Survey of Automotive Controller Area Network Intrusion Detection Systems

Novel attacks continue to appear against in-vehicle networks due to the increasing complexity of heterogeneous software and hardware components used in vehicles. These new components introduce challenges when developing efficient and adaptable security mechanisms. Several intrusion detection systems (IDS) have been proposed to identify and protect in-vehicle networks against malicious activities. We describe the state-of-the-art intrusion detection methods for securing automotive networks, with special focus on the Controller Area Network (CAN). We provide a description of vulnerabilities, highlight threat models, identify known attack vectors present in CAN, and discuss the advantages and disadvantages of suggested solutions

Techniques for utilizing classification towards securing automotive controller area network and machine learning towards the reverse engineering of CAN messages

The vehicle industry is quickly becoming more connected and growing. This growth is due to advancements in cyber physical systems (CPSs) that enhance the safety and automation in vehicle. The modern automobile consists of more than 70 electronic control units (ECUs) that communicate and interact with each other over automotive bus systems. Passenger comforts, infotainment features, and connectivity continue to progress through the growth and integration of Internet-of-Things (IoT) technologies. Common networks include the Controller Area Network (CAN), Local Interconnect Network (LIN), and FlexRay. However, the benefits of increased connectivity and features comes with the penalty of increased vulnerabilities. Security is lacking in preventing attacks on safety-critical control systems. I will explore the state of the art methods and approaches researchers have taken to identify threats and how to address them with intrusion detection. I discuss the development of a hybrid based intrusion detection approach that combines anomaly and signature based detection methods. Machine learning is a hot topic in security as it is a method of learning and classifying system behavior and can detect intrusions that alter normal behavior. In this paper, we discuss utilizing machine learning algorithms to assist in classifying CAN messages. I present work that focuses on the reverse engineering and classification of CAN messages. The problem is that even though CAN is standardized, the implementation may vary for different manufacturers and vehicle models. These implementations are kept secret, therefore CAN messages for every vehicle needs to be analyzed and reverse engineered in order to get information. Due to the lack of publicly available CAN specifications, attackers and researchers need to reverse engineer messages to pinpoint which messages will have the desired impact. The reverse engineering process is needed by researchers and hackers for all manufacturers and their respective vehicles to understand what the vehicle is doing and what each CAN message means. The knowledge of the specifications of CAN messages can improve the effectiveness of security mechanisms applied to CAN

From Attack to Defense: Toward Secure In-vehicle Networks

New security breaches in vehicles are emerging due to software-driven Electronic Control Units (ECUs) and wireless connectivity of modern vehicles. These trends have introduced more remote surfaces/endpoints that an adversary can exploit and, in the worst case, use to control the vehicle remotely. Researchers have demonstrated how vulnerabilities in remote endpoints can be exploited to compromise ECUs, access in-vehicle networks, and control vehicle maneuvers. To detect and prevent such vehicle cyber attacks, researchers have also developed and proposed numerous countermeasures (e.g., Intrusion Detection Systems and message authentication schemes). However, there still remain potentially critical attacks that existing defense schemes can neither detect/prevent nor consider. Moreover, existing defense schemes lack certain functionalities (e.g., identifying the message transmitter), thus not providing strong protection for safety-critical ECUs against in-vehicle network attacks. With all such unexplored and unresolved security issues, vehicles and drivers/passengers will remain insecure. This dissertation aims to fill this gap by 1) unveiling a new important and critical vulnerability applicable to several in-vehicle networks (including the Controller Area Network (CAN), the de-facto standard protocol), 2) proposing a new Intrusion Detection System (IDS) which can detect not only those attacks that have already been demonstrated or discussed in literature, but also those that are more acute and cannot be detected by state-of-the-art IDSes, 3) designing an attacker identification scheme that provides a swift pathway for forensic, isolation, security patch, etc., and 4) investigating what an adversary can achieve while the vehicle’s ignition is off. First, we unveil a new type of Denial-of-Service (DoS) attack called the bus-off attack that, ironically, exploits the error-handling scheme of in-vehicle networks. That is, their fault-confinement mechanism — which has been considered as one of their major advantages in providing fault-tolerance and robustness — is used as an attack vector. Next, we propose a new anomaly-based IDS that detects intrusions based on the extracted fingerprints of ECUs. Such a capability overcomes the deficiency of existing IDSes and thus detects a wide range of in-vehicle network attacks, including those existing schemes cannot. Then, we propose an attacker identification scheme that provides a swift pathway for forensic, isolation, and security patch. This is achieved by fingerprinting ECUs based on CAN voltage measurements. It takes advantage of the fact that voltage outputs of each ECU are slightly different from each other due to their differences in supply voltage, ground voltage, resistance values, etc. Lastly, we propose two new attack methods called the Battery-Drain and the Denial-of-Body-control attacks through which an adversary can disable parked vehicles with the ignition off. These attacks invalidate the conventional belief that vehicle cyber attacks are feasible and thus their defenses are required only when the vehicles ignition is on.PHDComputer Science & EngineeringUniversity of Michigan, Horace H. Rackham School of Graduate Studieshttps://deepblue.lib.umich.edu/bitstream/2027.42/144125/1/ktcho_1.pd

Application-Layer Anomaly Detection Leveraging Time-Series Physical Semantics in CAN-FD Vehicle Networks

Data Availability Statement: The data presented in this study are available on request from the corresponding author. The data are not publicly available due to the need for confidentiality of application layer protocols for car companies.The Controller Area Network with Flexible Data-Rate (CAN-FD) bus is the predominant in-vehicle network protocol, responsible for transmitting crucial application semantic signals. Due to the absence of security measures, CAN-FD is vulnerable to numerous cyber threats, particularly those altering its authentic physical values. This paper introduces Physical Semantics-Enhanced Anomaly Detection (PSEAD) for CAN-FD networks. Our framework effectively extracts and standardizes the genuine physical meaning features present in the message data fields. The implementation involves a Long Short-Term Memory (LSTM) network augmented with a self-attention mechanism, thereby enabling the unsupervised capture of temporal information within high-dimensional data. Consequently, this approach fully exploits contextual information within the physical meaning features. In contrast to the non-physical semantics-aware whole frame combination detection method, our approach is more adept at harnessing the physical significance inherent in each segment of the message. This enhancement results in improved accuracy and interpretability of anomaly detection. Experimental results demonstrate that our method achieves a mere 0.64% misclassification rate for challenging-to-detect replay attacks and zero misclassifications for DoS, fuzzing, and spoofing attacks. The accuracy has been enhanced by over 4% in comparison to existing methods that rely on byte-level data field characterization at the data link layer.National Natural Science Foundation of China under Grants 52202494 and 52202495

Hardware Assisted Solutions for Automobile Security

In the past couple of decades, many in-vehicle features have been invented and deployed in order to make modern vehicles which not only safer and more reliable but also connected, smarter, and intelligent. Meanwhile, vehicular ad-hoc networks (VANETs) are proposed to provide communications between vehicles and road-side stations as the foundation of the intelligent transportation system to provide efficient and safe transportation. To support these updated functions, a large amount of electronic equipment has been integrated into the car system. Although these add-on functions around vehicles offer great help in driving assistance, they inevitably introduced new security vulnerabilities that threaten the safety of the on-board drivers, passengers and pedestrians. This has been demonstrated by many well-documented attacks either on the in-vehicle bus system or on the wireless vehicular network communications. In this dissertation, we design and implement several hardware-oriented solutions to the arousing security issues on vehicles. More specifically, we focus on three important and representative problems: (1) how to secure the in-vehicle Controller Area Network (CAN), (2) how to secure the communication between vehicle and outside, and (3) how to establish trust on VANETs. Current approaches based on cryptographic algorithms to secure CAN bus violate the strict timing and limited resource constraints for CAN communications. We thus emphasize on the alternate solution of intrusion detection system (IDS) in this dissertation. We explore monitoring the changes of CAN message content or the physical delay of its transmission to detect on the CAN bus. We first propose a new entropy-based IDS following the observation that all the known CAN message injection attacks need to alter the CAN identifier bit. Thus, analyzing the entropy changes of such bits can be an effective way to detect those attacks. Next, we develop a delay-based IDS to protect the CAN network by identifying the location of the compromised Electronic Control Unit (ECU) from the transmission delay difference to two terminals connected to the CAN bus. We demonstrate that both approaches can protect the integrity of the messages on CAN bus leading to a further improve the security and safety of autonomous vehicles. In the second part of this dissertation, we consider Plug-and-Secure, an industrial practice on key management for automotive CAN networks. It has been proven to be information theoretically secure. However, we discover side-channel attacks based on the physical properties of the CAN bus that can leak almost the entire secret key bits. We analyze the fundamental characteristics that lead to such attacks and propose techniques to minimize information leakage at the hardware level. Next, we extend our study from in-vehicle secure CAN communication to the communication between vehicle and outside world. We take the example of the popular GPS spoofing attack and show how we can use the rich information from CAN bus to build a cross-validation system to detect such attacks. Our approach is based on the belief that the local driving data from the in-vehicle network can be authenticated and thus trusted by secure CAN networks mechanisms. Such data can be used to cross-validate the GPS signals from the satellite which are vulnerable to spoofing attacks. We conduct driving tests on real roads to show that our proposed approach can defend both GPS spoofing attacks and location-based attacks on the VANETs. Finally, we propose a blockchain based Anonymous Reputation System (BARS) to establish a privacy-preserving trust model for VANETs. The certificate and revocation transparency is implemented efficiently with the proofs of presence and absence based on the extended blockchain technology. To prevent the broadcast of forged messages, a reputation evaluation algorithm is presented relying on both direct historical interactions of that vehicle and indirect opinions from the other vehicles. This dissertation features solutions to vehicle security problems based on hardware or physical characteristics, instead of cryptographic algorithms. We believe that given the critical timing requirement on vehicular systems and their very limited resource (such as the bandwidth on CAN bus), this will be a very promising direction to secure vehicles and vehicular network

Security in Computer and Information Sciences

This open access book constitutes the thoroughly refereed proceedings of the Second International Symposium on Computer and Information Sciences, EuroCybersec 2021, held in Nice, France, in October 2021. The 9 papers presented together with 1 invited paper were carefully reviewed and selected from 21 submissions. The papers focus on topics of security of distributed interconnected systems, software systems, Internet of Things, health informatics systems, energy systems, digital cities, digital economy, mobile networks, and the underlying physical and network infrastructures. This is an open access book

Using Sensor Redundancy in Vehicles and Smartphones for Driving Security and Safety

The average American spends around at least one hour driving every day. During that time the driver utilizes various sensors to enhance their commute. Approximately 77% of smartphone users rely on navigation apps daily. Consumer grade OBD dongles that collect vehicle sensor data to monitor safe driving habits are common. Existing sensing applications pertaining to our drive are often separate from each other and fail to learn from and utilize the information gained by other sensing streams and other drivers. In order to best leverage the widespread use of sensing capabilities, we have to unify and coordinate the different sensing streams in a meaningful way. This dissertation explores and validates the following thesis: Sensing the same phenomenon from multiple perspectives can enhance vehicle safety, security and transportation. First, it presents findings from an exploratory study on unifying vehicular sensor streams. We explored combining sensory data from within one vehicle through pairwise correlation and across multiple vehicles through normal models built with principal component analysis and cluster analysis. Our findings from this exploratory study motivated the rest of this thesis work on using sensor redundancy for CAN-bus injection detection and driving hazard detection. Second, we unify the phone sensors with vehicle sensors to detect CAN bus injection attacks that compromise vehicular sensor values. Specifically, we answer the question: Are phone sensors accurate enough to detect typical CAN bus injection attacks found in literature? Through extensive tests we found that phone sensors are sufficiently accurate to detect many CAN-bus injection attacks. Third, we construct GPS trajectories from multiple vehicles nearby to find stationary and mobile driving hazards such as a bicyclist on the side of the road. Such a tool will effectively extend the repertoire of current navigation assistant applications such as Google Maps which detect and warn drivers about upcoming stationary hazards. Finally, we present an easy-to-use tool to help developers and researchers quickly build and prototype data-collection apps that naturally exploit sensing redundancy. Overall, this thesis provides a unified basis for exploiting sensing redundancy existing inside a single vehicle as well as between different vehicles to enhance driving safety and security.PHDComputer Science & EngineeringUniversity of Michigan, Horace H. Rackham School of Graduate Studieshttps://deepblue.lib.umich.edu/bitstream/2027.42/155154/1/arungan_1.pd

Enabling Auditing and Intrusion Detection of Proprietary Controller Area Networks

The goal of this dissertation is to provide automated methods for security researchers to overcome ‘security through obscurity’ used by manufacturers of proprietary Industrial Control Systems (ICS). `White hat\u27 security analysts waste significant time reverse engineering these systems\u27 opaque network configurations instead of performing meaningful security auditing tasks. Automating the process of documenting proprietary protocol configurations is intended to improve independent security auditing of ICS networks. The major contributions of this dissertation are a novel approach for unsupervised lexical analysis of binary network data flows and analysis of the time series data extracted as a result. We demonstrate the utility of these methods using Controller Area Network (CAN) data sampled from passenger vehicles