Summer Project: Securing Autos

Monday, August 22, 2016 @ 05:08 PM gHale


Automobiles have been a security nightmare for years and one college student and a professor decided to take it on for a summer project.

Auto security ended up mainstream over the years when two hackers Charlie Miller and Chris Valasek were able to break into cars and take them over remotely. They were then able to escalate the level of attack from year to year.

RELATED STORIES
Black Hat: Hacking a Car, Again
Zero Days in BMW Web Portal
SUV Hack via Wi-Fi
Radio Attack Breaks into Autos

Just last year, Miller and Valasek remotely hacked a Jeep Cherokee being driven by a reporter who documented how the researchers controlled everything from the car’s radio and media console to its brakes and steering.

In early August at Black Hat 2016 in Las Vegas, Miller and Valasek showed how they were able to get around speed restrictions which allowed them to take control of the vehicle at speed.

Through a tedious method, the two were able to hack into the vehicle through the engine control unit (ECU) located in the steering column where they were able to send signals through the adaptive cruise control to turn the car, hit the emergency brake and turn off the power steering making the vehicle incredibly difficult to use.

Enough was enough as Dr. Shucheng Yu, an associate professor of computer science at the University of Arkansas at Little Rock (UALR), saw how the 2015 hack demonstrated just how vulnerable smart cars with GPS, Bluetooth, and Internet connections are to cyberattacks.

“These cars have become the trend of the future,” Yu said. “There could be some very severe consequences if someone hacked into the car. A car can be fully controlled by the hacker if it is not protected.”

So as a summer project, Yu and his student, Zachary King, a junior majoring in computer science at UALR, spent the summer researching how to keep cars safe from cyberattacks. They worked on the project during an intensive eight-week summer research program at UALR.

“Three months ago, I wouldn’t have been able to tell you much about cybersecurity and what a security protocol would look like. After having completed this program, I am more interested in cybersecurity than I was before, and I may end up going that route.”
Zachary King

King was one of 10 college students from across the country recruited through a National Science Foundation grant-funded project, “REU Site: CyberSAFE@UALR: Cyber Security and Forensics Research at the University of Arkansas at Little Rock.”

The goal of the program is to decrease cyberattacks on people using mobile technology and social networking sites, said Dr. Mengjun Xie, an associate professor of computer science and director of the CyberSAFE@UALR program.

“The basic idea is to integrate cybersecurity and cyber forensics research with the latest technology in mobile cloud computing and social media to provide research opportunities to students,” Xie said.

Over 130 students applied for 10 spots. Participants included undergraduate college students with a grade point average of 3.0 or higher who are majoring in computer science, computer engineering, math, physics, or electrical engineering

Those selected spent eight weeks conducting research full time with a faculty mentor at the University of Arkansas at Little Rock. Participants received a $4,000 stipend, on-campus housing, a meal plan, and travel expenses.

In King’s project, “Investigating and Securing Communications in the Controller Area Network (CAN),” he created a security protocol to protect smart cars from hacking. He also built an experimental environment that simulates the communication system in a smart car, which allows the security protocol to end up tested through simulations.

Protecting the CAN
The research focuses on the development of a security protocol to protect the Controller Area Network (CAN), an internal communications system in vehicles.

“There are many ways that hackers can control CAN,” King said. “Once they access it, hackers can pretty easily control your car however they want. We are proposing to add a layer of security, so if an unauthorized person accesses it, they still wouldn’t be able to control your vehicle.”

The security protocol protects the CAN in two ways. It authenticates messages sent through the network by creating an authentication code. This authentication code allows nodes on the network to differentiate between a valid message and an attacker’s message.

The second security feature protects against replay attacks, when a hacker attempts to breach the network by repeatedly sending an old message. The protocol uses a timestamp to calculate when the network last received the message, which verifies the message’s “freshness.”

That was the summer project, but it does not end there as Yu and King are continuing their research this fall.

Yu hopes to collaborate with industry and funding agencies to implement the security protocol in commercial vehicles and protect cars from hackers.

As for King, participating in this summer research program has left him considering a career in cybersecurity once he graduates in 2018.

“Three months ago, I wouldn’t have been able to tell you much about cybersecurity and what a security protocol would look like,” he said. “After having completed this program, I am more interested in cybersecurity than I was before, and I may end up going that route.”