2,507 research outputs found
Cloaking the Clock: Emulating Clock Skew in Controller Area Networks
Automobiles are equipped with Electronic Control Units (ECU) that communicate
via in-vehicle network protocol standards such as Controller Area Network
(CAN). These protocols are designed under the assumption that separating
in-vehicle communications from external networks is sufficient for protection
against cyber attacks. This assumption, however, has been shown to be invalid
by recent attacks in which adversaries were able to infiltrate the in-vehicle
network. Motivated by these attacks, intrusion detection systems (IDSs) have
been proposed for in-vehicle networks that attempt to detect attacks by making
use of device fingerprinting using properties such as clock skew of an ECU. In
this paper, we propose the cloaking attack, an intelligent masquerade attack in
which an adversary modifies the timing of transmitted messages in order to
match the clock skew of a targeted ECU. The attack leverages the fact that,
while the clock skew is a physical property of each ECU that cannot be changed
by the adversary, the estimation of the clock skew by other ECUs is based on
network traffic, which, being a cyber component only, can be modified by an
adversary. We implement the proposed cloaking attack and test it on two IDSs,
namely, the current state-of-the-art IDS and a new IDS that we develop based on
the widely-used Network Time Protocol (NTP). We implement the cloaking attack
on two hardware testbeds, a prototype and a real connected vehicle, and show
that it can always deceive both IDSs. We also introduce a new metric called the
Maximum Slackness Index to quantify the effectiveness of the cloaking attack
even when the adversary is unable to precisely match the clock skew of the
targeted ECU.Comment: 11 pages, 13 figures, This work has been accepted to the 9th ACM/IEEE
International Conference on Cyber-Physical Systems (ICCPS
Intrusion Detection System for Platooning Connected Autonomous Vehicles
The deployment of Connected Autonomous Vehicles (CAVs) in Vehicular Ad Hoc Networks (VANETs) requires secure wireless communication in order to ensure reliable connectivity and safety. However, this wireless communication is vulnerable to a variety of cyber atacks such as spoofing or jamming attacks. In this paper, we describe an Intrusion Detection System (IDS) based on Machine Learning (ML) techniques designed to detect both spoofing and jamming attacks in a CAV environment. The IDS would reduce the risk of traffic disruption and accident caused as a result of cyber-attacks. The detection engine of the presented IDS is based on the ML algorithms Random Forest (RF), k-Nearest Neighbour (k-NN) and One-Class Support Vector Machine (OCSVM), as well as data fusion techniques in a cross-layer approach. To the best of the authors’ knowledge, the proposed IDS is the first in literature that uses a cross-layer approach to detect both spoofing and jamming attacks against the communication of connected vehicles platooning. The evaluation results of the implemented IDS present a high accuracy of over 90% using training datasets containing both known and unknown attacks
- …