Model Checking Resiliency and Sustainability of In-Vehicle Network for Real-Time Authenticity

The Controller Area Network (CAN) is the most common network system in automotive systems. However, the standardized design of a CAN protocol does not consider security issues, so it is vulnerable to various security attacks from internal and external electronic devices. Recently, in-vehicle network is often connected to external network systems, including the Internet, and can result in an unwarranted third-party application becoming an attack point. Message Authentication CAN (MAuth-CAN) is a new centralized authentication for CAN system, where two dual-CAN controllers are utilized to process message authentication. MAuth-CAN is designed to provide an authentication mechanism as well as provide resilience to a message flooding attack and sustainably protect against a bus-off attack. This paper presents formal techniques to guarantee critical timing properties of MAuth-CAN, based on model checking, which can be also used for safety certificates of vehicle components, such as ISO 26262. Using model checking, we prove sufficient conditions that MAuth-CAN is resilient and sustainable against message flooding and bus-off attacks and provide two formal models of MAuth-CAN in timed automata that are applicable for formal analysis of other applications running on CAN bus. In addition, we discuss that the results of model checking of those properties are consistent with the experiment results of MAuth-CAN implementation.

[1]  Shwetak N. Patel,et al.  Experimental Security Analysis of a Modern Automobile , 2010, 2010 IEEE Symposium on Security and Privacy.

[2]  Hovav Shacham,et al.  Comprehensive Experimental Analyses of Automotive Attack Surfaces , 2011, USENIX Security Symposium.

[3]  Huy Kang Kim,et al.  Intrusion detection system based on the analysis of time intervals of CAN messages for in-vehicle network , 2016, 2016 International Conference on Information Networking (ICOIN).

[4]  Christian Rossow,et al.  - vatiCAN - Vetted, Authenticated CAN Bus , 2016, CHES.

[5]  Wang Yi,et al.  Timed Automata: Semantics, Algorithms and Tools , 2003, Lectures on Concurrency and Petri Nets.

[6]  Ingrid Verbauwhede,et al.  LiBrA-CAN , 2017, ACM Trans. Embed. Comput. Syst..

[7]  Kim G. Larsen,et al.  A Tutorial on Uppaal , 2004, SFM.

[8]  Vijay Varadharajan,et al.  TrustLite: a security architecture for tiny embedded devices , 2014, EuroSys '14.

[9]  Dong Hoon Lee,et al.  Vulnerabilities of Android OS-Based Telematics System , 2017, Wirel. Pers. Commun..

[10]  Nathalie Japkowicz,et al.  Frequency-based anomaly detection for the automotive CAN bus , 2015, 2015 World Congress on Industrial Control Systems Security (WCICSS).

[11]  Dong Hoon Lee,et al.  A Practical Wireless Attack on the Connected Car and Security Protocol for In-Vehicle CAN , 2015, IEEE Transactions on Intelligent Transportation Systems.

[12]  Kim G. Larsen,et al.  Uppaal SMC tutorial , 2015, International Journal on Software Tools for Technology Transfer.

[13]  Sang Hyuk Son,et al.  An Attack-Resilient Source Authentication Protocol in Controller Area Network , 2017, 2017 ACM/IEEE Symposium on Architectures for Networking and Communications Systems (ANCS).

[14]  Dong Hoon Lee,et al.  MAuth-CAN: Masquerade-Attack-Proof Authentication for In-Vehicle Networks , 2020, IEEE Transactions on Vehicular Technology.

[15]  Stefan Savage,et al.  Fast and Vulnerable: A Story of Telematic Failures , 2015, WOOT.

[16]  Kai Zeng,et al.  Hardware Module-Based Message Authentication in Intra-vehicle Networks , 2017, 2017 ACM/IEEE 8th International Conference on Cyber-Physical Systems (ICCPS).

[17]  Je-Won Kang,et al.  Intrusion Detection System Using Deep Neural Network for In-Vehicle Network Security , 2016, PloS one.

[18]  Flavio D. Garcia,et al.  LeiA: A Lightweight Authentication Protocol for CAN , 2016, ESORICS.

[19]  Juan Carlos Augusto,et al.  Heuristic strategies for assessing wireless sensor network resiliency: an event-based formal approach , 2015, J. Heuristics.

[20]  Mirco Marchetti,et al.  Anomaly detection of CAN bus messages through analysis of ID sequences , 2017, 2017 IEEE Intelligent Vehicles Symposium (IV).

[21]  Radha Poovendran,et al.  Cloaking the Clock: Emulating Clock Skew in Controller Area Networks , 2017, 2018 ACM/IEEE 9th International Conference on Cyber-Physical Systems (ICCPS).

[22]  Karim M. El Defrawy,et al.  SMART: Secure and Minimal Architecture for (Establishing Dynamic) Root of Trust , 2012, NDSS.

[23]  Jiyoung Woo,et al.  In-vehicle network intrusion detection using deep convolutional neural network , 2020, Veh. Commun..

[24]  Atul Luykx,et al.  Security Analysis of BLAKE2's Modes of Operation , 2016, IACR Cryptol. ePrint Arch..

[25]  Jeremy Bryans,et al.  Detection of Automotive CAN Cyber-Attacks by Identifying Packet Timing Anomalies in Time Windows , 2018, 2018 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops (DSN-W).

[26]  Thomas A. Henzinger,et al.  The benefits of relaxing punctuality , 1991, PODC '91.

[27]  Hiroaki Takada,et al.  CaCAN: Centralized Authentication System in CAN (Controller Area Network) , 2016 .

[28]  Kang G. Shin,et al.  Fingerprinting Electronic Control Units for Vehicle Intrusion Detection , 2016, USENIX Security Symposium.