain better input. Then the AMAEID model encodes and decodes the binary message data using a multi-layer denoising autoencoder model to obtain a hidden feature representation that can represent the potential features behind the message data at a deeper level. Finally, the AMAEID model uses the attention mechanism and the fully connected layer network to infer whether the message is an abnormal message or not. The experimental results with three evaluation metrics on a real in-vehicle CAN bus message dataset outperform some traditional machine learning algorithms, demonstrating the effectiveness of the AMAEID model.     

基于虚拟仪器技术的汽车遥控钥匙(RKE)功能测试平台实现

当今超过70％的已生产车辆将遥控车门开关(RKE)系统作为标准或者可选的配件，用以提高汽车的舒适性和安全性；同时RKE系统是一个大量生产的售后市场配件，在大多数的RKE系统中，具有能够报警防止汽车被偷窃以及锁住、开锁车门和汽车尾部行李葙，其中一些系统还包括遥控启动汽车和汽车寻找的功能。针对德国海拉公司为大众汽车公司设计和生产的第三代汽车遥控钥匙，利用虚拟仪器技术及NI公司虚拟仪器软件Lab Windows／CVI7．0，提出了遥控钥匙功能测试平台的硬件组成系统及编写相应的功能测试软件，实现和满足了该类型遥控钥匙产品的功能测试要求，并探讨了测试系统的功能扩展。     

一种基于数据分析的网络安全态势感知系统设计与实现

业务承载网是各项工作信息通信的重要支撑。传统烟囱林立的安防建设难以形成协同效益且运维困难,APT攻击、勒索病毒等恶意代码爆发、新单位接入都给网络安全运行带来较大风险挑战。建立一个对各类安全态势信息进行统计分析和多形式的可视化呈现的系统,通过对各网络安全情况汇集整编和态势融合展现,实现对网络空间态势常态化监控。测试表明系统支持设备日志采集、资产探测、安全事件特征提取、关联分析,可以帮助网络运维人员随时掌握网络空间安全态势情况,提升网络整体安全防护能力。     

车辆GPS远程监控系统开发

为了解决车辆信贷风险控制、车辆远程位置监控、远程故障诊断、车辆行驶区域设定等问题,研究和开发了GPS远程监控系统。采用＂远程控制中心＋GPS终端＂的模式构建,整车上的GPS终端通过CAN总线与发动机ECU进行通信,实现对发动机信息的采集以及响应控制中心的远程控制命令。目前该系统已成功应用于某型号的电控发动机,实现了位置监控、整车行驶路线设置、发动机油耗统计、发动机信息远程诊断、远程坡行控制等功能。     

Characterization of Security Notions for Probabilistic Private-Key Encryption

The development of precise definitions of security for encryption, as well as a detailed understanding of their relationships, has been a major area of research in modern cryptography. Here, we focus on the case of private-key encryption. Extending security notions from the public-key setting, we define security in the sense of both indistinguishability and non-malleability against chosen-plaintext and chosen-ciphertext attacks, considering both non-adaptive (i.e., ``lunchtime') and adaptive oracle access (adaptive here refers to an adversary's ability to interact with a given oracle even after viewing the challenge ciphertext). We then characterize the 18 resulting security notions in two ways. First, we construct a complete hierarchy of security notions; that is, for every pair of definitions we show whether one definition is stronger than the other, whether the definitions are equivalent, or whether they are incomparable. Second, we partition these notions of security into two classes (computational or information-theoretic) depending on whether one-way functions are necessary in order for encryption schemes satisfying the definition to exist. Perhaps our most surprising result is that security against adaptive chosen-plaintext attack is (polynomially) equivalent to security against non-adaptive chosen-plaintext attack. On the other hand, the ability of an adversary to mount a (non-adaptive) chosen-plaintext attack is the key feature distinguishing computational and information-theoretic notions of security. These results hold for all security notions considered here.     

网络安全与缓冲区溢出攻击

针对当前网络系统应用中存在的安全问题,文章分析了安全问题产生的根源,介绍了计算机信息系统的安全级别,提出了缓冲区溢出攻击的防护方法。根据分析P2DR网络安全理论模型,结合实际经验,提出了网络安全的防护措施。     

Markov chain model for multimodal biometric rank fusion

Multimodal biometric aims at increasing reliability of biometric systems through utilizing more than one biometric in decision-making process. An effective fusion scheme is necessary for combining information from various sources. Such information can be integrated at several distinct levels, such as sensor level, feature level, match score level, rank level, and decision level. In this paper, we present a multimodal biometric system utilizing face, iris, and ear biometric features through rank level fusion method using novel Markov chain approach. We first apply fisherimage technique to face and ear image databases for recognition and Hough transform and Hamming distance techniques for iris image recognition. The main contribution is in introducing Markov chain approach for biometric rank aggregation. One of the distinctive features of this method is that it satisfies the Condorcet criterion, which is essential in any fair rank aggregation system. The experimentation shows superiority of the proposed approach to other recently introduced biometric rank aggregation methods. The developed system can be effectively used by security and intelligence services for controlling access to prohibited areas and protecting important national or public information.     

Resilient secure aggregation for vehicular networks

Innovative ways to use ad hoc networking between vehicles are an active research topic and numerous proposals have been made for applications that make use of it. Due to the bandwidth-limited wireless communication medium, scalability is one crucial factor for the success of these future protocols. Data aggregation is one solution to accomplish such scalability. The goal of aggregation is to semantically combine information and only disseminate this combined information in larger regions. However, the integrity of aggregated information cannot be easily verified anymore. Thus, attacks are possible resulting in lower user acceptance of applications using aggregation or, even worse, in accidents due to false information crafted by a malicious user. Therefore, it is necessary to design novel mechanisms to protect aggregation techniques. However, high vehicle mobility, as well as tight bandwidth constraints, pose strong requirements on the efficiency of such mechanisms. We present new security mechanisms for semantic data aggregation that are suitable for use in vehicular ad hoc networks. Resilience against both malicious users of the system and wrong information due to faulty sensors are taken into consideration. The presented mechanisms are evaluated with respect to their bandwidth overhead and their effectiveness against possible attacks.     

Joint robustness and security enhancement for feature-based image watermarking using invariant feature regions

Local image features have been widely applied in feature-based watermarking schemes. The feature invariance is exploited to achieve robustness against attacks, but the leakage of information about hidden watermarks from publicly known locations and sizes of features are often unconsidered in security. This paper, therefore, proposes a novel image watermarking approach, which adopts invariant feature regions to jointly enhance its robustness and security. Initially, circular feature regions are determined by the scale-adapted auto-correlation matrix and the Laplacian-of-Gaussian operation. Leakage of secret information is also controlled carefully during feature detection procedure. An optimal selection process formulated as a multidimensional knapsack problem is then proposed to select robust non-overlapping regions from those circular feature regions to resist various attacks. This process is implemented by a genetic algorithm-based approach, and incorporates randomization to mitigate the security risk. Finally, each selected region is normalized to obtain a geometrically invariant feature region, and embedded with a region-dependent watermark to overcome the weakness of multiple-redundant watermarks. The evaluation results based on the StirMark benchmark present the proposed scheme can tolerate various attacks, including noise-like signal processing and geometric distortions. A security analysis in terms of differential entropy also confirms the security improvement of the proposed method.     

IP2DM: integrated privacy‐preserving data management architecture for smart grid V2G networks

With the development of battery vehicles, vehicle‐to‐grid (V2G) networks are becoming more and more important in smart grid. Although battery vehicles are environmentally friendly and flexible to use two‐way communication and two‐way electricity flow, they also raise privacy‐preservation challenges, such as location and movement privacy. On the one hand, utility companies have to monitor the grid and analyze user data to control the power production, distribution, scheduling, and billing process, while typical users need to access their data later online. On the other hand, users are not willing to provide their personal data because they do not trust the system security of the utility companies where their data stored, and it may potentially expose their privacy. Therefore, in this paper, we study data management of V2G networks in smart grid with privacy‐preservation to benefit both the customers and the utility companies. Both data aggregation and data publication of V2G networks are protected in the proposed architecture. To check its security, we analyze this architecture in several typical V2G networks attacks. We conduct several experiments to show that the proposed architecture is effective and efficient, and it can enhance user privacy protection while providing enough information for utility companies to analyze and monitor the grid. Copyright © 2016 John Wiley & Sons, Ltd.     

基于射频双向通信的汽车无钥匙进入系统设计

将射频技术与汽车电子技术结合,提出一种安全度和舒适性很高的汽车无钥匙进入门禁系统,该系统在无需人为干预的情况下,可对车门进行自动控制.系统分为两个部分：应答器和基站.现详细论述了应答器和基站之间的通信链路,并设计出能实现该链路的硬件和软件,在低功耗的前提下,实现了无钥匙进入系统的功能并给出了该系统相关的实验测试数据.本设计让汽车门禁系统变得更加智能,可作为汽车门禁一个良好的解决方案.     

Energy-efficient and intrusion-resilient authentication for ubiquitous access to factory floor information

Linking factory floors to the Internet, coupled with the rapid deployment of wireless access networks, is initiating a new paradigm for factory automation-a corporate employee with a handheld computing device can have anytime, anywhere access to the latest factory floor information. Authentication between a factory database and a remote user is crucial for such paradigm; however, existing authentication protocols are inadequate to defend against strong adversaries with break-in capabilities. In this paper, we design and implement the Energy-Efficient and Intrusion-Resilient Authentication (ERA) protocol. Through a novel combination of hash chain,pin, and message authentication code (MAC), ERA can achieve the security self-recovery when strong adversaries compromise either a user's handheld device or a factory authentication server to obtain the authentication secrets. The technique of mutual MAC is proposed to defend against online pin-guessing attacks launched by strong adversaries. Furthermore, an optimization of tuning hash chain iteration is introduced to reduce energy consumption of a handheld device. Analytical and experimental results show that ERA provides a better security guarantee and incurs much less computation and communication overhead than the existing authentication protocols.