3,050 research outputs found
Securing Modern Vehicles: Electric Charging and In-Vehicle Communication Protocols
Full text linkIn the last decades, the massive size and price reduction of computationally capable devices have increased the spread of the so-called Cyber-Physical Systems (CPSs). These connected devices employ computing capacity together with sensing and actuating functions. Vehicles represent a widely spread and extremely complex example of CPS, where modern cars are equipped with more than 100 different microcomputers to control each vehicle's component and communicate with other devices. Although these technologies unquestionably improve the driving experience and its safety, they also expand the attack surface, which malicious entities may exploit to compromise the vehicle. In recent years, researchers have proved that several vehicle components are vulnerable to cyberattacks, and many novel technologies under development may introduce new security and privacy concerns. This dissertation offers an analysis of two different aspects of modern vehicles from a security point of view, discovering and mitigating some security vulnerabilities.
In the first part, we investigate the new security issues introduced with the spread of electric vehicles. We analyzed the new threats born from the connection of vehicles to the smart grid for charging purposes. We found a potential issue that allows an attacker to steal energy from another connected vehicle and develop EVExchange, the first relay attack on the Vehicle to Grid environment. Moreover, we developed a countermeasure to defend against it based on the distance bounding technique. Additionally, we show how a malicious charging operator can exploit the charging pattern of the vehicle's battery to profile and then track a particular car, mining the driver's privacy.
In the second part of this dissertation, we analyze security solutions connected to the internal bus of vehicles, which allows communication between internal devices. CAN bus, the de facto standard for these communications, is a legacy protocol not equipped with any security feature, allowing attackers to compromise the system easily. However, security improvements are complex to deploy due to the real-time requirements of the system, which often hold companies back from rolling them out. In this thesis, we applied novel methods to solve the problem. We employed a fast and reliable technique for feature extraction to identify attacks using Machine Learning, obtaining good results with a lightweight implementation. With the intent to reduce false positives as much as possible, we developed CANTXSec, the first deterministic solution to identify and stop certain kinds of attacks by comparing Electric Control Unit activations with bus traffic. Finally, we investigate authentication systems in vehicles employing data from the CAN bus. In particular, we analyzed issues in authentication systems based on the driver's behavior, developing two adversarial attacks against them and providing insights on how they should be efficiently and securely deployed
Contrasting activity profile of two distributed cortical networks as a function of attentional demands
No full textThe original publication is available at http://www.jneurosci.orgThis work was supported by R01 grant MH-073610 from the National Institutes of Health to Denis Paré
EVScout2.0: Electric Vehicle Profiling through Charging Profile
Full text linkElectric Vehicles (EVs) represent a green alternative to traditional fuel-powered vehicles. To enforce their widespread use, both the technical development and the security of users shall be guaranteed. Users' privacy represents a possible threat that impairs the adoption of EVs. In particular, recent works showed the feasibility of identifying EVs based on the current exchanged during the charging phase. In fact, while the resource negotiation phase runs over secure communication protocols, the signal exchanged during the actual charging contains features peculiar to each EV. In what is commonly known as profiling, a suitable feature extractor can associate such features to each EV.In this article, we propose EVScout2.0, an extended and improved version of our previously proposed framework to profile EVs based on their charging behavior. By exploiting the current and pilot signals exchanged during the charging phase, our scheme can extract features peculiar for each EV, hence allowing..
Towards robust stability prediction in smart grids: GAN-based approach under data constraints and adversarial challenges
No full textSmart grids are crucial for meeting rising energy demands driven by global population growth and urbanization. By integrating renewable energy sources, they enhance efficiency, reliability, and sustainability. However, ensuring their availability and security requires advanced operational control and safety measures. Although artificial intelligence and machine learning can help assess grid stability, challenges such as data scarcity and cybersecurity threats, particularly adversarial attacks, remain. Data scarcity is a major issue, as obtaining real-world instances of grid instability requires significant expertise, resources, and time. Yet, these instances are critical for testing new research advancements and security mitigations. This paper introduces a novel framework for detecting instability in smart grids using only stable data. It employs a Generative Adversarial Network (GAN) where the generator is designed not to produce near-realistic data but instead to generate Out-Of-Distribution (OOD) samples with respect to the stable class. These OOD samples represent unstable behavior, anomalies, or disturbances that deviate from the stable data distribution. By training exclusively on stable data and exposing the discriminator to OOD samples, our framework learns a robust decision boundary to distinguish stable conditions from any unstable behavior, without requiring unstable data during training. Furthermore, we incorporate an adversarial training layer to enhance resilience against attacks. Evaluated on a real-world dataset, our solution achieves up to 98.1% accuracy in predicting grid stability and 98.9% in detecting adversarial attacks. Implemented on a single-board computer, it enables real-time decision-making with an average response time of under 7ms
Is Tolerance Political? An Interview with Denis Lacorne
No full textcontribution à un site webDenis Lacorne is the author of "The Limits of Tolerance. Enlightenment Values and Religious Fanaticism" (Columbia University Press, 2019), the English translation of "Les limites de la tolérance" (Gallimard, awarded the Prix Montyon by the Académie Française). In his book, which is intellectually very inspiring because of the many questions it addresses and raises, Denis Lacorne traces the emergence of the notion of tolerance from its early thinkers to the Age of Enlightenment and finally questions the notion and its various understandings through more recent events in France and the United States. What is tolerance? Is tolerance political? Interview by Miriam Périer, CER
Profiling Electric Vehicles via Early Charging Voltage Patterns
No full textElectric Vehicles (EVs) are rapidly gaining adoption as a sustainable alternative to fuel-powered vehicles, making secure charging infrastructure essential. Despite traditional authentication protocols, recent results showed that attackers may steal energy through tailored relay attacks. One countermeasure is leveraging the EV’s fingerprint on the current exchanged during charging. However, existing methods focus on the final charging stage, allowing malicious actors to consume substantial energy before being detected and repudiated. This underscores the need for earlier and more effective authentication methods to prevent unauthorized charging. Meanwhile, profiling raises privacy concerns, as uniquely identifying EVs through charging patterns could enable user tracking. In this paper, we propose a framework for uniquely identifying EVs using physical measurements from the early charging stages. We hypothesize that voltage behavior early in the process exhibits similar characteristics to current behavior in later stages. By extracting features from early voltage measurements, we demonstrate the feasibility of EV profiling. Our approach improves existing methods by enabling faster and more reliable vehicle identification. We test our solution on a dataset of 7408 usable charges from 49 EVs, achieving up to 0.86 accuracy. Feature importance analysis shows that near-optimal performance is possible with just 10 key features, improving efficiency alongside our lightweight models. This research lays the foundation for a novel authentication factor while exposing potential privacy risks from unauthorized access to charging data
EVExchange: A Relay Attack on Electric Vehicle Charging System
Full text linkTo support the increasing spread of Electric Vehicles (EVs), Charging
Stations (CSs) are being installed worldwide. The new generation of CSs employs
the Vehicle-To-Grid (V2G) paradigm by implementing novel standards such as the
ISO 15118. This standard enables high-level communication between the vehicle
and the charging column, helps manage the charge smartly, and simplifies the
payment phase. This novel charging paradigm, which connects the Smart Grid to
external networks (e.g., EVs and CSs), has not been thoroughly examined yet.
Therefore, it may lead to dangerous vulnerability surfaces and new research
challenges.
In this paper, we present EVExchange, the first attack to steal energy during
a charging session in a V2G communication: i.e., charging the attacker's car
while letting the victim pay for it. Furthermore, if reverse charging flow is
enabled, the attacker can even sell the energy available on the victim's car!
Thus, getting the economic profit of this selling, and leaving the victim with
a completely discharged battery. We developed a virtual and a physical testbed
in which we validate the attack and prove its effectiveness in stealing the
energy. To prevent the attack, we propose a lightweight modification of the ISO
15118 protocol to include a distance bounding algorithm. Finally, we validated
the countermeasure on our testbeds. Our results show that the proposed
countermeasure can identify all the relay attack attempts while being
transparent to the user.Comment: 20 pages, 6 figure
- …
