Abstract: Systems, apparatuses, and methods to identify an electronic control unit transmitting a message on a communication bus, such as an in-vehicle network bus, are provided. ECUs transmit messages by manipulating voltage on conductive lines of the bus. Observation circuitry can observe voltage transitions associated with the transmission at a point on the in-vehicle network bus. A domain bitmap can be generated from the observed voltage transitions. ECUs can be identified and/or fingerprinted based on the domain bitmaps.

Abstract: Systems, apparatuses, and methods to attest to and verify the integrity of cargo during transport by an autonomous vehicle are provided. An autonomous vehicle can discretize parameters associated with transportation of cargo and can generate a keyed hash digest from the discretized parameters. The keyed hash digest can be sent to a stakeholder in the transportation of the cargo to attest to the integrity of the cargo during transport.

Abstract: Systems, apparatuses, and methods to identify an electronic control unit transmitting a message on a communication bus, such as an in-vehicle network bus, are provided. ECUs transmit messages by manipulating voltage on conductive lines of the bus. Observation circuitry can observe voltage signals associated with the transmission at a point on the in-vehicle network bus. A distribution can be generated from densities of the voltage signals. ECUs can be identified and/or fingerprinted based on the distributions.

Abstract: A vehicle control system, including an in-vehicle bus and a plurality of electronic control units (ECUs) coupled to the in-vehicle bus, wherein at least one ECU of the plurality of ECUs is configured to: receive, at a respective at least one ECU of the plurality of ECUs, a message in a message stream on the in-vehicle bus; evaluate the message to determine at least one of a confidence value of the security classification, a significance value of the message, or a bounds check value of the message; and determine in real-time to allow or deny the message to the vehicle control system based on at least one of the significance value of the message, the bounds check value of the message, or the confidence value of the security classification of the message, to provide a sanitized message stream to the vehicle control system.

Abstract: Various embodiments are generally directed to techniques for providing improved privacy protection against vehicle tracking for connected vehicles of a vehicular network. For example, at least one road side unit may: identify a set of vehicles that require pseudonym changes and send an invitation for a pseudonym change event to each of the vehicles, determine at least a total number of the acceptances, determine whether the total number meets or exceeds a predetermined threshold number, send acknowledgement messages to the accepting vehicles if the threshold number is met, and form a vehicle group to coordinate the pseudonym change event during a privacy period. During the privacy period, the RSU and the vehicles may communicate with each other in a confidential and private manner via key-session-based unicast transmission, and coordinate transmission power and vehicle trajectory adjustments to maximize the benefits for safety and obfuscation for privacy.

Abstract: Logic may implement observation layer intrusion detection systems (IDSs) to combine observations by intrusion detectors and/or other intrusion detection systems. Logic may monitor one or more control units at one or more observation layers of an in-vehicle network, each of the one or more control units to perform a vehicle function. Logic may combine observations of the one or more control units at the one or more observation layers. Logic may determine, based on a combination of the observations, that one or more of the observations represent an intrusion. Logic may determine, based at least on the observations, characteristics of an attack, and to pass the characteristics of the attack information to a forensic logging system to log the attack or pass the characteristics of the attack to a recovery system for informed selection of recovery procedures. Logic may dynamically adjust a threshold for detection of suspicious activity.

Abstract: Systems, apparatus, methods, and techniques for an ego vehicle to respond to detecting misbehaving information from remote vehicles are provided. An ego vehicle, in addition to reporting misbehaving vehicles to a misbehavior authority via a vehicle-to-anything communication network, can, take additional actions based in part on how confident the ego vehicle is about the evidence of misbehavior. Where the confidence is high the ego vehicle can simply discard the misbehaving data and provide an alternative estimate for such data from alternative sources. Where the confidence is not high the ego vehicle can request assistance from neighboring vehicles and roadside units to provide independent estimates of the data to increase confidence in the evidence of misbehavior.

Abstract: Logic may reduce the latency and increase the confidence in message time series (MTS) intrusion detection systems (IDSs). Logic may capture traffic on an in-vehicle network bus during a first traffic window. Logic may filter the traffic within the first traffic window to determine more than one observation window, wherein the more than observation window comprises at least a first observation window and a second observation window. Logic may evaluate the more than one observation window to determine a first output based on a first observation window and a second output based on a second observation window, the first and second outputs to indicate if an intrusion is detected. Logic may determine, based on a combination of the outputs, that the traffic during the first traffic window comprises an intrusion. Logic may output an indication of the intrusion.

Abstract: Systems, apparatus, methods, and techniques for functional safe execution of encryption operations are provided. A fault tolerant counter and a complementary pair of encryption flows are provided. The fault tolerant counter may be based on a gray code counter and a hamming distance checker. The complementary pair of encryption flows have different implementations. The output from the complementary pair of encryption flows can be compared, and where different, errors generated.

Abstract: Systems, methods, computer-readable storage media, and apparatuses to provide active attack detection in autonomous vehicle networks. An apparatus may comprise a plurality of electronic control units communicably coupled by a network, and logic, at least a portion of which is implemented in hardware, the logic to: receive an indication from a first electronic control unit (ECU) of the plurality of ECUs specifying to transmit a first data frame via the network, determine, based on a message identifier (ID) of the first ECU, whether a transmit window for the first ECU is open, and permit the first ECU to transmit the first data frame via the network based on a determination that the transmit window for the first ECU is open.

Abstract: Systems, methods, computer program products, and apparatuses for low latency, fully reconfigurable hardware logic for ensemble classification methods, such as random forests. An apparatus may comprise circuitry for an interconnect and circuitry for a random forest implemented in hardware. The random forest comprising a plurality of decision trees connected via the interconnect, each decision tree comprising a plurality of nodes connected via the interconnect. A first decision tree of the plurality of decision trees comprising a first node of the plurality of nodes to: receive a plurality of elements of feature data via the interconnect, select a first element of feature data, of the plurality of elements of feature data, based on a configuration of the first node, and generate an output based on the first element of feature data, an operation, and a reference value, the operation and reference value specified in the configuration of the first node.

Abstract: Systems, apparatuses, and methods to identify an electronic control unit transmitting a message on a communication bus, such as an in-vehicle network bus, are provided. ECUs transmit messages by manipulating voltage on conductive lines of the bus. Observation circuitry can observe voltage transitions associated with the transmission at multiple points on the in-vehicle network bus. A voltage waveform can be generated from the observed voltage transitions. ECUs can be identified and/or fingerprinted based on the generated waveforms.

Abstract: Systems, apparatus, methods, and techniques for reporting an attack or intrusion into an in-vehicle network are provided. The attack can be broadcast to connected vehicles over a vehicle-to-vehicle network. The broadcast can include an indication of a sub-system involved in the attack and can include a request for assistance in recovering from the attack. Connected vehicles can broadcast responses over the vehicle-to-vehicle network. The responses can include indications of data related to the compromised sub-system. The vehicle can receive the responses and can use the responses to recover from the attack, such as, estimate data.

Abstract: Various embodiments are generally directed to providing authentication and confidentiality mechanisms for message communication over an in-vehicle network. For example, authentication data associated with a communicating node may be transmitted over the network by encoding different predefined voltage levels on top of the message bits of the message being communicated. Different voltage levels may represent different encodings, such as a bit-pair or any bit combination of the authentication data. In a further example, messaging confidentiality between at least two communicating nodes may be achieved by pseudo-randomly flipping, or scrambling, the dominant and recessive voltages of the entire message frame at the analog level based on a pseudo-random control bit sequence.

Abstract: Techniques and screening messages based on tags in an automotive environment, such as, messages communicated via a communication bus, like the CAN bus. Messages can be tagged with either a binary or probabilistic tag indicating whether the message is fraudulent. ECUs coupled to the CAN bus can receive the messages and the message tags and can determine whether to fully consume the message based on the tag.

Abstract: Systems, apparatuses, and techniques for establishing “ground truth” are provided. Particularly, establishing ground truth for electronic control units on a communication network after a context change has occurred are provided. Circuitry and instructions to generate unique feature sets from messages (e.g., transmitted by ECUs after a context change) and to match the unique feature sets to unique feature sets from ECU fingerprints to establish ground truth for the ECUs after the context shift.

Abstract: Various systems and methods for bus-off attack detection are described herein. An electronic device for bus-off attack detection and prevention includes bus-off prevention circuitry coupled to a protected node on a bus, the bus-off prevention circuitry to: detect a transmitted message from the protected node to the bus; detect a bit mismatch of the transmitted message on the bus; suspend further transmissions from the protected node while the bus is analyzed; determine whether the bit mismatch represents a bus fault or an active attack against the protected node; and signal the protected node indicating whether a fault has occurred.

Abstract: Methods, apparatus, systems and articles of manufacture are disclosed for anomaly detection and recovery. An apparatus to isolate a first controller in an autonomous vehicle includes a first controller to control a reference signal of the autonomous vehicle via a communication bus, a second controller to control the reference signal of the autonomous vehicle when the first controller is compromised, and a message neutralizer to neutralize messages transmitted by the first controller when the first controller is compromised, the neutralized messages to cause the first controller to become isolated from the communication bus.

Abstract: A data processing system that provides for active prevention of masquerading attacks comprises a microcontroller, a transceiver, and an active attack prevention module (AAPM) in communication with the microcontroller and the transceiver. The microcontroller enables the data processing system to operate as a node in a vehicle control system (VCS). The transceiver enables the node to communicate with a local area network (LAN) of the VCS. The AAPM enables the node to monitor the LAN for messages. In response to detecting a message on the LAN, the AAPM automatically determines whether the message falsely identifies the node as a source, based on a value in an identifier field in the message. In response to determining that the message falsely identifies the node as the source, the AAPM automatically takes at least one remedial action to neutralize the message. Other embodiments are described and claimed.

Abstract: In an automated method for providing driving assistance, an electronic control unit (ECU) of a first driving assistance system of a first vehicle receives local object information from at least one sensing component of the first driving assistance system. The first driving assistance system automatically detects external objects outside of the first vehicle, based on the local object information received from the at least one sensing component. The first driving assistance system also receives a reported object list (ROL) from a second vehicle, wherein the ROL describes objects detected by a second driving assistance system in the second vehicle. The first driving assistance system also affects operation of the first vehicle, based on (a) the external objects detected by the first vehicle and (b) the ROL from the second vehicle. Other embodiments are described and claimed.