Simple: Single-frame based physical layer identification for intrusion detection and prevention on in-vehicle networks

Mahsa Foruhandeh, Yanmao Man, Ryan Gerdes, Ming Li, Thidapat Chantem

Research output: Chapter in Book/Report/Conference proceedingConference contribution

26 Scopus citations

Abstract

The Controller Area Network (CAN) is a bus standard commonly used in the automotive industry for connecting Electronic Control Units (ECUs) within a vehicle. The broadcast nature of this protocol, along with the lack of authentication or strong integrity guarantees for frames, allows for arbitrary data injection/modification and impersonation of the ECUs. While mitigation strategies have been proposed to counter these attacks, high implementation costs or violation of backward compatibility hinder their deployment. In this work, we first examine the shortcomings of state-of-the-art CAN intrusion detection and identification systems that rely on multiple frames to detect misbehavior and attribute it to a particular ECU, and show that they are vulnerable to a Hill-Climbing-style attack. Then we propose SIMPLE, a real-time intrusion detection and identification system that exploits physical layer features of ECUs, which would not only allow an attack to be detected using a single frame but also be effectively nullified. SIMPLE has low computational and data acquisition costs, and its efficacy is demonstrated by both in-lab experiments with automotive-grade CAN transceivers as well as in-vehicle experiments, where average equal error rates of close to 0% and 0.8985% are achieved, respectively.

Original languageEnglish (US)
Title of host publicationProceedings - 35th Annual Computer Security Applications Conference, ACSAC 2019
PublisherAssociation for Computing Machinery
Pages229-244
Number of pages16
ISBN (Electronic)9781450376280
DOIs
StatePublished - Dec 9 2019
Event35th Annual Computer Security Applications Conference, ACSAC 2019 - San Juan, United States
Duration: Dec 9 2019Dec 13 2019

Publication series

NameACM International Conference Proceeding Series

Conference

Conference35th Annual Computer Security Applications Conference, ACSAC 2019
Country/TerritoryUnited States
CitySan Juan
Period12/9/1912/13/19

Keywords

  • Controller Area Networks
  • Electronic Control Units
  • Hill-climbing Attacks
  • Physical Layer Identification

ASJC Scopus subject areas

  • Software
  • Human-Computer Interaction
  • Computer Vision and Pattern Recognition
  • Computer Networks and Communications

Fingerprint

Dive into the research topics of 'Simple: Single-frame based physical layer identification for intrusion detection and prevention on in-vehicle networks'. Together they form a unique fingerprint.

Cite this