An approach to specification-based attack detection for in-vehicle networks

An upcoming trend for automotive manufacturers is to create seamless interaction between a vehicle and fleet management to provide remote diagnostics and firmware updates over the air. To allow this, the previously isolated in-vehicle network must be connected to an external network, and can thus be exposed to a whole new range of threats known as cyber attacks. In this paper we explore the applicability of a specification-based approach to detect cyber attacks within the in-vehicle network. We derive information to create security specifications for communication and ECU behavior from the CANopen draft standard 3.01 communication protocol and object directory sections. We also provide a set of example specifications, propose a suitable location for the attack detector, and evaluate the detection using a set of attack actions.

[1]  Karl N. Levitt,et al.  Execution monitoring of security-critical programs in distributed systems: a specification-based approach , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[2]  Ulf E. Larson,et al.  Simulated attacks on CAN buses: vehicle virus , 2008 .

[3]  Radovan Miucic,et al.  Firmware Update Over The Air (FOTA) for Automotive Industry , 2007 .

[4]  Dennis K. Nilsson,et al.  Conducting forensic investigations of cyber attacks on automobile in-vehicle networks , 2008, e-Forensics '08.

[5]  M. Luk,et al.  MiniSec: A Secure Sensor Network Communication Architecture , 2007, 2007 6th International Symposium on Information Processing in Sensor Networks.

[6]  Christof Paar,et al.  Security in Automotive Bus Systems , 2004 .

[7]  Karl N. Levitt,et al.  A specification-based intrusion detection system for AODV , 2003, SASN '03.

[8]  Thomas A. Longstaff,et al.  A common language for computer security incidents , 1998 .

[9]  David E. Culler,et al.  SPINS: security protocols for sensor networks , 2001, MobiCom '01.

[10]  Karl N. Levitt,et al.  Automated detection of vulnerabilities in privileged programs by execution monitoring , 1994, Tenth Annual Computer Security Applications Conference.

[11]  Ulf Lindqvist,et al.  Key management and secure software updates in wireless process control environments , 2008, WiSec '08.

[12]  Sasikanth Avancha,et al.  Security for Sensor Networks , 2004 .

[13]  Ulf Lindqvist,et al.  Using Model-based Intrusion Detection for SCADA Networks , 2006 .