Abstract: A method and system for detecting illegitimate messages injected into legitimate messages of a bus, such as a Controller Area Network (CAN) bus, are provided. Legitimate messages are broadcasted over the bus with a period whereby the legitimate messages are periodic legitimate messages. A controller connected to the bus receives at a first time instant a first message from the bus and receives at a second time instant a second message from the bus. The controller compares a first difference in time between the second time instant and the first time instant with a limit. The limit is two-thirds of the period. An anomaly is detected when the first difference in time is less than the limit.

Abstract: An error detector is configured to identify transmission errors and maintain a transmit error counter (TEC) value and corresponding network identifier for each of a plurality of electronic control units (ECUs) connected to a network bus. The error detector is configured to adjust the TEC values for the ECUs based on error frames and inform an intrusion detection system when an ECU changes error state. In this manner, the error detector is configured to help identify and attribute attacks by an impersonating node when a message is received containing the network identifier of a legitimate ECU that is in a Bus Off state.

Abstract: A method of communicating via a vehicle communication network includes providing an electronic control unit (ECU), the ECU including a main processing unit and a security processing unit, the security processing unit including a symmetric security key, attempting a secure boot of the main processing unit, providing use of the symmetric security key to the main processing unit if the secure boot of the main processing unit is successful, preventing use of the symmetric security key by the main processing unit if the secure boot of the main processing unit is not successful, conducting, via an attestation processing unit, a remote attestation of the main processing unit, and determining, via the attestation processing unit, whether the secure boot of the main processing unit was successful according to the remote attestation.

Abstract: An error detector is configured to identify transmission errors and maintain a transmit error counter (TEC) value and corresponding network identifier for each of a plurality of electronic control units (ECUs) connected to a network bus. The error detector is configured to adjust the TEC values for the ECUs based on error frames and inform an intrusion detection system when an ECU changes error state. In this manner, the error detector is configured to help identify and attribute attacks by an impersonating node when a message is received containing the network identifier of a legitimate ECU that is in a Bus Off state.

Abstract: A method and system for detecting illegitimate messages injected into legitimate messages of a bus, such as a Controller Area Network (CAN) bus, are provided. Legitimate messages are broadcasted over the bus with a period whereby the legitimate messages are periodic legitimate messages. A controller connected to the bus receives at a first time instant a first message from the bus and receives at a second time instant a second message from the bus. The controller compares a first difference in time between the second time instant and the first time instant with a limit. The limit is two-thirds of the period. An anomaly is detected when the first difference in time is less than the limit.

Abstract: A method of communicating via a vehicle communication network includes providing an electronic control unit (ECU), the ECU including a main processing unit and a security processing unit, the security processing unit including a symmetric security key, attempting a secure boot of the main processing unit, providing use of the symmetric security key to the main processing unit if the secure boot of the main processing unit is successful, preventing use of the symmetric security key by the main processing unit if the secure boot of the main processing unit is not successful, conducting, via an attestation processing unit, a remote attestation of the main processing unit, and determining, via the attestation processing unit, whether the secure boot of the main processing unit was successful according to the remote attestation.