Clock-Based Sender Identification and Attack Detection for Automotive CAN Network

Jia Zhou,Siyang Yu,Renfa Li,Guoqi Xie

doi:10.1109/access.2020.3046862

Abstract

Building the security mechanism for Controller Area Network (CAN) to defend against attack has drawn substantial attention recently. Fingerprinting ECUs to provide the ability of authentication based on the physical characteristics can protect the CAN network effectively. The clock skew which is unique and stable can be exploited to pinpoint the attacker and detect intrusion. However, a common downside of existing clock-skew-based approaches is that the estimation process can be affected by the message scheduling or arbitration. In our work, a novel intrusion detection system (IDS) that exploits the inherent difference in the clock of devices for automotive CAN network is designed. The estimation process of clock skew in our approach relies only on the time measurement of a single CAN frame. Thus, the disturbance from the data-link layer can be avoided. Since the performance of our IDS depends heavily on the accuracy of estimated clock skew, our approach is evaluated on CAN networks with different settings to simulate cases in which the sampling rate is sufficient or not. The feasibility as well as the limitation of our approach are presented in our work. The evaluation shows that our IDS can identify the sender and detect attacks with an average identification rate of more than 99.7% when the sampling rate is sufficient. Besides, the performance degradation as low sampling accuracy is shown and feasible measures for improvement are also discussed.

Highlights

Nowadays, the vehicles are gradually becoming an mobile computing platform with various external connection channels
4) DISCUSSION ON RESULTS OF HIGH-SPEED Controller Area Network (CAN) From the results shown in Section V-B3, the average and minimum identification rate for Support Vector Machine (SVM) is 90.06% and 69% respectively when N = 200
The CAN frames from other Electronic Control Units (ECUs) excluding ECU0 and ECU2 can still be well identified with very high probability

Summary

Introduction

The vehicles are gradually becoming an mobile computing platform with various external connection channels. The internal communication systems of vehicles fail to adapt to the challenges brought by the connected vehicles. The malicious adversaries can manipulate the vehicle’s behaviors and even control the safety-critical function via intruding the automotive network. Miller and Valasek [1] have successfully demonstrated how to compromise the internal communication systems on a production vehicle of Jeep Cherokee and. A. PRIMER ON CAN 1) AUTOMOTIVE CAN BUS CAN is critical for in-vehicle communication system, the powertrain system [26]. The CAN communication system is implemented on every production vehicle as required [21]. There are usually several CAN bus employed in a single vehicle, which can be used for different function such as powertrain, body control and infotainment. The internal communication system can be accessed by a Standardized interface called OBD-II

Methods

Results

Conclusion