Search

US-12621318-B2 - System for intrusion detection using a vehicle electrical system

US12621318B2US 12621318 B2US12621318 B2US 12621318B2US-12621318-B2

Abstract

A system includes a processor is programmed to define a fingerprint that includes a baseline measurement of a physical attribute of the system prior to runtime operation, wherein the system includes at least one set of non-safety critical consumer channels, one set of safety critical consumer channels, and two different power sources connected to two power channels, a first power source supplies power to the one set of non-safety critical consumer channels and a second power source supplies power to the one set of safety critical consumer-channels, two switches separate the consumer channels and can individually shut off the consumer channels, wherein the processor is further programmed to receive a runtime measurement of the physical attribute of the channels and compare the measurements to the fingerprint, and in response to the measurement exceeding a threshold, execute a countermeasure operation against software.

Inventors

  • Stefan GEHRER
  • Jorge Guajardo Merchan

Assignees

  • ROBERT BOSCH GMBH

Dates

Publication Date
20260505
Application Date
20240926

Claims (20)

  1. 1 . A system comprising: memory; a processor in a smart power distribution system, wherein the processor is in communication with the memory and programmed to: compute a baseline fingerprint that includes a baseline measurement of a physical attribute of a smart power distribution system during an enrollment period of the system, wherein the enrollment period includes measuring the attribute of the smart power distribution system prior to runtime operation, wherein the smart power distribution system includes at least one set of non-safety critical consumer channels, at least one set of safety critical consumer channels, at least two different power sources connected to at least two power channels, wherein a first power source supplies power to the at least one set of non-safety critical consumer channels and a second power source supplies power to the at least one set of safety critical consumer-channels, and at least two switches separating the safety critical consumer channels and the non-safety critical consumer channels, wherein the at least one set of non-safety critical consumer channels and the at least one set of safety critical consumer channels can be individually shut off and separated from each other by the at least two switches; receive a runtime measurement of the physical attribute of the at least one set of safety critical consumer channels of the smart power distribution system during runtime; compute a runtime fingerprint utilizing the runtime measurement and compare the runtime fingerprint to the baseline fingerprint; and in response to the runtime measurement exceeding a threshold, execute a countermeasure operation against software in communication with the smart power distribution system.
  2. 2 . The system of claim 1 , wherein the runtime measurement can be received from the at least one set of non-safety critical consumer channels of the smart power distribution system during runtime.
  3. 3 . The system of claim 1 , wherein the at least one set of non-safety critical consumer channels and the at least one set of safety critical consumer channels can be coupled.
  4. 4 . The system of claim 1 , wherein the physical attribute includes a current drawn by the at least one set of non-safety critical consumer channels.
  5. 5 . The system of claim 1 , wherein the runtime measurement is obtained at a first sensor located at a first power source and a second sensor located at a second power source.
  6. 6 . The system of claim 5 , wherein the first sensor and second sensor are exactly the same.
  7. 7 . The system of claim 5 , wherein the first and second sensor are different types of sensors.
  8. 8 . The system of claim 5 , wherein the processor is further programmed to compare runtime measurements obtained at both the first sensor and the second sensor.
  9. 9 . The system of claim 1 , wherein the physical attribute includes a power drawn by the at least one set of safety critical consumer channels.
  10. 10 . The system of claim 1 , wherein the runtime measurement is configured to be drawn by an external device when configured with the smart power distribution system.
  11. 11 . The system of claim 1 , wherein the memory is configured to store the fingerprint.
  12. 12 . The system of claim 1 , wherein the processor is further programmed to, in response to the measurement exceeding a threshold, log the measurement and store the log in memory.
  13. 13 . The system of claim 1 , wherein the processor is further programmed to define a fingerprint of a user's behavior.
  14. 14 . A system comprising: memory; a processor in a smart power distribution, wherein the processor is in communication with the memory and programmed to: compute a baseline fingerprint that includes a baseline measurement of a physical attribute of the smart power distribution system during an enrollment period of the system, wherein the enrollment period includes measuring the attribute of the smart power distribution system prior to runtime operation, wherein the smart power distribution system includes at least one set of non-safety critical consumer channels, at least one set of safety critical consumer channels, at least two different power sources connected to at least two power channels, wherein a first power source supplies power to the at least one set of non-safety critical consumer channels and a second power source supplies power to the at least one set of safety critical consumer-channels, and at least two switches separating the safety critical consumer channels and the non-safety critical consumer channels, wherein the at least one set of non-safety critical consumer channels and the at least one set of safety critical consumer channels can be individually shut off by the at least two switches; receive a runtime measurement of the physical attribute of the at least one set of non-safety critical consumer channels of the smart power distribution system during runtime; compute a runtime fingerprint utilizing the runtime measurement and compare the runtime fingerprint to the baseline fingerprint; and in response to the runtime measurement exceeding a threshold, execute a countermeasure operation against software in communication with the smart power distribution system.
  15. 15 . The system of claim 14 , wherein the runtime measurement can be received from the at least one set of safety critical consumer channels of the smart power distribution system during runtime.
  16. 16 . A system comprising: memory; a processor of a smart power distribution system, wherein the processor is in communication with the memory and programmed to: compute a baseline fingerprint that includes a baseline measurement of a physical attribute of the smart power distribution system during an enrollment period of the system, wherein the enrollment period includes measuring the attribute of the smart power distribution system prior to runtime operation; wherein the smart power distribution system includes at least one set of non-safety critical consumer channels at least one set of safety critical consumer channels, at least two different power sources connected to at least two power channels, wherein a first power source supplies power to the at least one set of non-safety critical consumer channels and a second power source supplies power to the at least one set of safety critical consumer-channels, and at least two switches separating the safety critical consumer channels and the non-safety critical consumer channels, wherein the at least one set of non-safety critical consumer channels and the at least one set of safety critical consumer channels can be individually shut off by the at least two switches; receive a runtime measurement of the physical attribute of the at least one set of non-safety critical consumer channels and the at least one set of safety critical consumer channels of the smart power distribution system during runtime; compute a runtime fingerprint utilizing the runtime measurement and compare the runtime fingerprint to the baseline fingerprint; and in response to the runtime measurement exceeding a threshold, execute a countermeasure operation against software in communication with the smart power distribution system.
  17. 17 . The system of claim 16 , wherein the countermeasure operation includes disabling the software in communication with the smart power distribution system.
  18. 18 . The system of claim 16 , wherein the runtime measurement is received from a sensor located at the smart power distribution system.
  19. 19 . The system of claim 16 , wherein the runtime measurement is received at one of the at least two switches.
  20. 20 . The system of claim 16 , wherein smart power distribution system is a Powernet Guardian system.

Description

TECHNICAL FIELD The present disclosure relates to security of a computer system, such as a vehicle computer system or other type of system, in the context of a smart power distribution system. BACKGROUND From a security standpoint, modern automotive in-vehicle networks present a significant attack surface due to the numerous Electrical Control Units (ECUs) and their connectivity to external networks. To enhance vehicle safety and security, vehicles can be equipped with a feature that detects malicious intrusions in these networks. However, intrusion detection systems usually require additional sensors and only protect specific microcontrollers or subsystems, which can ultimately increase the impact of attacks on the vehicle networks. SUMMARY According to one embodiment, a system includes memory and a processor in communication with the memory. The processor is programmed to: define a fingerprint that includes a baseline measurement of a physical attribute of a smart power distribution system during an evaluation period of the system; receive a runtime measurement of the physical attribute of the at least one set of safety critical consumer channels of the smart power distribution system during runtime; compare the runtime measurement of the physical attribute to the fingerprint; and in response to the measurement exceeding a threshold, execute a countermeasure operation against software ran by the smart power distribution system. The smart power distribution system includes: at least one set of non-safety critical consumer channels; at least one set of safety critical channels; at least two different power sources connected to at least two power channels, wherein a first power source supplies power to the at least one set of non-safety critical consumer channels and a second power source supplies power to the at least one set of safety critical consumer-channels; and at least two switches separating the safety critical consumer channels and the non-safety critical consumer channels, wherein the at least one set of non-safety critical consumer channels and the at least one set of safety critical consumer channels can be individually shut off by the at least two switches. According to another embodiment, a system includes memory and a processor in communication with the memory. The processor is programmed to: define a fingerprint that includes a baseline measurement of a physical attribute of a smart power distribution system during an evaluation period of the system; receive a runtime measurement of the physical attribute of the at least one set of non-safety critical consumer channels of the smart power distribution system during runtime; compare the runtime measurement of the physical attribute to the fingerprint; and in response to the measurement exceeding a threshold, execute a countermeasure operation against software ran by the smart power distribution system. The smart power distribution system includes: at least one set of non-safety critical consumer channels; at least one set of safety critical channels; at least two different power sources connected to at least two power channels, wherein a first power source supplies power to the at least one set of non-safety critical consumer channels and a second power source supplies power to the at least one set of safety critical consumer-channels; and at least two switches separating the safety critical consumer channels and the non-safety critical consumer channels, wherein the at least one set of non-safety critical consumer channels and the at least one set of safety critical consumer channels can be individually shut off by the at least two switches. According to a further embodiment, a system includes memory and a processor in communication with the memory. The processor is programmed to: define a fingerprint that includes a baseline measurement of a physical attribute of a smart power distribution system during an evaluation period of the system; receive a runtime measurement of the physical attribute of the at least one set of non-safety critical consumer channels and the at least one set of safety critical consumer channels of the smart power distribution system during runtime; compare the runtime measurement of the physical attribute to the fingerprint; and in response to the measurement exceeding a threshold, execute a countermeasure operation against software ran by the smart power distribution system. The smart power distribution system includes: at least one set of non-safety critical consumer channels; at least one set of safety critical channels; at least two different power sources connected to at least two power channels, wherein a first power source supplies power to the at least one set of non-safety critical consumer channels and a second power source supplies power to the at least one set of safety critical consumer-channels; and at least two switches separating the safety critical consumer channels and the non-safety critical consume