NSF Award Search: Award # 1645987

Award Abstract # 1645987

CPS: Breakthrough: Collaborative Research: Track and Fallback: Intrusion Detection to Counteract Carjack Hacks with Fail-Operational Feedback

NSF Org:	CNS Division Of Computer and Network Systems
Recipient:	IOWA STATE UNIVERSITY OF SCIENCE AND TECHNOLOGY
Initial Amendment Date:	September 1, 2016
Latest Amendment Date:	May 5, 2017
Award Number:	1645987
Award Instrument:	Standard Grant
Program Manager:	Ralph Wachter rwachter@nsf.gov (703)292-8950 CNS Division Of Computer and Network Systems CSE Directorate for Computer and Information Science and Engineering
Start Date:	October 1, 2016
End Date:	September 30, 2020 (Estimated)
Total Intended Award Amount:	$190,449.00
Total Awarded Amount to Date:	$206,449.00
Funds Obligated to Date:	FY 2016 = $190,449.00 FY 2017 = $16,000.00
History of Investigator:	Joseph Zambreno (Principal Investigator) zambreno@iastate.edu
Recipient Sponsored Research Office:	Iowa State University 1350 BEARDSHEAR HALL AMES IA US 50011-2103 (515)294-5225
Sponsor Congressional District:	04
Primary Place of Performance:	Iowa State University 1138 Pearson Ames IA US 50011-2207
Primary Place of Performance Congressional District:
Unique Entity Identifier (UEI):	DQDBM7FGJPC5
Parent UEI:	DQDBM7FGJPC5
NSF Program(s):	Special Projects - CNS, CPS-Cyber-Physical Systems
Primary Program Source:	01001617DB NSF RESEARCH & RELATED ACTIVIT 01001718DB NSF RESEARCH & RELATED ACTIVIT
Program Reference Code(s):	1714, 7918, 8234, 9251
Program Element Code(s):	171400, 791800
Award Agency Code:	4900
Fund Agency Code:	4900
Assistance Listing Number(s):	47.070

ABSTRACT

The security of every vehicle on the road is necessary to ensure the safety of every person on or near roadways, whether a motorist, bicyclist, or pedestrian. Features such as infotainment, telematics, and driver assistance greatly increase the complexity of vehicles: top-of-the-line cars contain over 200 computers and 100 million lines of software code. With rising complexity comes rising costs to ensure safety and security. This project investigates novel methods to improve vehicular security by detecting malicious cyber attacks against a moving automobile and responding to those attacks in a manner that ensures the safety of humans in close proximity to the vehicle.

The objective of this project is to protect in-vehicle networks from remote cyber attacks. The method of protection is a distributed in-vehicle network intrusion detection system (IDS) using information flow tracking and sensor data provenance in the cyber domain with novel approaches to address the physical uncertainty and time constraints of an automotive control system. When an intrusion is detected, the IDS triggers a fail-operational mode change to provide graceful degradation of service and initiate recovery without compromising human safety. Specific research aims of this project are to explore the design space of fail-operational IDS for automotive in-vehicle networks, to evaluate security and resiliency of an automobile using a fail-operational IDS, and to generalize fundamentals of a fail-operational IDS to other cyber-physical systems.

PUBLICATIONS PRODUCED AS A RESULT OF THIS RESEARCH

Note: When clicking on a Digital Object Identifier (DOI) number, you will be taken to an external site maintained by the publisher. Some full text articles may not yet be available without a charge during the embargo (administrative interval).

Some links on this page may take you to non-federal websites. Their policies may differ from this site.

Ezeobi, Uchenna and Olufowobi, Habeeb and Young, Clinton and Zambreno, Joseph and Bloom, Gedare "Reverse Engineering Controller Area Network Messages using Unsupervised Machine Learning" IEEE Consumer Electronics Magazine , 2020 https://doi.org/10.1109/MCE.2020.3023538 Citation Details

Olufowobi, Habeeb and Bloom, Gedare and Young, Clinton and Zambreno, Joseph "Work-in-Progress: Real-Time Modeling for Intrusion Detection in Automotive Controller Area Network" 2018 IEEE Real-Time Systems Symposium (RTSS) , 2018 10.1109/RTSS.2018.00030 Citation Details

Olufowobi, Habeeb and Ezeobi, Uchenna and Muhati, Eric and Robinson, Gaylon and Young, Clinton and Zambreno, Joseph and Bloom, Gedare "Anomaly Detection Approach Using Adaptive Cumulative Sum Algorithm for Controller Area Network" AutoSec AutoSec '19 Proceedings of the ACM Workshop on Automotive Cybersecurity , 2019 10.1145/3309171.3309178 Citation Details

Olufowobi, Habeeb and Young, Clinton and Zambreno, Joseph and Bloom, Gedare "SAIDuCANT: Specification-Based Automotive Intrusion Detection Using Controller Area Network (CAN) Timing" IEEE Transactions on Vehicular Technology , v.69 , 2020 10.1109/TVT.2019.2961344 Citation Details

Young, Clinton and Olufowobi, Habeeb and Bloom, Gedare and Zambreno, Joseph "Automotive Intrusion Detection Based on Constant CAN Message Frequencies Across Vehicle Driving Modes" Proceedings of the ACM Workshop on Automotive Cybersecurity , 2019 10.1145/3309171.3309179 Citation Details

Young, Clinton and Svoboda, Jordan and Zambreno, Joseph "Towards Reverse Engineering Controller Area Network Messages Using Machine Learning" Proceedings of the IEEE World Forum on Internet of Things (WF-IoT) , 2020 10.1109/WF-IoT48130.2020.9221383 Citation Details

Young, Clinton and Zambreno, Joseph and Bloom, Gedare "Towards a Fail-Operational Intrusion Detection System for In-Vehicle Networks" Proceedings of the Workshop on Security and Dependability of Critical Embedded Real-Time Systems (CERTS) , 2016 Citation Details

Young, Clinton and Zambreno, Joseph and Olufowobi, Habeeb and Bloom, Gedare "Survey of Automotive Controller Area Network Intrusion Detection Systems" IEEE Design & Test , 2019 10.1109/MDAT.2019.2899062 Citation Details

PROJECT OUTCOMES REPORT

Disclaimer

This Project Outcomes Report for the General Public is displayed verbatim as submitted by the Principal Investigator (PI) for this award. Any opinions, findings, and conclusions or recommendations expressed in this Report are those of the PI and do not necessarily reflect the views of the National Science Foundation; NSF has not approved or endorsed its content.

This project’s primary objective was to explore approaches to protect in-vehicle networks from cyber attacks. Towards this objective, we developed an in-vehicle Intrusion Detection System (IDS) that combined information flow tracking techniques in the cyber domain with tracking of low-level timing characteristics in the physical domain. Research thrusts included an exploration of the design space of statistical, rule-based, and supervised learning based approaches to detecting intrusions on the Controller Area Network (CAN) bus. The intended use case of the IDS is to detect an intrusion and trigger a fail-operational mode change to provide graceful degradation of driving service and initiate recovery without compromising human safety. The proposed approach was validated using data captured with actual vehicle testbeds. An outcome of this research is an advancement in the understanding of IDS design in safety-critical systems, as well as an increased ability to detect, mitigate, and recover from remote cyber attacks in automotive systems.

This project generated and shared research artifacts in the form of publicly-available publications, software code, and automotive control bus data. The project also included integrative educational components for both graduate and undergraduate students through research mentorship (supporting 1 PhD student and 2 undergraduate students), new classroom modules introducing cybersecurity of automotive networks to students studying computer engineering, capstone design projects related to cyber-physical systems, and mentoring in open-source software development.

Last Modified: 10/20/2020
Modified by: Joseph A Zambreno

Please report errors in award information by writing to: awardsearch@nsf.gov.

Success

Error