Identifying ECUs Using Inimitable Characteristics of Signals in Controller Area Networks

As the functions of vehicles are more computerized for the safety and convenience of drivers, attack surfaces of vehicle are accordingly increasing. Many attack results have shown that an attacker could intentionally control vehicles. Most of them exploit the vulnerability that controller area network (CAN) protocol, a de-facto standard for the in-vehicle networks, does not support message origin authentication. Although a number of methods to resolve this security vulnerability have been suggested, they have their each limitation to be applied into the current system. They have required either the modification of the CAN standard or dramatical communication load increase, which is infeasible in practice. In this paper, we propose a novel identification method, which works in the physical layer of the in-vehicle CAN network. Our method identifies electronic control units (ECUs) using inimitable characteristics of electrical CAN signals enabling detection of a malicious ECU. Unlike previous attempts to address the security problem in the in-vehicle CAN network, our method works by simply adding a monitoring unit to the existing network, making it deployable in current systems and compliant with required CAN standards. Our experimental results show that our method is able to correctly identify ECUs. In case of misclassfication rate for ECU idnetification, our method yields 0.36% in average which is approximate four times lower than the method proposed by P.-S. Murvay et al. This paper is also the first to identify potential attack models that systems should be able to detect.

[1]  Bogdan Groza,et al.  Source Identification Using Signal Characteristics in Controller Area Networks , 2014, IEEE Signal Processing Letters.

[2]  Wenyuan Xu,et al.  AccelPrint: Imperfections of Accelerometers Make Smartphones Trackable , 2014, NDSS.

[3]  Gavin Brown,et al.  Conditional Likelihood Maximisation: A Unifying Framework for Information Theoretic Feature Selection , 2012, J. Mach. Learn. Res..

[4]  Ingrid Verbauwhede,et al.  CANAuth - A Simple, Backward Compatible Broadcast Authentication Protocol for CAN bus , 2011 .

[5]  Felix C. Freiling,et al.  Fingerprinting Mobile Devices Using Personalized Configurations , 2016, Proc. Priv. Enhancing Technol..

[6]  Claude Castelluccia,et al.  On the uniqueness of Web browsing history patterns , 2014, Ann. des Télécommunications.

[7]  Marco Di Natale,et al.  Understanding and using the Controller Area Network , 2008 .

[8]  T. Kohno,et al.  Remote physical device fingerprinting , 2005, 2005 IEEE Symposium on Security and Privacy (S&P'05).

[9]  Arun Ross,et al.  Information fusion in biometrics , 2003, Pattern Recognit. Lett..

[10]  Dong Hoon Lee,et al.  A Practical Wireless Attack on the Connected Car and Security Protocol for In-Vehicle CAN , 2015, IEEE Transactions on Intelligent Transportation Systems.

[11]  Michel Barbeau,et al.  Intrusion detection and radio frequency fingerprinting in mobile and wireless networks , 2003 .

[12]  Jürgen Teich,et al.  CAN+: A new backward-compatible Controller Area Network (CAN) protocol with up to 16× higher data rates. , 2009, 2009 Design, Automation & Test in Europe Conference & Exhibition.

[13]  Liren Zhang,et al.  Architecture of Hybrid Mobile Social Networks for Efficient Content Delivery , 2014, Wireless Personal Communications.

[14]  Nikita Borisov,et al.  Smartphone Fingerprinting Via Motion Sensors: Analyzing Feasiblity at Large-Scale and Studing Real Usage Patterns , 2016, ArXiv.

[15]  Marco Gruteser,et al.  Wireless device identification with radiometric signatures , 2008, MobiCom '08.

[16]  O. Ureten,et al.  Detection of radio transmitter turn-on transients , 1999 .

[17]  Nikita Borisov,et al.  Do You Hear What I Hear?: Fingerprinting Smart Devices Through Embedded Acoustic Components , 2014, CCS.

[18]  Imran Memon,et al.  Travel Recommendation Using Geo-tagged Photos in Social Media for Tourist , 2015, Wirel. Pers. Commun..

[19]  Yong Wang,et al.  Modeling the spreading behavior of passive worms in mobile social networks , 2013, 2013 6th International Conference on Information Management, Innovation Management and Industrial Engineering.

[20]  Gunnar Rätsch,et al.  An introduction to kernel-based learning algorithms , 2001, IEEE Trans. Neural Networks.

[21]  Frank Piessens,et al.  FPDetective: dusting the web for fingerprinters , 2013, CCS.

[22]  Martín Abadi,et al.  Host Fingerprinting and Tracking on the Web: Privacy and Security Implications , 2012, NDSS.

[23]  Kang G. Shin,et al.  Fingerprinting Electronic Control Units for Vehicle Intrusion Detection , 2016, USENIX Security Symposium.

[24]  Jian-Ping Li,et al.  GEO matching regions: multiple regions of interests using content based image retrieval based on relative locations , 2017, Multimedia Tools and Applications.

[25]  Pim Tuyls,et al.  Capacity and Examples of Template-Protecting Biometric Authentication Systems , 2004, ECCV Workshop BioAW.

[26]  Nikita Borisov,et al.  Fingerprinting Smart Devices Through Embedded Acoustic Components , 2014, ArXiv.

[27]  Imran Memon,et al.  Authentication User’s Privacy: An Integrating Location Privacy Protection Algorithm for Secure Moving Objects in Location Based Services , 2015, Wirel. Pers. Commun..

[28]  Gabriel Maciá-Fernández,et al.  Anomaly-based network intrusion detection: Techniques, systems and challenges , 2009, Comput. Secur..

[29]  J. G. Kassakian,et al.  Automotive electrical systems circa 2005 , 1996 .

[30]  Mani Mina,et al.  Physical-Layer Identification of Wired Ethernet Devices , 2012, IEEE Transactions on Information Forensics and Security.

[31]  N. Serinken,et al.  Characteristics of radio transmitter fingerprints , 2001 .

[32]  Gabi Nakibly,et al.  Mobile Device Identification via Sensor Fingerprinting , 2014, ArXiv.

[33]  Reginald Victor Jones,et al.  Most Secret War , 1978 .

[34]  Bogdan Groza,et al.  Efficient Protocols for Secure Broadcast in Controller Area Networks , 2013, IEEE Transactions on Industrial Informatics.

[35]  Hovav Shacham,et al.  Comprehensive Experimental Analyses of Automotive Attack Surfaces , 2011, USENIX Security Symposium.

[36]  Flavio D. Garcia,et al.  LeiA: A Lightweight Authentication Protocol for CAN , 2016, ESORICS.

[37]  Dong Hoon Lee,et al.  Vulnerabilities of Android OS-Based Telematics System , 2017, Wirel. Pers. Commun..

[38]  Walid Saad,et al.  Device Fingerprinting in Wireless Networks: Challenges and Opportunities , 2015, IEEE Communications Surveys & Tutorials.

[39]  Alberto L. Sangiovanni-Vincentelli,et al.  Cyber-Security for the Controller Area Network (CAN) Communication Protocol , 2012, 2012 International Conference on Cyber Security.

[40]  Michel Barbeau,et al.  DETECTION OF TRANSIENT IN RADIO FREQUENCY FINGERPRINTING USING SIGNAL PHASE , 2003 .

[41]  马克斯·B·弗雷德里克 Cellular telephone anti-fraud system , 1994 .

[42]  Miroslav Goljan,et al.  Digital camera identification from sensor pattern noise , 2006, IEEE Transactions on Information Forensics and Security.

[43]  Chang-Tsun Li,et al.  Source Camera Identification Using Enhanced Sensor Pattern Noise , 2009, IEEE Transactions on Information Forensics and Security.

[44]  Matti Valovirta,et al.  Experimental Security Analysis of a Modern Automobile , 2011 .

[45]  Imran Memon,et al.  Efficient User Based Authentication Protocol for Location Based Services Discovery Over Road Networks , 2017, Wirel. Pers. Commun..

[46]  Imran Memon,et al.  Dynamic path privacy protection framework for continuous query service over road networks , 2016, World Wide Web.

[47]  Nikita Borisov,et al.  Tracking Mobile Web Users Through Motion Sensors: Attacks and Defenses , 2016, NDSS.

[48]  Lucia Lo Bello,et al.  Automotive communications-past, current and future , 2005, 2005 IEEE Conference on Emerging Technologies and Factory Automation.

[49]  Christian Rossow,et al.  - vatiCAN - Vetted, Authenticated CAN Bus , 2016, CHES.