Physical Layer Discrimination of Electronic Control Units Using Wired Signal Distinct Native Attribute (WS-DNDA)

The Controller Area Network (CAN) bus is a communication system used in automobiles to interconnect the electronic components required for critical vehicle operations. These components are called Electronic Control Units (ECU) and each one exercises one or more functions within the vehicle. ECUs can provide autonomous safety features and increased comfort to drivers but these advancements may come at the expense of compromised vehicle security. Researchers have shown that the standard automobile CAN bus can be hacked by 1) compromised authorized ECUs or 2) by unauthorized devices, or ECUs, that have been physically connected. Physical layer (PHY) device fingerprinting has emerged as one accepted approach to establishing vehicle security. This work investigates the application of AFIT’s Wired Signal Distinct Native Attribute (WS-DNA) Fingerprinting using Multiple Discriminant Analysis Maximum Likelihood (MDA/ML) to achieve ECU discrimination. Demonstrations include 4-Class Cross Lot Discrimination (CLD) assessments with four Toyota Avalon ECUs with the same part number but different lot numbers as well as 9-Class Like Model Discrimination (LMD) assessments with nine Toyota Avalon ECUs of the same make and model as authorized devices. Rogue Arduino, Beagle Board, and CANable USB to CAN bus adapter are introduced and Rogue Reject Rate (RRR) estimated. Using WS-DNA features, RRR = 100% for rogue devices presenting false credentials for both the four class and nine class problem. Specific performance for compromised authorized ECU access attempts included 98% ≤ RRR ≤ 100% for the 4-class CLD assessment and 35.2% ≤ RRR ≤100% for the LMD assessment. Additionally, the Average Percent Correct Classification (%C) benchmark of %C = 90% was achieved for authorized devices at SNR∆ ≥ -8 dB for the 4-class CLD and at collected con-

[1]  Timothy J. Carbino,et al.  Physical-Layer discrimination of Power Line Communications , 2017, 2017 International Conference on Computing, Networking and Communications (ICNC).

[2]  Michael A. Temple,et al.  Conditional Constellation Based-Distinct Native Attribute (CB-DNA) fingerprinting for network device authentication , 2016, 2016 IEEE International Conference on Communications (ICC).

[3]  Mathew Lukacs,et al.  Device identification using active noise interrogation and RF-DNA "fingerprinting" for non-destructive amplifier acceptance testing , 2016, 2016 IEEE 17th Annual Wireless and Microwave Technology Conference (WAMICON).

[4]  Mani Mina,et al.  Device Identification via Analog Signal Fingerprinting: A Matched Filter Approach , 2006, NDSS.

[5]  Kang G. Shin,et al.  Fingerprinting Electronic Control Units for Vehicle Intrusion Detection , 2016, USENIX Security Symposium.

[6]  Michael A. Temple,et al.  A Comparison of PHY-Based Fingerprinting Methods Used to Enhance Network Access Control , 2015, SEC.

[7]  Dong Hoon Lee,et al.  Identifying ECUs Using Inimitable Characteristics of Signals in Controller Area Networks , 2016, IEEE Transactions on Vehicular Technology.

[8]  Robert F. Mills,et al.  Radio frequency fingerprinting commercial communication devices to enhance electronic security , 2008, Int. J. Electron. Secur. Digit. Forensics.

[9]  Timothy J. Carbino,et al.  Electronic Control Unit Discrimination Using Wired Signal Distinct Native Attributes , 2019, Critical Infrastructure Protection.

[10]  Timothy J Carbino,et al.  Exploitation of Unintentional Ethernet Cable Emissions Using Constellation Based-Distinct Native Attribute (CB-DNA) Fingerprints to Enhance Network Security , 2015 .

[11]  Mirco Marchetti,et al.  Anomaly detection of CAN bus messages through analysis of ID sequences , 2017, 2017 IEEE Intelligent Vehicles Symposium (IV).

[12]  Sheldon A. Munns,et al.  RF-DNA Fingerprinting for Airport WiMax Communications Security , 2010, 2010 Fourth International Conference on Network and System Security.

[13]  Michael A. Temple,et al.  Authorized and Rogue Device Discrimination Using Dimensionally Reduced RF-DNA Fingerprints , 2015, IEEE Transactions on Information Forensics and Security.

[14]  Michael A. Temple,et al.  Physical layer identification of embedded devices using RF-DNA fingerprinting , 2010, 2010 - MILCOM 2010 MILITARY COMMUNICATIONS CONFERENCE.

[15]  Michael A. Temple,et al.  Sensitivity Analysis of Burst Detection and RF Fingerprinting Classification Performance , 2009, 2009 IEEE International Conference on Communications.

[16]  Roderick Currie Hacking the CAN Bus: Basic Manipulation of a Modern Automobile Through CAN Bus Reverse Engineering , 2020 .

[17]  Mani Mina,et al.  Physical-Layer Identification of Wired Ethernet Devices , 2012, IEEE Transactions on Information Forensics and Security.

[18]  Michael A. Temple,et al.  Intrinsic Physical-Layer Authentication of Integrated Circuits , 2012, IEEE Transactions on Information Forensics and Security.

[19]  Michael A. Temple,et al.  Enhancing Critical Infrastructure and Key Resources (CIKR) Level-0 Physical Process Security Using Field Device Distinct Native Attribute Features , 2017, IEEE Transactions on Information Forensics and Security.

[20]  Hafiz Malik,et al.  Linking received packet to the transmitter through physical-fingerprinting of controller area network , 2017, 2017 IEEE Workshop on Information Forensics and Security (WIFS).

[21]  Ram Dantu,et al.  Automating ECU Identification for Vehicle Security , 2016, 2016 15th IEEE International Conference on Machine Learning and Applications (ICMLA).

[22]  Trevor J. Bihl,et al.  Ethernet card discrimination using unintentional cable emissions and constellation-based fingerprinting , 2015, 2015 International Conference on Computing, Networking and Communications (ICNC).

[23]  Michael A. Temple,et al.  Improving ZigBee Device Network Authentication Using Ensemble Decision Tree Classifiers With Radio Frequency Distinct Native Attribute Fingerprinting , 2015, IEEE Transactions on Reliability.

[24]  Erich Leitgeb,et al.  Replacement of the Controller Area Network (CAN) protocol for future automotive bus system solutions by substitution via optical networks , 2016, 2016 18th International Conference on Transparent Optical Networks (ICTON).

[25]  I. Dadour,et al.  Temperature variations in a parked vehicle. , 2011, Forensic science international.

[26]  R. Currie,et al.  Developments in Car Hacking , 2020 .

[27]  Michael A. Temple,et al.  Gabor-based RF-DNA fingerprinting for classifying 802.16e WiMAX Mobile Subscribers , 2012, 2012 International Conference on Computing, Networking and Communications (ICNC).

[28]  Bogdan Groza,et al.  Source Identification Using Signal Characteristics in Controller Area Networks , 2014, IEEE Signal Processing Letters.

[29]  Michael A. Temple,et al.  Using DE-Optimized LFS Processing to Enhance 4G Communication Security , 2011, 2011 Proceedings of 20th International Conference on Computer Communications and Networks (ICCCN).