Security and Privacy in Cyber-Physical Systems and Smart Vehicles

Voice assistant platforms have revolutionized user interactions with connected vehicles, providing the convenience of controlling them through simple voice commands. However, this innovation also brings about significant cyber-risks to voice-controlled vehicles. This paper presents a novel attack that showcases the ability of a “malicious” skill, utilizing the skill ranking system on the Alexa platform, to hijack voice commands originally intended for a benign third-party connected vehicle skill. Through our evaluation, we demonstrate the effectiveness of this attack by successfully hijacking commonly used commands in commercial connected vehicle skills.

With increasing development of connected and autonomous vehicles, the risk of cyber threats on them is also increasing. Compared to traditional computer systems, a CAV attack is more critical, as it does not only threaten confidential data or system access, but may endanger the lives of drivers and passengers. To control a vehicle, the attacker may inject malicious control messages into the vehicle’s controller area network. To make this attack persistent, the most reliable method is to inject malicious code into an electronic control unit’s firmware. This allows the attacker to inject CAN messages and exhibit significant control over the vehicle, posing a safety threat to anyone in proximity.

In this work, we have designed a defensive framework which allows restoring compromised ECU firmware in real time. Our framework combines existing intrusion detection methods with a firmware recovery mechanism using trusted hardware components equipped in ECUs. Especially, the firmware restoration utilizes the existing FTL in the flash storage device. This process is highly efficient by minimizing the necessary restored information. Further, the recovery is managed via a trusted application running in TrustZone secure world. Both the FTL and TrustZone are secure when the ECU firmware is compromised. Steganography is used to hide communications during recovery. We have implemented and evaluated our prototype implementation in a testbed simulating the real-world in-vehicle scenario.

Application fingerprinting is a technique broadly utilized in diverse fields such as cybersecurity, network management, and software development. We discover that the mechanical vibrations of cooling fans for both the CPU and power supply unit (PSU) in a system strongly correlate with the computational activities of running applications. In this study, we measure such vibrations with the help of mmWave sensing and design a new application fingerprinting approach named mmFingerprint. We create a prototype of mmFingerprint and demonstrate its effectiveness in distinguishing between various applications. To showcase the use of mmFingerprint in cybersecurity for defensive purposes, we deploy it in a real computer system to detect the execution of reputable Rowhammer attack tools like TRRespass and Blacksmith. We find that the detection can reach a very high accuracy in practical scenarios. Specifically, the accuracy is 89% when exploiting CPU fan vibrations and nearly 100% when leveraging PSU fan vibrations.

Inertial sensors are widely used in navigation, motion tracking, and gesture recognition systems. However, these sensors are vulnerable to spoofing attacks, where an attacker injects a carefully designed acoustic signal to trick the sensor readings. Traditional approaches to detecting and mitigating attacks rely on module redundancy, i.e., adding multiple sensor modules to increase robustness. However, this approach is not always feasible due to the limited space and increased complexity of current printed circuit boards.

This paper proposes a new method, ADC-Bank, to detect inertial sensor spoofing attacks via acoustic out-of-band signals. Unlike other multiple-sensor-based solutions, it is based on component redundancy within one sensor, using multiple analog-to-digital converters (ADCs) with different sampling rates to simultaneously sample the output of the sensors. The different sample rates result in different aliasing frequencies for out-of-band signals that can be used to detect attacks. The proposed method is evaluated on off-the-shelf inertial sensors with commercial ADCs, demonstrating its ability to detect the attacking signals with relatively low cost and computation overhead.

As the technology of autonomous vehicles advances, the importance of automatic path planning also grows significantly. This leads to the exploration of diverse algorithms and learning-based techniques. While most methods safely and efficiently navigate vehicles to their destinations, the comfort of a journey is often overlooked. To address the issue, this paper focuses on a path planning algorithm that integrates the hybrid A* path planner [2] and the Frenet Frame trajectory generator [8]. We evaluate the performance of the proposed algorithm in terms of travel efficiency and passenger comfort. The experimental results demonstrate that the proposed algorithm better trades off travel efficiency and passenger comfort, compared with the pure Frenet Frame trajectory generator. The results also provide an insight that input preprocessing, even if it is a simple one, can affect Frenet Frame trajectory generator significantly, and it is worth future exploration.

Network security remains a pressing concern in the digital era, with the rapid advancement of technology opening up new avenues for cyber threats. One emergent solution lies in the application of large language models (LLMs), like OpenAI’s ChatGPT, which harness the power of artificial intelligence for enhanced security measures. As the proliferation of connected devices and systems increases, the potential for Distributed Denial of Service (DDoS) attacks—a prime example of network security threats—grows as well. This article explores the potential of LLMs in bolstering network security, specifically in detecting DDoS attacks. This paper investigates the aptitude of large language models (LLMs), such as OpenAI’s ChatGPT variants (GPT-3.5, GPT-4, and Ada), in enhancing DDoS detection capabilities. We contrasted the efficacy of LLMs against traditional neural networks using two datasets: CICIDS 2017 and the more intricate Urban IoT Dataset. Our findings indicate that LLMs, when applied in a few-shot learning context or through fine-tuning, can not only detect potential DDoS threats with significant accuracy but also elucidate their reasoning. Specifically, fine-tuning achieved an accuracy of approximately 95% on the CICIDS 2017 dataset and close to 96% on the Urban IoT Dataset for aggressive DDoS attacks. These results surpass those of a multi-layer perceptron (MLP) trained with analogous data.

Unmanned Aerial Vehicles (UAVs) have become indispensable components in the modern Internet of Things (IoT) ecosystem and are increasingly popular for various applications, including delivery, transporting, inspection, and mapping. However, the reliability, security, and privacy of UAV devices are among the public’s top concerns as they operate close to each other and other objects. This paper proposes a LIghtweight Blockchain-based REputation (LIBRE) system to improve the reliability and performance of a UAV network by monitoring, tracking, and selecting the most appropriate individuals to carry out tasks. In the LIBRE system, a reputation score is assigned to each newly registered UAV device with limited network access. Exclusive access is, therefore, given once the reputation is ascertained based on the behavior and the feedback given by peer nodes that have interacted with it. An algorithm was proposed to calculate the reputation score updated in the Blockchain to provide fairness, immutability, and auditability. A proof-of-concept prototype of LIBRE system architecture was implemented on a private Ethereum Blockchain, and the extensive experimental study has validated the effectiveness of the LIBRE scheme.

Deploying multiple Unmanned Aerial Systems (UASs) is beneficial for applications that survey large regions and require cooperative redundancy. Range-only cooperative navigation has been proposed to enhance positioning precision by exchanging navigation information, especially in Global Navigation Satellite Systems (GNSS)-denied environments. However, existing works do not consider the possible attacks on range-only positioning in exceptionally adverse environments and do not investigate the resilience of cooperative navigation. In this paper, we consider the attacks on range measurements in the context of distributed range-only positioning using the Extended Kalman Filter (EKF) and present an anti-attack approach by integrating the Inertial Measurement Units (IMU) with the distributed position estimator. Moreover, this paper evaluates the resilience of the cooperative navigation system under Gaussian and non-Gausisian attacks. Extensive simulations on a cooperative task for multiple UASs to survey a target area demonstrate that the range-only positioning by EKF is vulnerable to non-Gaussian attacks and that the proposed anti-attack approach can detect the attacks with a high probability and mitigate the performance degradation caused by attacks.

The integration of artificial intelligence, especially large language models in robotics, has led to rapid advancements in the field. We are now observing an unprecedented surge in the use of robots in our daily lives. The development and continual improvements of robots are moving at an astonishing pace. Although these remarkable improvements facilitate and enhance our lives, several security and privacy concerns have not been resolved yet. Therefore, it has become crucial to address the privacy and security threats of robotic systems while improving our experiences. In this paper, we aim to present existing applications and threats of robotics, anticipated future evolution, and the security and privacy issues they may imply. We present a series of open questions for researchers and practitioners to explore further.

In today’s interconnected world, Programmable Logic Controller (PLC) devices play a crucial role in controlling and automating critical processes across various sectors. This increased connectivity, however, also brings about significant security risks, including the threat of the PLC’s control flow being subverted through malicious code injected by state-level actors. This paper offers an exploration of the use of side channels for control flow monitoring. By analyzing subtle variations in system behavior, such as power consumption and electromagnetic radiation, these side channels can be effectively leveraged to infer control flow information, and thus identify potential attacks. To accomplish this, we employ the emitted signals to train a machine learning model, and evaluate our detector by simulating two different types of attacks: malicious code injection and sensitive data infiltration. Additionally, we provide a unique comparison between the power consumption and electromagnetic side channels, highlighting the primary benefits each signal type exhibits in terms of detecting and preventing attacks. The results presented in this paper can aid system manufacturers in selecting the most suitable channel for defending their system, based on the specific requirements and context of their PLC application.