Abstract: Disclosed herein are system and methods for authenticating vehicles based on trust established within a community of vehicles using a distributed ledger associating an identifier of each vehicle with a respective public key uniquely assigned to the respective vehicle. When a vehicle requests to establish a communication session with another party, which may be another vehicle or a service system, the vehicle may transmit its identifier and a message signed using its respective private key from which its public key is derived. In response, to authenticate the vehicle, the other party may communicate with one or more trusted vehicles which may verify the vehicle is genuinely associated with the public key by decoding the message using the public key retrieved from their local copy of the distributed ledger. The other party may then establish the communication session or refuse it based on the whether the verification is successful or not.

Abstract: Disclosed herein are methods and devices for mitigating Bluetooth (BT) based attacks, using a BT proxy device comprising a first and a second BT interfaces. The BT proxy device is configured to identify a first BT device and a second BT device connected to each other via a BT link, transmit a BT link disconnect to the first and second BT devices while using the device name of the second and first BT devices respectively, use the device name of the second BT device to connect to the first BT device via the first BT interface, use the device name of the first BT device to connect to the second BT device via the second BT interface, intercept BT packets exchanged between the first and the second BT devices, and detect one or more potential attack vectors based on analysis of one or more of the intercepted BT packets.

Abstract: A method, system, and computer program product for anomaly detection using embedding space representation of system states. An anomaly detection model is trained using an anomaly detection algorithm and a plurality of reference vectors obtained using an embedding space representation process configured for mapping to a single point vector in an embedding space each of a plurality of system state snapshots comprised in a training dataset and each capturing during a defined time window a plurality of features of each process operating in the system. Responsive to receiving a testing dataset comprising one or more system state snapshots, one or more vectors in the embedding space are obtained using the embedding space representation process for mapping each system state snapshot in the testing dataset, and the anomaly detection model is used to determine whether a vector of the one or more vectors being indicative of a cyber-attack on the system.

Abstract: Examples are disclosed for methods and mechanisms to address Base Transceiver Stations (BTSes) attempting to hijack Mobile Stations (MSes) in wireless communication networks. In some example methods, a record having values for a set of features associated with an MS and a BTS of a wireless communication net may be processed. A score for the record may be calculated, for example based on a machine-learning model pertaining to the set of features, and a determination may be made as to whether the record demonstrates an anomalous condition based upon the score. The set of features may include at least one feature based on a measured power of the BTS.

Abstract: A vehicle comprising at least one short-range digital communication network interface (local-network interface) and at least one hardware processor is disclosed. The hardware processor is configured to respond to a request for a verified local-time value by receiving at least one local-time value from at least one other hardware processor via the local-network interface when failing to access a reliable time source. The hardware processor then computes a semi-reliable local-time value using the at least one local-time value and executes at least one secure operation subject to an outcome of at least one test applied to the semi-reliable local-time value.

Abstract: Systems and methods for verifying wireless connections are provided. In one example, a method includes, at a computing system, responsive to initiating a wireless connection between a client device and a host device, generating a communication fingerprint of the client device based on at least one response characteristic of the client device, the at least one response characteristic based on a communication between the client device and the host device, the communication passing through each of a software layer of the client device and a hardware element of the client device. In this way, overall system security of a wireless connection between the host device and the client device may be increased.

Abstract: A vehicle charging station, comprising: a charging processor configured for, when a vehicle is connected to the charging station: sending to the vehicle a request for at least one power level value; and in response to receiving the at least one power level value from the vehicle: computing an expected amount of time for charging at least one battery of the vehicle; computing an expected amount of time for executing an update of digital data of the vehicle, where the expected amount of time includes an amount of time for reverting the update; and subject to identifying that the update time is less than the charging time according to a time comparison test, sending the vehicle an instruction to execute the update while charging the at least one battery.

Abstract: A method, a system and a computer readable medium of vehicle-to-vehicle messaging. The method, system and computer readable medium are using a server computer that receives sensor data from a plurality of vehicle computers of respective vehicles being driven, and collects the received sensor data, detects a spatiotemporal match between at least two of the vehicle computers, using the collected sensor data and tries to establish a messaging channel between at least two of the vehicle computers having the detected spatiotemporal match.

Abstract: A method of updating Electronic Control Units (ECUs) of vehicles using updates received via Vehicle to Vehicle (V2V) communication channels comprising receiving from nearby vehicle(s) via V2V communication channel(s), one or more of a plurality of update packages distributed for updating a plurality of ECUs deployed in a plurality of vehicles, each of the nearby vehicle(s) is within a reception area of the V2V communication channel(s), analyzing an identifier extracted from each update package to determine whether the update package is directed to ECU(s) of the vehicle, communicating via the V2V communication channel(s), in case of positive determination, with a subset of the vehicles each maintaining a local log associating each update package with a respective verification code to validate the verification code extracted from the update package according to a consensus of the subset and, in case of successful validation, initiating update of the ECU(s) using the update package(s).

Abstract: Techniques for detecting anomalies or cyber attacks on a vehicle. A computer-implemented method for anomaly or attack detection includes determining, using a first model, a first predicted value of a first variable message associated with a vehicle, determining, using a second model, a second predicted value of the first variable message associated with the vehicle, determining, based on a difference between an actual value of the first variable message and the first predicted value of the first variable message and on a difference between the actual value of the first variable message and the second predicted value of the first variable message, a vector, and determining, using a third model, an output value based on the vector, the output value corresponding to at least one of a likelihood that an anomaly or an attack is occurring or a type of the anomaly or the attack.

Abstract: A method of generating a delta instructions record for updating a source database in-place, comprising obtaining a plurality of source data items contained in a plurality of cells of a plurality of tables organized in tuples and columns, creating a column oriented source stream serializing the source data items by concatenating a source data item of each cell of each column to a preceding source data item of a cell preceding the respective cell in the respective column, obtaining a plurality of target data items contained tables of a target database comprising data item(s) changed compared to the source database, creating a column oriented target stream serializing the plurality of target data items, delta instructions for applying changes detected between the source database and the target database by comparing between the source stream and the target stream, and outputting the delta instructions record to device(s) for updating their source database.

Abstract: A method of enhancing positioning of a moving vehicle based on visual identification of visual objects, comprising obtaining from a location sensor a global positioning and a movement vector of a moving vehicle, capturing one or more images using one or more imaging devices mounted on the moving vehicle to depict at least partial view of a surroundings of the moving vehicle, analyzing the image(s) to identify one or more visual objects having a known geographical position obtained according to the global positioning from a visual data record associated with a navigation map, analyzing the image(s) to calculate a relative positioning of the moving vehicle with respect to the identified visual object(s), calculating an enhanced positioning of the moving vehicle based on the relative positioning and applying the enhanced positioning to a navigation system of the moving vehicle.

Abstract: Disclosed are methods and systems for detecting vital signs of occupants in vehicles, for example, the vehicle cabin. A signal unit transmits a radar signal to the occupant and receiving the radar signal reflected from the occupant. The reflected radar signal is analyzed with respect to vibration data of the vehicle, to produce a modified signal. The modified signal is analyzed to determine the vital signs of the occupant.

Abstract: Mechanisms and methods are provided for establishing vectors indicating the presence, in a first vehicle and second vehicle, of a super-set of vehicle features present across a fleet of vehicles. The first vehicle may be a reference vehicle. A distance function of the vectors may be calculated in order to establish a similarity score indicating the degree of similarity between the designs of the two vehicles. If the second vehicle is sufficiently similar to the reference vehicle, a software update may be recommended and applied.

Abstract: The present invention provides a security system, and methods useful for vehicle CAN bus communication mapping and attack originator identification, comprising: a CAN Bus Monitor, (CBM), configured to monitor the CAN bus communication comprising one or more frames, to and/or from at least one Electronic Control Unit, (ECU); a characterization module in communication with the CBM, configured to generate at least one characteristic for the monitored communication from each the ECU and at least one characteristic for each communication frame; (c) a comparator unit in communication with the characterization module, configured to compare one or more the characteristics of at least one frame against characteristics of each the ECU communication in order to detect at least one anomaly; and, (d) one or more Identification module in communication with the comparator, configured to identify at least one ECU originating an attack on the CAN bus.

Abstract: There is provided a computer implemented method of disabling a malicious electronic control unit (ECU) of a plurality of ECUs in communication with a controller area network (CAN) bus network, the method executed by a computing device in communication with the plurality of ECUs and the CAN bus network, the method comprising: detecting a malicious message transmitted by the malicious ECU over the CAN bus network, and injecting a plurality of bits over the CAN bus network to trigger a predefined plurality of errors for disabling the malicious ECU before the malicious ECU makes an additional attempt to retransmit an additional instance of the malicious message.

Abstract: A system of mitigating code weaknesses in a target code by adding micro functionality fixes. The system includes a mitigation module installed a memory chip of a device and a server for identifying a plurality of code weaknesses in a target code installed in a memory chip of a device and sending configuration instructions to the mitigation module, the configuration instructions comprising: a plurality of micro functionality fixes, and a plurality of code weakness locations each associated with one of the plurality of code weaknesses and one of the plurality of micro functionality fixes. The execution of the mitigation module by at least one processor of the device induces an installment of the plurality of micro functionality fixes in the plurality of code weakness locations.

Abstract: A method for processing signals of active sensor systems including processing an emitted signal to include at least one distinguishing feature, the emitted signal emitted by an active sensor system adapted to intercept a reflection of the emitted signal, and to analyze the reflection of the emitted signal for determining at least one parameter of at least one object located in a space, analyzing an intercepted portion to verify the at least one distinguishing feature in the intercepted portion, and processing the intercepted portion as the reflection of the emitted signal when the at least one distinguishing feature is verified.

Abstract: There is provided a method for identifying malicious activity that changes the integrity of data sent out from a vehicle, comprising: intercepting, by an output data monitoring agent that monitors data sent out from the vehicle to an external receiving computing unit using a communication interface in communication with a network; intercepting, by at least one sensor data monitoring agent that monitors sensor data outputted by at least one sensor associated with the vehicle; monitoring the integrity of the data sent out by the vehicle by analyzing the data collected by the output data monitoring agent with the sensor data collected by the at least one sensor data monitoring agent to identify a mismatch; and identifying an indication of malicious activity that changed the data sent out from the vehicle relative to the data sensed by the at least one sensor.

Abstract: A computer implemented method of updating software of embedded devices connected to a central dispatch device, comprising using one or more processors of a central dispatch device, the processor(s) are adapted for executing a code for obtaining a respective update package for one or more of a plurality of embedded devices which are operatively connected to the central dispatch device via a communication interconnection, transferring a transient update agent to the embedded device(s) and transferring the update package to the embedded device(s), the one or more embedded devices execute the transient update agent to apply the update package in the one or more embedded devices. The one or more embedded devices discard the transient update agent after the update package is applied.