Seminar:  Can You Trust Your Cars? Security and Privacy Vulnerabilities of In-Car Wireless Sensor Networks

Date:March 18, 2013 
Talk Title: Can You Trust Your Cars? Security and Privacy Vulnerabilities of In-Car Wireless Sensor Networks
Speaker:Wenyuan Xu, Asst. Professor, Dept. Computer Science and Engineering, University of South Carolina
Time & Location:12:00pm - 1:00pm
CIC Building, Pittsburgh

Abstract

Wireless systems are being integrated into modern automobile. However, the security and privacy implication of those systems are not well understood as many of their communication protocols are proprietary.  In this talk, we present a case study analyzing the first mandated in-car sensor networks, the tire pressure monitoring system (TPMS), using GNU Radio in conjunction with the Universal Software Radio Peripheral (USRP), a low-cost out-of-shelf software radio platform.  We evaluated the security and privacy risks associated with TPMS using both laboratory experiments with isolated tire pressure sensor modules and experiments with a complete vehicle system.

We show that eavesdropping is easily possible at a distance of roughly 40m from a passing vehicle using cheap antennas. Further, reverse-engineering of the underlying protocols revealed static 32 bit identifiers and that messages can be easily triggered remotely, which raises privacy concerns as vehicles can be tracked through these identifiers. Current protocols do not employ authentication and vehicle implementations do not perform basic input validation, thereby allowing for remote spoofing of sensor messages.

We validated this experimentally by triggering tire pressure warning messages in a moving vehicle from our software radio attack platform located in a nearby vehicle. Finally, the talk concludes with a set of recommendations for improving the privacy and security of tire pressure monitoring systems and other forthcoming consumer wireless networks.

Speaker Bio

Wenyuan Xu is an assistant professor in the Department of Computer Science and Engineering, University of South Carolina. She received her Ph.D. degree in Electrical and Computer Engineering from Rutgers University in 2007, M.S. degree in Computer Science and Engineering from Zhejiang University in 2001, and B.S. degree in Electrical Engineering with the highest honor from Zhejiang University in 1998. Her research interest includes wireless networking and network security with a focus on anti-jamming and coping with radio interference. She received an NSF Career Award in 2009.