A low-cost masquerade and replay attack detection method for CAN in automobiles

Abstract

Controller Area Network (CAN) is the main bus that connects Electronic Control Units(ECUs) in automobiles. The CAN protocol has been revised over the years to improve vehicle safety but the security of communication over a CAN bus is still a concern. Despite different kinds of attacks challenge the CAN security, the attack that injects masqueraded CAN frames is extremely difficult to defeat given the limited resources available in CAN system. We propose a low-cost detection mechanism to address the masquerade and replay attacks on the CAN bus. Existing work either requires to store a long list of legal CAN IDs or uses hardware-consuming cryptographic algorithms to detect attacks. In contrast, our method only adds one more CAN ID to the acceptance filter of the CAN node under protection, eliminating the need for cryptographic modules and significantly reducing the hardware cost. We implemented our method in a CAN system prototype. Our experimental results show that the latency overhead of the proposed method is approximately three orders of magnitude less than that of other methods. Our method is capable of detecting the masqueraded and replayed CAN frames with a detection speed of 40μs, which satisfies the real-time requirement of automobiles.