Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Navigating Connected Car Cybersecurity: Location Anomaly Detection with RAN Data

Feng Wang, Yaron Koral, Kenichi Futamura

TL;DR

The paper tackles the problem of securing connected cars against location-based attacks (e.g., IMSI hijacking) by leveraging Radio Access Network (RAN) event data. It proposes a location anomaly module that builds per-IMSI trajectories from RAN events, estimates device location with RTD-aware distances, and flags transitions that exceed a speed threshold via a criterion such as $d^{cell}_{i,k} > d_{min}$ and $\hat{v}_{i,k} > v_{max}$, while excluding legitimate handovers. A Trajectory Hash Table enables fast, scalable sequence access, and a NAS-based pre-filter dramatically reduces the data to be analyzed, achieving runtimes on the order of half an hour for daily nationwide data. The approach is validated on real network data, demonstrating the ability to detect spoofed identifiers with robust handling of corner cases and providing practical improvements for connected-car and IoT cybersecurity.

Abstract

The cybersecurity of connected cars, integral to the broader Internet of Things (IoT) landscape, has become of paramount concern. Cyber-attacks, including hijacking and spoofing, pose significant threats to these technological advancements, potentially leading to unauthorized control over vehicular networks or creating deceptive identities. Given the difficulty of deploying comprehensive defensive logic across all vehicles, this paper presents a novel approach for identifying potential attacks through Radio Access Network (RAN) event monitoring. The major contribution of this paper is a location anomaly detection module that identifies aberrant devices that appear in multiple locations simultaneously - a potential indicator of a hijacking attack. We demonstrate how RAN-event based location anomaly detection is effective in combating malicious activity targeting connected cars. Using RAN data generated by tens of millions of connected cars, we developed a fast and efficient method for identifying potential malicious or rogue devices. The implications of this research are far-reaching. By increasing the security of connected cars, we can enhance the safety of users, provide robust defenses for the automotive industry, and improve overall cybersecurity practices for IoT devices.

Navigating Connected Car Cybersecurity: Location Anomaly Detection with RAN Data

TL;DR

The paper tackles the problem of securing connected cars against location-based attacks (e.g., IMSI hijacking) by leveraging Radio Access Network (RAN) event data. It proposes a location anomaly module that builds per-IMSI trajectories from RAN events, estimates device location with RTD-aware distances, and flags transitions that exceed a speed threshold via a criterion such as and , while excluding legitimate handovers. A Trajectory Hash Table enables fast, scalable sequence access, and a NAS-based pre-filter dramatically reduces the data to be analyzed, achieving runtimes on the order of half an hour for daily nationwide data. The approach is validated on real network data, demonstrating the ability to detect spoofed identifiers with robust handling of corner cases and providing practical improvements for connected-car and IoT cybersecurity.

Abstract

The cybersecurity of connected cars, integral to the broader Internet of Things (IoT) landscape, has become of paramount concern. Cyber-attacks, including hijacking and spoofing, pose significant threats to these technological advancements, potentially leading to unauthorized control over vehicular networks or creating deceptive identities. Given the difficulty of deploying comprehensive defensive logic across all vehicles, this paper presents a novel approach for identifying potential attacks through Radio Access Network (RAN) event monitoring. The major contribution of this paper is a location anomaly detection module that identifies aberrant devices that appear in multiple locations simultaneously - a potential indicator of a hijacking attack. We demonstrate how RAN-event based location anomaly detection is effective in combating malicious activity targeting connected cars. Using RAN data generated by tens of millions of connected cars, we developed a fast and efficient method for identifying potential malicious or rogue devices. The implications of this research are far-reaching. By increasing the security of connected cars, we can enhance the safety of users, provide robust defenses for the automotive industry, and improve overall cybersecurity practices for IoT devices.
Paper Structure (11 sections, 9 equations, 5 figures, 3 tables, 1 algorithm)

This paper contains 11 sections, 9 equations, 5 figures, 3 tables, 1 algorithm.

Table of Contents

  1. Introduction
  2. Related Work
  3. Background
  4. Location Anomaly Detection Module
  5. RAN Event Features
  6. Trajectory Hash Table
  7. Location Anomaly Detection
  8. Filtering Algorithm for Scalability
  9. Corner Cases Analysis
  10. Experimental Results
  11. Conclusion

Figures (5)

  • Figure 1: Diagram of establishment and usage of the trajectory Hash table.
  • Figure 2: Distance measurement and speed estimation for location anomaly criteria.
  • Figure 3: IoT cars are usually in idle state: large gap between event 2 and event 3.
  • Figure 4: Sudden switching to a distant cell and switching back due to heavy traffic, reflective terrain, or rolling terrain.
  • Figure 5: The number of active car devices and the number of devices with location anomaly detected for two vendors over a week.