Abstract: Systems, apparatuses, and methods to mitigate effects of glitch attacks on a broadcast communication bus are provided. The voltage levels of the communication bus are repeatedly sampled to identify glitch attacks. The voltage level on the communication bus can be overdriven or overwritten to either corrupt received messages or correct received messages.

Abstract: Systems, apparatuses, and methods to establish a mapping between message identifications for messages transmitted on a communication bus and electronic control units transmitting the messages is provided. In particular, retransmission of a low priority message onto the bus is forced such that the retransmitted low priority message overlaps with a higher priority message to determine whether the messages originated from the same ECU.

Abstract: Systems, apparatuses, and methods to establish ground truth for an intrusion detection system using machine learning models to identify an electronic control unit transmitting a message on a communication bus, such as an in-vehicle network bus, are provided. Voltage signatures for overlapping message identification (MID) numbers are collapsed and trained on a single ECU label.

Abstract: A platform comprising numerous reconfigurable circuit components arranged to operate as primary and redundant circuits is provided. The platform further comprises security circuitry arranged to monitor the primary circuit for anomalies and reconfigurable circuit arranged to disconnect the primary circuit from a bus responsive to detection of an anomaly. Furthermore, the present disclosure provides for the quarantine, refurbishment and designation as redundant, the anomalous circuit.

Abstract: Systems, apparatuses, and methods to identify an electronic control unit transmitting a message on a communication bus, such as an in-vehicle network bus, are provided. ECUs transmit messages by manipulating voltage on conductive lines of the bus. Observation circuitry can observe voltage signals associated with the transmission at a point on the in-vehicle network bus. A distribution can be generated from densities of the voltage signals. ECUs can be identified and/or fingerprinted based on the distributions.

Abstract: Systems, methods, computer-readable storage media, and apparatuses to provide active attack detection in autonomous vehicle networks. An apparatus may comprise a network interface and processing circuitry arranged to receive a first data frame from a first electronic control unit (ECU) via the network interface, determine a voltage fingerprint of the first data frame, compare the voltage fingerprint to a voltage feature of the first ECU, determine that the first data frame is an authentic message when the voltage fingerprint does match the voltage feature of the first ECU, and determine that the first data frame is a malicious message when the voltage fingerprint does not match the voltage feature of the first ECU. Other embodiments are described and claimed.

Abstract: Systems, apparatuses, and methods to identify an electronic control unit transmitting a message on a communication bus, such as an in-vehicle network bus, are provided. ECUs transmit messages by manipulating voltage on conductive lines of the bus. Observation circuitry can observe voltage signals associated with the transmission at a point on the in-vehicle network bus. A distribution can be generated from densities of the voltage signals. ECUs can be identified and/or fingerprinted based on the distributions.

Abstract: Techniques and screening messages based on tags in an automotive environment, such as, messages communicated via a communication bus, like the CAN bus. Messages can be tagged with either a binary or probabilistic tag indicating whether the message is fraudulent. ECUs coupled to the CAN bus can receive the messages and the message tags and can determine whether to fully consume the message based on the tag.

Abstract: Systems, apparatuses, and methods to accelerate classification of malicious activity by an intrusion detection system are provided. An intrusion detection system can speculate on classification of labels in a random forest model based on temporary and incomplete set of features. Additionally, an intrusion detection system can classify malicious context based on a set of committed nodes in the random forest model.

Abstract: Techniques and screening messages based on tags in an automotive environment, such as, messages communicated via a communication bus, like the CAN bus. Messages can be tagged with either a binary or probabilistic tag indicating whether the message is fraudulent. ECUs coupled to the CAN bus can receive the messages and the message tags and can determine whether to fully consume the message based on the tag.

Abstract: Methods and apparatus relating to a physics-based approach for attack detection and/or localization in closed-loop controls for autonomous vehicles are described. In an embodiment, multiple state estimators are used to compute a set of residuals to detect, classify, and/or localize attacks. This allows for determination of an attacker's location and the kind of attack being perpetrated. Other embodiments are also disclosed and claimed.

Abstract: Techniques for clock manager monitoring for time sensitive networks are described. An apparatus, comprises a clock circuitry to manage a clock for a device, a processing circuitry coupled to the clock circuitry, the processing circuitry to execute instructions to perform operations for a clock manager, the clock manager to receive messages with time information for a network and generate clock manager control information to adjust the clock to a network time for the network, and a detector coupled to the processing circuitry and the clock circuitry, the detector to receive the clock manager control information, generate model control information based on a clock model, compare the clock manager control information with the model control information to generate difference information, and determine whether to generate an alert based on the difference information. Other embodiments are described and claimed.

Abstract: Systems, methods, computer-readable storage media, and apparatuses to provide active attack detection in autonomous vehicle networks. An apparatus may comprise a network interface and processing circuitry arranged to receive a first data frame from a first electronic control unit (ECU) via the network interface, determine a voltage fingerprint of the first data frame, compare the voltage fingerprint to a voltage feature of the first ECU, determine that the first data frame is an authentic message when the voltage fingerprint does match the voltage feature of the first ECU, and determine that the first data frame is a malicious message when the voltage fingerprint does not match the voltage feature of the first ECU. Other embodiments are described and claimed.

Abstract: Systems, methods, computer-readable storage media, and apparatuses to provide active attack detection in autonomous vehicle networks. An apparatus may comprise a plurality of electronic control units communicably coupled by a network, and logic, at least a portion of which is implemented in hardware, the logic to: receive an indication from a first electronic control unit (ECU) of the plurality of ECUs specifying to transmit a first data frame via the network, determine, based on a message identifier (ID) of the first ECU, whether a transmit window for the first ECU is open, and permit the first ECU to transmit the first data frame via the network based on a determination that the transmit window for the first ECU is open.

Abstract: A platform comprising numerous reconfigurable circuit components arranged to operate as primary and redundant circuits is provided. The platform further comprises security circuitry arranged to monitor the primary circuit for anomalies and reconfigurable circuit arranged to disconnect the primary circuit from a bus responsive to detection of an anomaly. Furthermore, the present disclosure provides for the quarantine, refurbishment and designation as redundant, the anomalous circuit.

Abstract: A vehicle control system, including an in-vehicle bus and a plurality of electronic control units (ECUs) coupled to the in-vehicle bus, wherein at least one ECU of the plurality of ECUs is configured to: receive, at a respective at least one ECU of the plurality of ECUs, a message in a message stream on the in-vehicle bus; evaluate the message to determine at least one of a confidence value of the security classification, a significance value of the message, or a bounds check value of the message; and determine in real-time to allow or deny the message to the vehicle control system based on at least one of the significance value of the message, the bounds check value of the message, or the confidence value of the security classification of the message, to provide a sanitized message stream to the vehicle control system.

Abstract: A computing node to implement a management entity in a CP-based network. The node including processing circuitry configured to encode an inquiry message requesting information on CPS capabilities. Response messages are received from a set of sensing nodes of a plurality of sensing nodes in response to the inquiry message. The response messages include the information on the CPS capabilities of the set of sensing nodes. A notification message indicating selecting of a sensing node as a sensing coordinator is encoded for transmission. Sensed data received in a broadcast message from the sensing coordinator is decoded. The sensed data including data associated with one or more non-V2X capable sensing nodes.

Abstract: Techniques to secure a time sensitive network are described. An apparatus may establish a data stream between a first device and a second device in a network domain, the network domain includes a plurality of switching nodes, receive messages from the first device by the second device in the network domain, the messages to comprise time information to synchronize a first clock for the first device and a second clock for the second device to a network time for the network domain, update a correction field for a received message with a residence time and time delay value by the second device, determine whether the updated message is benign or malicious, update the correction field for the updated message with an inference time when the updated message is benign, and prevent relay of the updated message to other devices in the network domain when the updated message is malicious.

Abstract: Time recovery techniques are described. A method comprises receiving messages from the first device by the second device in the first network domain, the messages to comprise time information to synchronize a first clock for the first device and a second clock for the second device to a network time, determining the second clock is to recover the network time for the second device without new messages from the first device, retrieving a first set of timestamps previously stored for events in the first network domain using the network time from the second clock, retrieving a second set of timestamps previously stored for the events in the first network domain using a redundant time from a third clock, where the third clock is not synchronized with the first and second clocks, and recovering the network time using a regression model and the redundant time from the third clock.

Abstract: A platform comprising numerous reconfigurable circuit components arranged to operate as primary and redundant circuits is provided. The platform further comprises security circuitry arranged to monitor the primary circuit for anomalies and reconfigurable circuit arranged to disconnect the primary circuit from a bus responsive to detection of an anomaly. Furthermore, the present disclosure provides for the quarantine, refurbishment and designation as redundant, the anomalous circuit.