Abstract: A system and method for providing security to a network may include maintaining, by a processor, a model of an expected behavior of data communications over the in-vehicle communication network; receiving, by the processor, a message sent over the network; determining, by the processor, based on the model and based on a timing attribute of the message, whether or not the message complies with the model; and if the message does not comply with the model then performing, by the processor, at least one action related to the message.

Abstract: A method of identifying a node of a plurality of nodes in an in-vehicle communications network that transmitted a waveform propagating in the network, comprising providing a library of fingerprints having a unique library fingerprint for waveforms transmitted by each node and comparing a fingerprint generated for the propagating voltage waveform with library fingerprints to determine which node transmitted the waveform.

Abstract: A module for providing security to an in-vehicle communication network having a bus and at least one node connected to the bus, the module including: a memory having software including a model of an expected behavior of data communications over the portion of the in-vehicle communication network; and a processor that processes, responsive to the software in the memory, a plurality of messages registered from a portion of the in-vehicle network to: determine, based on the model and a context comprising attributes of the plurality of messages, whether or not at least one of the messages complies with the model; and if the at least one message does not comply with the model, then perform at least one action on the message.

Abstract: A cyber security module for providing security to an in-vehicle communication network having a bus, at least one node connected to the bus, and at least one communications device coupled to the in-vehicle communication network configured to interface the in-vehicle network with an external communication network, the cyber security module comprising: a communication port configured to receive a message from the communication device that the communication device generates based on a message that the communication device receives from the external communication network; at least one communication port coupled to the bus; an authentication module configured to authenticate whether or not the message originated from an authorized source; and a processor configured to operate to prevent content of the message from being operated on if the authentication module determines that the source of the message received by the communication device is not from an authorized source.

Abstract: Systems and methods for detection of attacks on a communication authentication layer of an in-vehicle network, including determining, by at least one network node, at least one attack attempt on the communication authentication layer of the in-vehicle network, wherein the determination is carried out by identifying anomalies in at least one of messages, data and metadata directed to the communication authentication layer, and selecting, by the at least one network node, a response corresponding to the determined attack attempt from at least one of modification of parameter values corresponding to a security protocol, a failsafe response, and rejection of messages identified as anomalies.

Abstract: Systems and methods for detection of attacks on a communication authentication layer of an in-vehicle network, including determining, by at least one network node, at least one attack attempt on the communication authentication layer of the in-vehicle network, wherein the determination is carried out by identifying anomalies in at least one of messages, data and metadata directed to the communication authentication layer, and selecting, by the at least one network node, a response corresponding to the determined attack attempt from at least one of modification of parameter values corresponding to a security protocol, a failsafe response, and rejection of messages identified as anomalies.

Abstract: A module for providing security to an in-vehicle communication network having a bus and at least one node connected to the bus, the module comprising: a memory having software comprising data characterizing messages that the at least one node transmits to and/or receives via the bus; a communication port via which the module receives and transmits messages configured to be connected to a portion of the in-vehicle network; and a processor that is operable to: processes messages received via the port responsive to the software in the memory to control passage of messages through an on-board diagnostics (OBD) port between the in-vehicle network and an entity external to the vehicle.

Abstract: A method of monitoring communications propagating in an in-vehicle communications network of a vehicle, the method comprising: monitoring messages transmitted over at least a portion of the in-vehicle network; determining if the transmitted messages are indicative of a current data transfer session conducted over the in-vehicle network; comparing at least one feature of a message of the transmitted messages to at least one expected feature of a message comprised in a model of the data transfer session to determine whether or not the at least one feature of the transmitted message is expected; determining that the transmitted message is an anomalous message if the feature of the transmitted message is determined to be unexpected.

Abstract: A method of providing an alert of an occurrence of a hacker intrusion, the method comprising: detecting a hacker intrusion; and transmitting a concealed or camouflaged report of the hacker intrusion to provide an alert of the occurrence of the intrusion.

Abstract: An in-vehicle communication network comprising: a bus and at least one node connected to the bus; an in-vehicle network operating system (OS) that manages OS processes, a secondary memory in which process codes for the processes are stored, and a primary memory, into which the OS loads a copy of a process code of a process to enable a processor to run the process and execute the process code; and a module hosted in the OS and having a hook in at least one position of the OS that provides information to the module responsive to operation of the OS that the module processes in accordance with executable instructions that the module comprises to determine if the in-vehicle OS is operating properly.

Abstract: A system and method for providing security to a network may include maintaining, by a processor, a model of an expected behavior of data communications over the in-vehicle communication network; receiving, by the processor, a message sent over the network; determining, by the processor, based on the model and based on a timing attribute of the message, whether or not the message complies with the model; and if the message does not comply with the model then performing, by the processor, at least one action related to the message.

Abstract: An in-vehicle communication network comprising a bus and at least one node connected to the bus; an in-vehicle network operating system (OS) that manages OS processes, to enable a processor to run the processes and execute their respective process codes; and a module hosted in the OS that is configured to monitor the OS and vet a process that the OS enables for running by a processor to determine if the process is potentially damaging.

Abstract: A system for providing security to an in-vehicle communication network, the system comprising: a data monitoring and processing hub external to the in-vehicle network, the in-vehicle network having a bus and at least one node connected to the bus; a module configured to monitor messages in communication traffic propagating in the in-vehicle network, the module comprising: at least one communication port via which the module receives and transmits messages; a memory having data characterizing messages that the at least one node transmits and receives during normal operation of the node, and software executable to: identify, responsive to the data characterizing messages, an anomaly in communications over the in-vehicle communication network; and instruct a communication interface, configured to support communication with the hub, to transmit monitoring data responsive to identifying the anomaly to the hub for processing; and a processor configured to execute the software in the memory.

Abstract: A module for providing security to an in-vehicle communication network having a bus and at least one node connected to the bus, the module including: a memory having software including a model of an expected behavior of data communications over the portion of the in-vehicle communication network; and a processor that processes, responsive to the software in the memory, a plurality of messages registered from a portion of the in-vehicle network to: determine, based on the model and a context comprising attributes of the plurality of messages, whether or not at least one of the messages complies with the model; and if the at least one message does not comply with the model, then perform at least one action on the message.

Abstract: A system and method for providing fleet cyber-security comprising may include collecting, by a plurality of data collection units installed in a respective plurality of vehicles in the fleet, information related to cyber security and including the information in reports to a server. Data in reports may be aggregated, by the server. A cyber-attack may be identified based on aggregated data.

Abstract: A module for providing security to an in-vehicle communication network having a bus and at least one node connected to the bus, the module comprising: a communication port via which the module receives and transmits messages, the port being configured to be connected to a portion of the in-vehicle network; and a processor that processes, messages received via the port from the portion of the in-vehicle network to classify a received message as to whether or not it is an anomalous message and if the message is classified as anomalous determine an appropriate response.

Abstract: A system and method securing an in-vehicle network in a vehicle may include a switch connected to at least two segments of the in-vehicle network and an IDPS connected to the switch. The IDPS unit may be adapted to: receive network messages from the switch; determine at least some of the network messages are related to a cyber threat and configure the switch according to the cyber threat. The IDPS unit may be included in the switch.

Abstract: A method of identifying a node of a plurality of nodes in an in-vehicle communications network that transmitted a waveform propagating in the network, comprising comparing a fingerprint generated for the propagating voltage waveform with a library having library fingerprints that are unique for waveforms transmitted by each node to determine which node transmitted the waveform.

Abstract: A method of determining if a vehicle's performance has been modified, the method comprising: acquiring operational data comprised in communications signals transmitted over a vehicle's in-vehicle network during operation of the vehicle; processing the operational data to determine an operational profile for the vehicle that characterizes actual operation of the vehicle; and determining based on the operational profile if the vehicle performance has undergone modification.

Abstract: A method of monitoring communications propagating in an in-vehicle communications network of a vehicle, the method comprising: monitoring messages transmitted over at least a portion of the in-vehicle network; determining if the transmitted messages are indicative of a current data transfer session conducted over the in-vehicle network; comparing at least one feature of a message of the transmitted messages to at least one expected feature of a message comprised in a model of the data transfer session to determine whether or not the at least one feature of the transmitted message is expected; determining that the transmitted message is an anomalous message if the feature of the transmitted message is determined to be unexpected.