Скачать с ютуб Gergely Biczok on In-Vehicle Cybersecurity and Privacy: Abusing and Protecting the CAN Bus в хорошем качестве

Gergely Biczok on In-Vehicle Cybersecurity and Privacy: Abusing and Protecting the CAN Bus

Cybersecurity Seminar given by Gergely Biczok on Aug 30, 2024. Communication on the Controller Area Network (CAN) in vehicles is notably lacking in security measures, rendering it susceptible to cyberattacks. These attacks can potentially compromise safety-critical vehicle subsystems, and therefore endanger passengers and others around them. On the other hand, the CAN bus carries in-vehicle sensor measurements that may be used (or abused) to infer driver behavior and vehicle trajectories. In this talk, I will give an overview of contributions in this area the CrySyS Lab has made in recent years. First, I will show attack demonstrations and introduce a novel CAN traffic dataset containing multiple attack signatures. Then, I will talk about potential attack detection methods in the order of increasing complexity, effectiveness, and accuracy. Second, focusing on privacy, by exploiting that in-vehicle sensor measurements are inherently interdependent, I show that it is possible to i) re-identify a driver even from raw, unprocessed CAN data with 97% accuracy, and ii) reconstruct the vehicle's complete location trajectory knowing only its speed and steering wheel position. Finally, I demonstrate how empirical privacy protection by signal processing based anonymization techniques fail to provide a strong, worst-case privacy guarantee to every single individual and advocate for the application of a principled privacy model.