Abstract:With the deep integration of the Internet of Things (IoT) technology and the increase of computational power and memory, vehicles can also serve as the infrastructures for Intelligent Transportation System (ITS), e.g., as fog nodes. However, when connecting vehicles to the internet, alongside with the benefits it brings, it also opens many new challenges such as security attacks. Controller Area Network (CAN) is one of the main in-vehicle communication protocols in modern cars. Its lack of sender verification mechanism makes CAN particularly vulnerable to cyber-attacks including masquerade attack. Fingerprinting Electronic Control Units (ECUs) based on hardware characteristics has been proved feasible and effective on defending CAN buses. However, most state-of-the-art works exploited the supervised learning algorithm to identify the transmitter based on the signal characteristics. This makes the decision process hard to understand, and it also limits the deployment on proprietary CAN bus without prior knowledge. To solve this, we design a novel clock-skew-based approach capable of pinpointing the sender and detecting intrusion on proprietary CAN bus. We take a single CAN frame as the object for measurement, and adjust the measuring process such that our approach can be independent of the transmission time of frames. Based on the statistical analysis of data from real vehicles, we propose a novel box-plot algorithm based on score mechanism to filter the raw data. Finally, the clock skews are estimated and accumulated to build a linear model for representing the transmitter ECU. The evaluation results on one CAN prototype and two production vehicles show that our approach is able to well identify and differentiate ECUs on the bus without prior knowledge. The data processed by the proposed box-plot algorithm can describe the hardware characteristics of ECUs precisely. We also show the ability of our approach to protecting the CAN bus against the masquerade attack.

A Model-Based Method for Enabling Source Mapping and Intrusion Detection on Proprietary Can Bus

Towards Automatically Reverse Engineering Vehicle Diagnostic Protocols

Intrusion Detection Method for In-Vehicle CAN Bus Based on Message and Time Transfer Matrix

Intrusion detection and defence for CAN bus through frequency anomaly analysis and arbitration mechanism

A Delay Based Plug-in-Monitor for Intrusion Detection in Controller Area Network.

Exploiting the Shape of CAN Data for In-Vehicle Intrusion Detection

CAN-LOC: Spoofing Detection and Physical Intrusion Localization on an In-Vehicle CAN Bus Based on Deep Features of Voltage Signals

Practical IDS on In-vehicle Network Against Diversified Attack Models

Side Channel Analysis: A Novel Intrusion Detection System Based on Vehicle Voltage Signals

Multiple Observation HMM-Based CAN Bus Intrusion Detection System for In-Vehicle Network

Open World Intrusion Detection: An Open Set Recognition Method for Can Bus in Intelligent Connected Vehicles

Covert Channel-Based Transmitter Authentication in Controller Area Networks

Bit-Level Automotive Controller Area Network Message Reverse Framework Based on Linear Regression

Detecting Masquerade Attacks in Controller Area Networks Using Graph Machine Learning

TCE-IDS: Time Interval Conditional Entropy- Based Intrusion Detection System for Automotive Controller Area Networks

CANShield: Deep Learning-Based Intrusion Detection Framework for Controller Area Networks at the Signal-Level

CANCloak: Deceiving Two ECUs with One Frame

ByCAN: Reverse Engineering Controller Area Network (CAN) Messages from Bit to Byte Level

CANsec: A Practical in-Vehicle Controller Area Network Security Evaluation Tool

Security Modeling and Analysis on Intra Vehicular Network.

Intrusion Detection in Intelligent Connected Vehicles Based on Weighted Self-Information