Red-Zone: Towards an Intrusion Response Framework for Intra-vehicle System

  title={Red-Zone: Towards an Intrusion Response Framework for Intra-vehicle System},
  author={Mohammad Hamad and Marinos Tsantekidis and Vassilis Prevelakis},
Modern vehicles are increasingly equipped with highly automated control systems both for driving and for passenger comfort. An integral part of these systems are the communication channels that allow the on-board systems to interact with passenger devices (e.g. tablets), ITS systems (e.g. road-side units), and other vehicles. These advances have significantly enlarged the attack surface and we already have numerous instances of successful penetration of vehicular networks both from inside the… 
3 Citations

Figures from this paper

SAVTA: A Hybrid Vehicular Threat Model: Overview and Case Study

This work tried to revise the existing threat modeling efforts in the vehicular domain and proposed using a hybrid method called the Software, Asset, Vulnerability, Threat, and Attacker (SAVTA)-centric method to support security analysis for vehicular systems.

Temporal-based intrusion detection for IoV

This paper proposes using the task’s temporal specification as a baseline to define its normal behavior and identify temporal thresholds that give the system the ability to predict malicious tasks and gets temporal thresholds 20–40 % less than the one usually used to alarm the system about security violations.



Securing vehicles against cyber attacks

This paper investigates the security issues of allowing external wireless communication in the vehicle domain using a defense-in-depth perspective and discusses security challenges for each of the prevention, detection, deflection, countermeasures, and recovery layers.

An approach to specification-based attack detection for in-vehicle networks

This paper derives information to create security specifications for communication and ECU behavior from the CANopen draft standard 3.01 communication protocol and object directory sections, and proposes a suitable location for the attack detector, and evaluates the detection using a set of attack actions.

A framework for policy based secure intra vehicle communication

A framework to build a secure communications policy gradually by integrating it through the design and life cycle of vehicle's software components is proposed and a security module which acts as a connection policy checker vetting the incoming and outgoing communications and enforcing the distributed security policy is proposed.

Towards Comprehensive Threat Modeling for Vehicles

This work tried to revise the existing threat modeling efforts in the vehicular domain and reassembled them and extracted their main characteristics to build a comprehensive threat model that could be used to identify the different threats against the Vehicular domain.

Comprehensive Experimental Analyses of Automotive Attack Surfaces

This work discovers that remote exploitation is feasible via a broad range of attack vectors (including mechanics tools, CD players, Bluetooth and cellular radio), and further, that wireless communications channels allow long distance vehicle control, location tracking, in-cabin audio exfiltration and theft.

Adaptive Dynamic Reaction to Automotive IT Security Incidents Using Multimedia Car Environment

This paper proposes an adaptive dynamic concept to address the frequently changing environmental conditions in the automotive domain and discusses it using three exemplarily selected scenarios.

Security and Privacy Vulnerabilities of In-Car Wireless Networks: A Tire Pressure Monitoring System Case Study

It is shown that eavesdropping is easily possible at a distance of roughly 40m from a passing vehicle and that messages can be easily triggered remotely, which raises privacy concerns as vehicles can be tracked through these identifiers.

Evaluating the impact of automated intrusion response mechanisms

A network model and an algorithm are presented that allows the IRS to select the response among several alternatives which fulfills the security requirements and has a minimal negative effect on legitimate users.

Enabling automated threat response through the use of a dynamic security policy

This paper proposes an architecture allowing to dynamically and automatically deploy a generic security policy into concrete policy instances taking into account the threat level characterized thanks to intrusion detection systems, providing means to bridge the gap between existing detection approaches and new requirements.

Intrusion response systems: Foundations, design, and challenges