Abstract: Systems, apparatus, methods, and techniques for an ego vehicle to respond to detecting misbehaving information from remote vehicles are provided. An ego vehicle, in addition to reporting misbehaving vehicles to a misbehavior authority via a vehicle-to-anything communication network, can, take additional actions based in part on how confident the ego vehicle is about the evidence of misbehavior. Where the confidence is high the ego vehicle can simply discard the misbehaving data and provide an alternative estimate for such data from alternative sources. Where the confidence is not high the ego vehicle can request assistance from neighboring vehicles and roadside units to provide independent estimates of the data to increase confidence in the evidence of misbehavior.

Abstract: Logic may implement observation layer intrusion detection systems (IDSs) to combine observations by intrusion detectors and/or other intrusion detection systems. Logic may monitor one or more control units at one or more observation layers of an in-vehicle network, each of the one or more control units to perform a vehicle function. Logic may combine observations of the one or more control units at the one or more observation layers. Logic may determine, based on a combination of the observations, that one or more of the observations represent an intrusion. Logic may determine, based at least on the observations, characteristics of an attack, and to pass the characteristics of the attack information to a forensic logging system to log the attack or pass the characteristics of the attack to a recovery system for informed selection of recovery procedures. Logic may dynamically adjust a threshold for detection of suspicious activity.

Abstract: Various embodiments are generally directed to providing authentication and confidentiality mechanisms for message communication over an in-vehicle network. For example, authentication data associated with a communicating node may be transmitted over the network by encoding different predefined voltage levels on top of the message bits of the message being communicated. Different voltage levels may represent different encodings, such as a bit-pair or any bit combination of the authentication data. In a further example, messaging confidentiality between at least two communicating nodes may be achieved by pseudo-randomly flipping, or scrambling, the dominant and recessive voltages of the entire message frame at the analog level based on a pseudo-random control bit sequence.

Abstract: Techniques for clock manager monitoring for time sensitive networks are described. An apparatus, comprises a clock circuitry to manage a clock for a device, a processing circuitry coupled to the clock circuitry, the processing circuitry to execute instructions to perform operations for a clock manager, the clock manager to receive messages with time information for a network and generate clock manager control information to adjust the clock to a network time for the network, and a detector coupled to the processing circuitry and the clock circuitry, the detector to receive the clock manager control information, generate model control information based on a clock model, compare the clock manager control information with the model control information to generate difference information, and determine whether to generate an alert based on the difference information. Other embodiments are described and claimed.

Abstract: Methods and apparatus relating to a physics-based approach for attack detection and/or localization in closed-loop controls for autonomous vehicles are described. In an embodiment, multiple state estimators are used to compute a set of residuals to detect, classify, and/or localize attacks. This allows for determination of an attacker's location and the kind of attack being perpetrated. Other embodiments are also disclosed and claimed.

Abstract: Systems, methods, computer-readable storage media, and apparatuses to provide active attack detection in autonomous vehicle networks. An apparatus may comprise a network interface and processing circuitry arranged to receive a first data frame from a first electronic control unit (ECU) via the network interface, determine a voltage fingerprint of the first data frame, compare the voltage fingerprint to a voltage feature of the first ECU, determine that the first data frame is an authentic message when the voltage fingerprint does match the voltage feature of the first ECU, and determine that the first data frame is a malicious message when the voltage fingerprint does not match the voltage feature of the first ECU. Other embodiments are described and claimed.

Abstract: Systems, methods, computer-readable storage media, and apparatuses to provide active attack detection in autonomous vehicle networks. An apparatus may comprise a plurality of electronic control units communicably coupled by a network, and logic, at least a portion of which is implemented in hardware, the logic to: receive an indication from a first electronic control unit (ECU) of the plurality of ECUs specifying to transmit a first data frame via the network, determine, based on a message identifier (ID) of the first ECU, whether a transmit window for the first ECU is open, and permit the first ECU to transmit the first data frame via the network based on a determination that the transmit window for the first ECU is open.

Abstract: A platform comprising numerous reconfigurable circuit components arranged to operate as primary and redundant circuits is provided. The platform further comprises security circuitry arranged to monitor the primary circuit for anomalies and reconfigurable circuit arranged to disconnect the primary circuit from a bus responsive to detection of an anomaly. Furthermore, the present disclosure provides for the quarantine, refurbishment and designation as redundant, the anomalous circuit.

Abstract: Systems, apparatus, methods, and techniques for reporting an attack or intrusion into an in-vehicle network are provided. The attack can be broadcast to connected vehicles over a vehicle-to-vehicle network. The broadcast can include an indication of a sub-system involved in the attack and can include a request for assistance in recovering from the attack. Connected vehicles can broadcast responses over the vehicle-to-vehicle network. The responses can include indications of data related to the compromised sub-system. The vehicle can receive the responses and can use the responses to recover from the attack, such as, estimate data.

Abstract: Systems, methods, computer program products, and apparatuses for low latency, fully reconfigurable hardware logic for ensemble classification methods, such as random forests. An apparatus may comprise circuitry for an interconnect and circuitry for a random forest implemented in hardware. The random forest comprising a plurality of decision trees connected via the interconnect, each decision tree comprising a plurality of nodes connected via the interconnect. A first decision tree of the plurality of decision trees comprising a first node of the plurality of nodes to: receive a plurality of elements of feature data via the interconnect, select a first element of feature data, of the plurality of elements of feature data, based on a configuration of the first node, and generate an output based on the first element of feature data, an operation, and a reference value, the operation and reference value specified in the configuration of the first node.

Abstract: Logic may implement observation layer intrusion detection systems (IDSs) to combine observations by intrusion detectors and/or other intrusion detection systems. Logic may monitor one or more control units at one or more observation layers of an in-vehicle network, each of the one or more control units to perform a vehicle function. Logic may combine observations of the one or more control units at the one or more observation layers. Logic may determine, based on a combination of the observations, that one or more of the observations represent an intrusion. Logic may determine, based at least on the observations, characteristics of an attack, and to pass the characteristics of the attack information to a forensic logging system to log the attack or pass the characteristics of the attack to a recovery system for informed selection of recovery procedures. Logic may dynamically adjust a threshold for detection of suspicious activity.

Abstract: A vehicle control system, including an in-vehicle bus and a plurality of electronic control units (ECUs) coupled to the in-vehicle bus, wherein at least one ECU of the plurality of ECUs is configured to: receive, at a respective at least one ECU of the plurality of ECUs, a message in a message stream on the in-vehicle bus; evaluate the message to determine at least one of a confidence value of the security classification, a significance value of the message, or a bounds check value of the message; and determine in real-time to allow or deny the message to the vehicle control system based on at least one of the significance value of the message, the bounds check value of the message, or the confidence value of the security classification of the message, to provide a sanitized message stream to the vehicle control system.

Abstract: Systems, methods, computer program products, and apparatuses for low latency, fully reconfigurable hardware logic for ensemble classification methods, such as random forests. An apparatus may comprise circuitry for an interconnect and circuitry for a random forest implemented in hardware. The random forest comprising a plurality of decision trees connected via the interconnect, each decision tree comprising a plurality of nodes connected via the interconnect. A first decision tree of the plurality of decision trees comprising a first node of the plurality of nodes to: receive a plurality of elements of feature data via the interconnect, select a first element of feature data, of the plurality of elements of feature data, based on a configuration of the first node, and generate an output based on the first element of feature data, an operation, and a reference value, the operation and reference value specified in the configuration of the first node.

Abstract: Systems, apparatus, methods, and techniques for an ego vehicle to respond to detecting misbehaving information from remote vehicles are provided. An ego vehicle, in addition to reporting misbehaving vehicles to a misbehavior authority via a vehicle-to-anything communication network, can, take additional actions based in part on how confident the ego vehicle is about the evidence of misbehavior. Where the confidence is high the ego vehicle can simply discard the misbehaving data and provide an alternative estimate for such data from alternative sources. Where the confidence is not high the ego vehicle can request assistance from neighboring vehicles and roadside units to provide independent estimates of the data to increase confidence in the evidence of misbehavior.

Abstract: A computing node to implement a management entity in a CP-based network. The node including processing circuitry configured to encode an inquiry message requesting information on CPS capabilities. Response messages are received from a set of sensing nodes of a plurality of sensing nodes in response to the inquiry message. The response messages include the information on the CPS capabilities of the set of sensing nodes. A notification message indicating selecting of a sensing node as a sensing coordinator is encoded for transmission. Sensed data received in a broadcast message from the sensing coordinator is decoded. The sensed data including data associated with one or more non-V2X capable sensing nodes.

Abstract: Techniques to secure a time sensitive network are described. An apparatus may establish a data stream between a first device and a second device in a network domain, the network domain includes a plurality of switching nodes, receive messages from the first device by the second device in the network domain, the messages to comprise time information to synchronize a first clock for the first device and a second clock for the second device to a network time for the network domain, update a correction field for a received message with a residence time and time delay value by the second device, determine whether the updated message is benign or malicious, update the correction field for the updated message with an inference time when the updated message is benign, and prevent relay of the updated message to other devices in the network domain when the updated message is malicious.

Abstract: Time recovery techniques are described. A method comprises receiving messages from the first device by the second device in the first network domain, the messages to comprise time information to synchronize a first clock for the first device and a second clock for the second device to a network time, determining the second clock is to recover the network time for the second device without new messages from the first device, retrieving a first set of timestamps previously stored for events in the first network domain using the network time from the second clock, retrieving a second set of timestamps previously stored for the events in the first network domain using a redundant time from a third clock, where the third clock is not synchronized with the first and second clocks, and recovering the network time using a regression model and the redundant time from the third clock.

Abstract: Systems, apparatus, methods, and techniques for reporting an attack or intrusion into an in-vehicle network are provided. The attack can be broadcast to connected vehicles over a vehicle-to-vehicle network. The broadcast can include an indication of a sub-system involved in the attack and can include a request for assistance in recovering from the attack. Connected vehicles can broadcast responses over the vehicle-to-vehicle network. The responses can include indications of data related to the compromised sub-system. The vehicle can receive the responses and can use the responses to recover from the attack, such as, estimate data.

Abstract: A platform comprising numerous reconfigurable circuit components arranged to operate as primary and redundant circuits is provided. The platform further comprises security circuitry arranged to monitor the primary circuit for anomalies and reconfigurable circuit arranged to disconnect the primary circuit from a bus responsive to detection of an anomaly. Furthermore, the present disclosure provides for the quarantine, refurbishment and designation as redundant, the anomalous circuit.

Abstract: Methods and apparatus relating to a physics-based approach for attack detection and/or localization in closed-loop controls for autonomous vehicles are described. In an embodiment, multiple state estimators are used to compute a set of residuals to detect, classify, and/or localize attacks. This allows for determination of an attacker's location and the kind of attack being perpetrated. Other embodiments are also disclosed and claimed.