Abstract: A method of operating an anomaly detection system includes receiving training message sequences corresponding to messages transmitted in an in-vehicle network (IVN), constructing, based on the training message sequences, a model that includes a plurality of states corresponding to observed signal values in the training message sequences and state transitions between respective states of the plurality of states, training the model by supplying, to the model, first messages sequences corresponding to the training message sequences and second message sequences not contained in the training message sequences, and, using the anomaly detection system, executing the model to identify anomalous message sequences transmitted in the IVN by receiving an IVN message sequence, outputting, from the model, a value based on state transitions between states of signals contained in the IVN message sequence, and outputting, based on the value, an indication of whether the IVN message sequence includes an anomalous message seque

Abstract: A method of operating an IDS for a device includes performing a fuzzing operation on a software program being executed on a system under test, the software program corresponding to a deployed software program on the device monitored by the IDS and the system under test being configured to emulate at least one system of the device, the fuzzing operation including supplying fuzzing inputs to the software program, monitoring outputs of the software program, and detecting, based on the outputs, a vulnerability to intrusion in the software program caused by supplying the fuzzing inputs to software program. The method further includes generating and storing a vulnerability entry corresponding to the detected vulnerability, the vulnerability entry including information identifying the detected vulnerability, and updating, based on the vulnerability entry, at least one of a component of the IDS and a code portion of the deployed software program.

Abstract: A system that includes memory and a microcontroller including an analog-to-digital converter (ADC) and in communication with the memory. The microcontroller is configured to define a fingerprint that includes a baseline measurement of side-channel traces of a side-channel retrieved from the ADC, during an enrollment period of the system, wherein the enrollment period includes measuring voltage prior to runtime operation, receive a runtime measurement from the ADC that includes voltage of at least the separate microcontroller during runtime, compare the runtime measurement to the fingerprint, and in response to the measurement exceeding a threshold, executing a countermeasure operation against software ran by the separate processor.

Abstract: A system includes one or more sensors in a vehicle configured to collect a first set of signal data indicative of controller area network traffic of a CAN network in a controlled environment and a second set of signal data indicative of controller area network traffic of a CAN network during vehicle operation. The system further includes a processor programmed to send both the first set of signal data and the second set of signal data to a remote server, identify correlations associated with the first set of signal data to establish a correlation list, comparing the second set of signal data to the correlations list associated with the first set of signal data, and in response to correlations of the second set of signal data exceeding a threshold defining normal operation, sending an alert to a remote agency indicating tampering associated with the second set of signal data.

Abstract: The present disclosure includes descriptions of methods and systems for executing a countermeasure against executed ransomware and for extracting an encryption key used by the ransomware. Embodiments disclosed herein comprise analyzing power consumption data of one or more processors executing the ransomware.

Abstract: A computer-implemented system and method relate to establishing a secure pairing between a first electronic control unit (ECU), which is identifiable by a first identifier, and a second ECU, which is identifiable by a second identifier. A first pairing request is received from the first ECU to pair with the second ECU. The first pairing request includes the second identifier. Session data is generated. The session data includes at least a session identifier and a master session key. A first message is transmitted to the first ECU. The first message includes the session identifier and the master session key. A second pairing request is received from the second ECU to pair with the first ECU. The second pairing request includes the session identifier and the first identifier. A second message is transmitted to the second ECU. The second message includes at least the master session key.

Abstract: Systems and methods relate to pairing a first electronic control unit (ECU) to a second ECU. First identification data of the first ECU is transmitted to the second ECU. Second identification data of the second ECU is received from the second ECU. After a request to pair, the first ECU receives session data from a server. The session data includes a session identifier (ID) to identify the pairing, a master session key (MSK), a first token, and security information of the second ECU. The first ECU derives session keys based on the MSK. The session ID and the first token's encryption first token are transmitted to the second ECU. The first ECU receives and decrypts encryption of a second token from the second ECU. Secure communication is established between the first ECU and the second ECU via the session keys after the first ECU validates the second token.

Abstract: A system comprising a microcontroller located on a communication bus, a power consumption circuit configured to determine power consumption of the microcontroller, wherein a processor is programmed to determine if a clock associated with the microcontroller is paused and whether an average operational power has exceeded a power threshold, and in response to the average operational power exceeding the power threshold and in response to identifying an attacked message or attacked electronics control unit, in response to determining the microcontroller is under the suspected attack, output an alert associated with an event causing change in the bit patterns of messages on the communication bus.

Abstract: Disclosed are systems and methods for a computerized framework that provides an improved, secure computational environment between trusted and untrusted devices (e.g., a Trusted Execution Environment (TEE) and graphics processing unit (GPU), respectively) for executing and offloading Convolutional Neural Network (CNN) computations and operations. The disclosed framework can operate to perform such secure offloading and processing not only during inference computations of the CNN, but also during training of the CNN. The disclosed framework operates to enable training and execution of CNN models, whereby the data used for such operations are held securely while they are in use, in transit (e.g., between the TEE and GPU) and while in storage.

Abstract: A computer-implemented method includes generating shared random bits at the two or more nodes in a multi-party computation system, obtaining one or more Gaussian samples at the two or more modes utilizing the shared random bits, at each of the two or more nodes, generate and output one or more Laplacian samples using the one or more Gaussian samples.

Abstract: A distributed computer network utilizing cryptography that includes one or more processors, wherein the one or more processors are programmed to receive a secret input state and one or more tuples, mask the secret input state with the one or more tuple and utilize a reveal to compute a masked input, compute six multiplications on the masked input, compute multiplication of two secret values to output an intermediate output, mask a third secret value from the intermediate output and reveal the third secret value to compute an interaction, compute a multiparty-computation multiplication with the interaction, and output a final secret value in response to computing the multiparty-computation multiplication.

Abstract: An electronic control unit (ECU) includes a processor, a Controller Area Network (CAN) controller, clock gating logic, and security gating logic. The CAN controller having a status and configured to receive data and control signals from the processor, and a clock signal, package the data to create a CAN protocol frame held in at least one transmit buffer, and shift the CAN protocol frame to a CAN transceiver that is configured to transmit the CAN protocol frame to a CAN bus. The security gating logic configured to, in response to the status of the CAN controller being active, inhibit disabling the clock signal.

Abstract: A system and method for generating a digital identity of a vehicle. A first plurality of measurements may be generated from a plurality of electronic control units located within the vehicle. The measurements may be received by a backend service or a secured controller residing within the vehicle. The measurements may be generated using physics-based metrics unique to each of the plurality of electronic control units. A data pool may be created from the measurements. Also, a unique key operable to verify the digital identity of the vehicle may be generated by combining the data pool with error-correcting data.

Abstract: A system includes a memory and a processor in communication with the memory. The processor is programmed to receive a runtime measurement from a sensor regarding the physical attribute of at least the separate processor during runtime; compare the runtime measurement of the physical attribute to a fingerprint that includes a baseline measurement of a physical attribute of at least a separate processor during an evaluation period of the system, and in response to the measurement exceeding a threshold, executing a countermeasure operation against software ran by the separate processor.

Abstract: A method for implementing a secure multiparty inner product computation between two parties using an SPDZ protocol involves having a first party and a second party compute, for i=1, . . . , k, a vector (I)=(II) based on a vector (x={x1, . . . , xN}), and a vector (w={W1, WN}), respectively, where (I)=(X2i-1X2i) (III)=W2i-1W2i, N is the total number of elements in the vectors k=N/2. The vectors (I), and (III) are securely shared between the parties. The parties then jointly compute SPDZ protocol Add([w2i], [x2i-1]) and Add([w2i], [x2i-1]) to determine shares [w2i-1+x2i] and [w2i+x2i-1] respectively, and then compute, for i=1, . . . , k, inner product shares [di] by performing SPDZ protocol Mult([w2i-1+x2i], [w2i+x2i-1]). SPDZ protocol ([Add d1], . . . , [dk], -(IV), . . . , -(V), -(VI), -, (VII)) is then performed to determine the inner product.

Abstract: A system and method is disclosed for generating a pseudo-random number to prevent unauthorized access to an application-layer communication protocol (e.g., Unified Diagnostic Service protocol) within a vehicle. A first controller within the vehicle may be selected as a security server (e.g., SecurityAccess server). A second controller may be selected that may be in operable communication with the first controller over a shared bus network (e.g., Communication Area Network). A response time-based, voltage-based, or random walk-based algorithm may be employed to generate a pseudo-random number. It is contemplated the pseudo-random number may be generated as a challenge when access is being requested through the application-layer communication protocol.

Abstract: Training of a model is performed to minimize expected loss under noise (ELUN) while maintaining differential privacy. Noise is added to weights of a machine learning model as random samples drawn from a noise distribution, the noise being added in accordance with a privacy budget. The ELUN is minimized by using a loss function that anticipates noise added to the weights of the machine learning model, to find a point in the parameter space for which loss is robust to the noise in the weights. The addition of noise and the minimization of the ELUN are iterated until the weights converge and optimization constraints are satisfied. The model is utilized on arbitrary inputs while protecting the privacy of training data used to train the model.

Abstract: A Software in the Loop (SiL) system and method is disclosed which may include a simulator operable to provide an environment to simulate dynamic systems, enable rapid development, validation of systems, and testing of complex systems. The system and method may include assembling one or more unsecured models operable to simulate the real-world system. The system and method may then encrypt and generate at least one secured model from the one or more unsecured models using a first cryptographic key. The at least one secured model may be decrypted using a sealed decryption key. The decrypted secured model may then be executed within the one or more TEEs. The at least one secured model may be operable to process incoming data and outgoing data.

Abstract: A system includes memory, a processor in communication with the memory. The processor is programmed to define a fingerprint that includes a baseline measurement of a physical attribute of at least a separate processor during an enrollment period of the system, wherein the enrollment period includes measuring the physical attribute of the processor prior to runtime operation, receiving a runtime measurement from a sensor regarding the physical attribute of at least the separate processor during runtime, comparing the runtime measurement of the physical attribute to the fingerprint, and outputting a multi-dimensional domain image in response to the runtime measurement.

Abstract: A multi-party network utilizing cryptography that includes one or more processors, wherein the one or more processors are programmed to utilize bit decomposition on an embedded input state associated with an input, apply a backward substitution box affine transformation to output bits, determine seven powers from the output bits utilizing seven of linear transformations, determine an inverse of the secret state utilizing six secret-by-secret multiplications with the seven powers from the output bits, and output an inverse of a secret input state of a Galois field in response to composing the inverse of the secret state.