Abstract: Techniques to perform time recovery from attacks on delayed authentication in a time synchronized network are described. One embodiment comprises a method for decoding time information and a message authentication code (MAC) from a time message, the time information to synchronize a local clock for a device to a network time of a time synchronized network (TSN), and the MAC to authenticate the time message, determining whether the time message is authentic using the MAC, discarding the time information when the time message is not authentic, performing a bounded search to identify authentic time information using the MAC, and passing the authentic time information to a clock manager to synchronize the local clock to the network time of the TSN when the authentic time information is identified. Other embodiments are described and claimed.

Abstract: Techniques include a method, apparatus, system and computer-readable medium to detect, quantify and localize attacks to enhance security for time-synchronized networking. Embodiments include a diagnostic stream producer to produce diagnostic information providing evidence of a timing attack on a node of a time-synchronized network. Embodiments include a diagnostic stream consumer to consume diagnostic information, analyze the diagnostic information, and determine whether a node is under a timing attack. Other embodiments are described and claimed.

Abstract: Techniques for an attack-aware digital twin in a time sensitive network are described. A method includes receiving time information for a network by an attack-aware digital twin (AADT), the AADT to simulate operations of a clock manager for a node in the network based on models of the clock manager, generating model clock control information to adjust a clock to a network time for the network, the model clock control information to contain a malicious time sample introduced by a time desynchronization attack in the network, and removing the malicious time sample from the model clock control information to adjust the clock to the network time for the network. Other embodiments are described and claimed.

Abstract: Techniques include a method, apparatus, system and computer-readable medium to detect, quantify and localize attacks to enhance security for time-synchronized networking. Embodiments include a diagnostic stream producer to produce diagnostic information providing evidence of a timing attack on a node of a time-synchronized network. Embodiments include a diagnostic stream consumer to consume diagnostic information, analyze the diagnostic information, and determine whether a node is under a timing attack. Other embodiments are described and claimed.

Abstract: Systems, apparatuses, and methods to attest to and verify the integrity of cargo during transport by an autonomous vehicle are provided. An autonomous vehicle can discretize parameters associated with transportation of cargo and can generate a keyed hash digest from the discretized parameters. The keyed hash digest can be sent to a stakeholder in the transportation of the cargo to attest to the integrity of the cargo during transport.

Abstract: Techniques include a method, apparatus, system and computer-readable medium to detect, quantify and localize attacks to enhance security for time-synchronized networking. Embodiments include a diagnostic stream producer to produce diagnostic information providing evidence of a timing attack on a node of a time-synchronized network. Embodiments include a diagnostic stream consumer to consume diagnostic information, analyze the diagnostic information, and determine whether a node is under a timing attack. Other embodiments are described and claimed.

Abstract: Techniques include a method, apparatus, system and computer-readable medium to detect, quantify and localize attacks to enhance security for time-synchronized networking. Embodiments include a diagnostic stream producer to produce diagnostic information providing evidence of a timing attack on a node of a time-synchronized network. Embodiments include a diagnostic stream consumer to consume diagnostic information, analyze the diagnostic information, and determine whether a node is under a timing attack. Other embodiments are described and claimed.

Abstract: Systems, apparatuses, and methods to identify bus-off and masquerade attacks against electronic control units (ECUs) transmitting on a communication bus from behind a gateway coupled to the communication bus are described. The disclosure further describes systems, apparatuses, and methods to mitigate against bus-off attacks made against an ECU coupled to a communication bus through a gateway. Other embodiments are described and claimed.

Abstract: Systems, apparatuses, and methods to establish ground truth for an intrusion detection system in the presence of an attacker electronic control unit transmitting masqueraded messages on a communication bus, such as an in-vehicle network bus, are provided.

Abstract: Systems and techniques for malicious request detection in automated resource dispatch are described herein. A request for a resource may be received from a user device. A location may be obtained for delivery of the resource. Sensor data may be retrieved for the location. The sensor data and user profile data may be evaluated to determine if the request is malicious. A disincentivizing message may be generated based on the determination that the request is malicious. In response to receipt of a response to the disincentivizing message, a resource may be dispatched to the location.

Abstract: Methods and apparatus relating to a physics-based approach for attack detection and/or localization in closed-loop controls for autonomous vehicles are described. In an embodiment, multiple state estimators are used to compute a set of residuals to detect, classify, and/or localize attacks. This allows for determination of an attacker's location and the kind of attack being perpetrated. Other embodiments are also disclosed and claimed.

Abstract: Systems and methods to detect attacks on the clocks of devices in time sensitive networks are described. Particularly, the disclosed systems and methods provide detection and mitigation of timing synchronization attacks based on pseudo-random numbers generated and used to select and authenticate timing of transmission of messages in protected transmission windows.

Abstract: Time recovery techniques are described. A method comprises receiving messages from the first device by the second device in the first network domain, the messages to comprise time information to synchronize a first clock for the first device and a second clock for the second device to a network time, determining the second clock is to recover the network time for the second device without new messages from the first device, retrieving a first set of timestamps previously stored for events in the first network domain using the network time from the second clock, retrieving a second set of timestamps previously stored for the events in the first network domain using a redundant time from a third clock, where the third clock is not synchronized with the first and second clocks, and recovering the network time using a regression model and the redundant time from the third clock.

Abstract: Systems, apparatuses, and methods to identify an electronic control unit transmitting a message on a communication bus, such as an in-vehicle network bus, are provided. ECUs transmit messages by manipulating voltage on conductive lines of the bus. Observation circuitry can observe voltage signals associated with the transmission at a point on the in-vehicle network bus. A distribution can be generated from densities of the voltage signals. ECUs can be identified and/or fingerprinted based on the distributions.

Abstract: Techniques to secure a time sensitive network are described. An apparatus may establish a data stream between a first device and a second device in a network domain, the network domain includes a plurality of switching nodes, receive messages from the first device by the second device in the network domain, the messages to comprise time information to synchronize a first clock for the first device and a second clock for the second device to a network time for the network domain, update a correction field for a received message with a residence time and time delay value by the second device, determine whether the updated message is benign or malicious, update the correction field for the updated message with an inference time when the updated message is benign, and prevent relay of the updated message to other devices in the network domain when the updated message is malicious.

Abstract: Systems and methods to detect attacks on the clocks of devices. In time sensitive networks are described. Particularly, the disclosed systems and methods provide detection and mitigation of timing synchronization attacks based on key performance indicators related to the protecting transmission windows in data streams of the time sensitive networks.

Abstract: Techniques include a method, apparatus, system and computer-readable medium to detect, quantify and localize attacks to enhance security for time-synchronized networking. Embodiments include a diagnostic stream producer to produce diagnostic information providing evidence of a timing attack on a node of a time-synchronized network. Embodiments include a diagnostic stream consumer to consume diagnostic information, analyze the diagnostic information, and determine whether a node is under a timing attack. Other embodiments are described and claimed.

Abstract: Systems, apparatuses, and methods to response to distinguish a ghost target from an actual target based on radar signals is provided. In particular, the disclosure provides an intrusion detection system adapted to receive radar signals and distinguish a potential ghost target from a legitimate target based on a signal to noise ratio of the radar signals and a range to the ghost target and the legitimate target.

Abstract: Systems, apparatuses, and methods to identify an electronic control unit transmitting a message on a communication bus, such as an in-vehicle network bus, are provided. ECUs transmit messages by manipulating voltage on conductive lines of the bus. Observation circuitry can observe voltage transitions associated with the transmission at a point on the in-vehicle network bus. A domain bitmap can be generated from the observed voltage transitions. ECUs can be identified and/or fingerprinted based on the domain bitmaps.

Abstract: Techniques and screening messages based on tags in an automotive environment, such as, messages communicated via a communication bus, like the CAN bus. Messages can be tagged with either a binary or probabilistic tag indicating whether the message is fraudulent. ECUs coupled to the CAN bus can receive the messages and the message tags and can determine whether to fully consume the message based on the tag.