Asymmetric Symbol and Skew Sender Identification for Automotive Networks

Abstract

Over recent years, many vulnerabilities have been exposed in vehicles, whose probability of occurrence will rise in the future due to connectivity and increasing system complexity. Even more serious that the Controller Area Network (CAN), widely used by Electronic Control Units (ECUs) to exchange safety-critical messages within a vehicle, does not provide any security measures. In this context, Intrusion Detection Systems (IDSs) have recently been proposed that use time characteristics in the analog transmission signal to identify the sending ECU and detect unauthorized messages. However, realistic application of proposed approaches is not yet tangible, with the full potential of time-based systems yet to be determined. In this elaboration, we therefore establish a foundation by working out robust time characteristics first and analyze root causes for their variation between ECUs. Combining the results with insights from related research, we deduce properties which help to design reliable and feasible IDSs for CAN. Finally, we emphasize these properties by presenting ASSASSIN, an IDS that uses time characteristics to identify the sender of a CAN message and assess authenticity. Achieving an average detection rate of 99.02 %, real-time capable classification and an adaptability to temperature fluctuations, we demonstrate the potential of time-based IDSs on a prototype setup and a real vehicle using resource-limited hardware, also contrasting them with well-elaborated voltage-based IDSs.