Search Results

Android applications have historically faced vulnerabilities to man-in-the-middle attacks due to insecure custom SSL/TLS certificate validation implementations. In response, Google introduced the Network Security Configuration (NSC) as a configuration-based solution to improve the security of certificate validation practices. NSC was initially developed to enhance the security of Android applications by providing developers with a framework to customize network security settings. However, recent studies have shown that it is often not being leveraged appropriately to enhance security. Motivated by the surge in vehicular connectivity and the corresponding impact on user security and data privacy, our research pivots to the domain of mobile applications for vehicles. As vehicles increasingly become repositories of personal data and integral nodes in the Internet of Things (IoT) ecosystem, ensuring their security moves beyond traditional issues to one of public safety and trust.

Controller Area Network (CAN), the de facto standard for in-vehicle networks, has insufficient security features and thus is inherently vulnerable to various attacks. To protect CAN bus from attacks, intrusion detection systems (IDSs) based on advanced deep learning methods, such as Convolutional Neural Network (CNN) and Recurrent Neural Network (RNN), have been proposed to detect intrusions. However, those models generally introduce high latency, require considerable memory space, and often result in high energy consumption. To accelerate intrusion detection and also reduce memory requests, we exploit the use of Binarized Neural Network (BNN) and hardware-based acceleration for intrusion detection in in-vehicle networks. As BNN uses binary values for activations and weights rather than full precision values, it usually results in faster computation, smaller memory cost, and lower energy consumption than full precision models.

The rapid development of connected and automated vehicle technologies together with cloud-based mobility services are revolutionizing the transportation industry. As a result, huge amounts of data are being generated, collected, and utilized, hence providing tremendous business opportunities. However, this big data poses serious challenges mainly in terms of data privacy. The risks of privacy leakage are amplified by the information sharing nature of emerging mobility services and the recent advances in data analytics. In this paper, we provide an overview of the connected vehicle landscape and point out potential privacy threats. We demonstrate two of the risks, namely additional individual information inference and user de-anonymization, through concrete attack designs. We also propose corresponding countermeasures to defend against such privacy attacks. We evaluate the feasibility of such attacks and our defense strategies using real world vehicular data.

Nowadays, the automotive industry is experiencing the advent of unprecedented applications with connected devices, such as identifying safe users for insurance companies or assessing vehicle health. To enable such applications, driving behavior data are collected from vehicles and provided to third parties (e.g., insurance firms, car sharing businesses, healthcare providers). In the new wave of IoT (Internet of Things), driving statistics and users’ data generated from wearable devices can be exploited to better assess driving behaviors and construct driver models. We propose a framework for securely collecting data from multiple sources (e.g., vehicles and brought-in devices) and integrating them in the cloud to enable next-generation services with guaranteed user privacy protection.