Efficient Intrusion Detection With Bloom Filtering in Controller Area Networks

Due to its cost efficiency, the controller area network (CAN) is still the most wide-spread in-vehicle bus, and the numerous reported attacks demonstrate the urgency in designing new security solutions for CAN. In this paper, we propose an intrusion detection mechanism that takes advantage of Bloom filtering to test frame periodicity based on message identifiers and parts of the data-field which facilitates detection of potential replay or modification attacks. This proves to be an effective approach since most of the traffic from in-vehicle buses is cyclic in nature and the format of the data-field is fixed due to rigid signal allocation. Bloom filters provide an efficient time-memory tradeoff which is beneficial for the constrained resources of automotive grade controllers. We test the correctness of our approach and obtain good results on an industry-standard CANoe-based simulation for a J1939 commercial-vehicle bus and also on CAN with flexible data-rate traces obtained from a real-world high-end vehicle. The proposed filtering mechanism is straightforward to adapt for any other time-triggered in-vehicle bus, e.g., FlexRay, since it is built on time-driven characteristics.

[1]  Kang G. Shin,et al.  Error Handling of In-vehicle Networks Makes Them Vulnerable , 2016, CCS.

[2]  Huy Kang Kim,et al.  OTIDS: A Novel Intrusion Detection System for In-vehicle Network by Using Remote Frame , 2017, 2017 15th Annual Conference on Privacy, Security and Trust (PST).

[3]  Dong Hoon Lee,et al.  A Practical Security Architecture for In-Vehicle CAN-FD , 2016, IEEE Transactions on Intelligent Transportation Systems.

[4]  Michele Colajanni,et al.  Detecting attacks to internal vehicle networks through Hamming distance , 2017, 2017 AEIT International Annual Conference.

[5]  Dong Hoon Lee,et al.  VoltageIDS: Low-Level Communication Characteristics for Automotive Intrusion Detection System , 2018, IEEE Transactions on Information Forensics and Security.

[6]  Daxin Tian,et al.  An Intrusion Detection System Based on Machine Learning for CAN-Bus , 2017, INISCOM.

[7]  Nathalie Japkowicz,et al.  Anomaly Detection in Automobile Control Network Data with Long Short-Term Memory Networks , 2016, 2016 IEEE International Conference on Data Science and Advanced Analytics (DSAA).

[8]  Ingrid Verbauwhede,et al.  LiBrA-CAN: A Lightweight Broadcast Authentication Protocol for Controller Area Networks , 2012, CANS.

[9]  HyunYong Lee,et al.  Improving Bloom Filter Forwarding Architectures , 2014, IEEE Communications Letters.

[10]  Damon McCoy,et al.  OCTANE (Open Car Testbed and Network Experiments): Bringing Cyber-Physical Security Research to Researchers and Students , 2013, CSET.

[11]  Kang G. Shin,et al.  Fingerprinting Electronic Control Units for Vehicle Intrusion Detection , 2016, USENIX Security Symposium.

[12]  Kazuomi Oishi,et al.  A Method of Preventing Unauthorized Data Transmission in Controller Area Network , 2012, 2012 IEEE 75th Vehicular Technology Conference (VTC Spring).

[13]  Je-Won Kang,et al.  A Novel Intrusion Detection Method Using Deep Neural Network for In-Vehicle Network Security , 2016, 2016 IEEE 83rd Vehicular Technology Conference (VTC Spring).

[14]  Robert Bosch,et al.  Plug-and-Secure Communication for CAN , 2015 .

[15]  Je-Won Kang,et al.  Intrusion Detection System Using Deep Neural Network for In-Vehicle Network Security , 2016, PloS one.

[16]  Jana Dittmann,et al.  Security threats to automotive CAN networks - Practical examples and selected short-term countermeasures , 2008, Reliab. Eng. Syst. Saf..

[17]  Bogdan Groza,et al.  Source Identification Using Signal Characteristics in Controller Area Networks , 2014, IEEE Signal Processing Letters.

[18]  Andreas Theissler,et al.  Detecting known and unknown faults in automotive systems using ensemble-based anomaly detection , 2017, Knowl. Based Syst..

[19]  Dong Hoon Lee,et al.  Identifying ECUs Using Inimitable Characteristics of Signals in Controller Area Networks , 2016, IEEE Transactions on Vehicular Technology.

[20]  Naim Asaj,et al.  Entropy-based anomaly detection for in-vehicle networks , 2011, 2011 IEEE Intelligent Vehicles Symposium (IV).

[21]  Michele Colajanni,et al.  Evaluation of anomaly detection for in-vehicle networks through information-theoretic algorithms , 2016, 2016 IEEE 2nd International Forum on Research and Technologies for Society and Industry Leveraging a better tomorrow (RTSI).

[22]  Felix C. Freiling,et al.  A structured approach to anomaly detection for in-vehicle networks , 2010, 2010 Sixth International Conference on Information Assurance and Security.

[23]  Bogdan Groza,et al.  Efficient Protocols for Secure Broadcast in Controller Area Networks , 2013, IEEE Transactions on Industrial Informatics.

[24]  Alberto L. Sangiovanni-Vincentelli,et al.  Security-aware mapping for CAN-based real-time distributed automotive systems , 2013, 2013 IEEE/ACM International Conference on Computer-Aided Design (ICCAD).

[25]  Qiyan Wang,et al.  VeCure: A practical security framework to protect the CAN bus of vehicles , 2014, 2014 International Conference on the Internet of Things (IOT).

[26]  Matti Valovirta,et al.  Experimental Security Analysis of a Modern Automobile , 2011 .

[27]  Yuval Elovici,et al.  Protecting Military Avionics Platforms from Attacks on MIL-STD-1553 Communication Bus , 2017, ArXiv.

[28]  Stacy J. Prowell,et al.  Modeling inter-signal arrival times for accurate detection of CAN bus signal injection attacks: a data-driven approach to in-vehicle intrusion detection , 2017, CISRC.

[29]  Burton H. Bloom,et al.  Space/time trade-offs in hash coding with allowable errors , 1970, CACM.

[30]  André Weimerskirch,et al.  Recognizing Manipulated Electronic Control Units , 2015 .

[31]  Vincent Nicomette,et al.  A language-based intrusion detection approach for automotive embedded networks , 2015, Int. J. Embed. Syst..

[32]  Hiroaki Takada,et al.  CaCAN: Centralized Authentication System in CAN (Controller Area Network) , 2016 .

[33]  Radha Poovendran,et al.  Cloaking the Clock: Emulating Clock Skew in Controller Area Networks , 2017, 2018 ACM/IEEE 9th International Conference on Cyber-Physical Systems (ICCPS).

[34]  Hovav Shacham,et al.  Comprehensive Experimental Analyses of Automotive Attack Surfaces , 2011, USENIX Security Symposium.

[35]  W. Marsden I and J , 2012 .

[36]  Hyesook Lim,et al.  Complement Bloom Filter for Identifying True Positiveness of a Bloom Filter , 2015, IEEE Communications Letters.

[37]  Flavio D. Garcia,et al.  LeiA: A Lightweight Authentication Protocol for CAN , 2016, ESORICS.

[38]  Alberto L. Sangiovanni-Vincentelli,et al.  Security-Aware Modeling and Efficient Mapping for CAN-Based Real-Time Distributed Automotive Systems , 2015, IEEE Embedded Systems Letters.

[39]  Anupam Joshi,et al.  OBD_SecureAlert: An Anomaly Detection System for Vehicles , 2016, 2016 IEEE International Conference on Smart Computing (SMARTCOMP).

[40]  Huy Kang Kim,et al.  Intrusion detection system based on the analysis of time intervals of CAN messages for in-vehicle network , 2016, 2016 International Conference on Information Networking (ICOIN).

[41]  Li Zhao,et al.  POSTER: Intrusion Detection System for In-vehicle Networks using Sensor Correlation and Integration , 2017, CCS.

[42]  Jorge Guajardo,et al.  Physical Layer Group Key Agreement for Automotive Controller Area Networks , 2016, CHES.

[43]  Alexander M. Wyglinski,et al.  Securing Vehicular Controller Area Networks: An Approach to Active Bus-Level Countermeasures , 2017, IEEE Vehicular Technology Magazine.