Temperature-sensitive Fingerprinting on ECU Clock Offset for CAN Intrusion Detection and Source Identification

Abstract

The Controller Area Network (CAN) is the most widely used standard for reliable in-vehicle communications, whereas the lack of security authentication of CAN protocols makes it exposure to targeted attacks. At present, there have been two main streams of security mechanisms, including message authentication and Intrusion Detection Systems (IDSs). The IDS, which uses the physical characteristics of Electronic Control Units (ECUs) as fingerprints to detect the intrusion and identify the attack source, is the most popular one. However, demonstrated by observations, we found the change of temperature will cause the failure of the state-of-the-art IDSs because quartz crystal clock frequency is temperature-sensitive. Inspired by the fact that the clock offset of a specific ECU varies with the temperature, we propose the conception of the temperature-sensitive fingerprints of ECU. In our method, KNN (K-Nearest Neighbor) is used to classify the clock offset of the messages to detect intrusion messages and identify the source ECU. Our approach does not require any additional equipment, which is vital in in-vehicle networks with limited resources. To evaluate the feasibility of the proposed approach, we mount a masquerade attack on a CAN bus prototype and use our method as the IDS. The method is also verified with the data from real vehicles, and the result shows that it works on both the CAN bus prototype and real vehicles. Extensive experiments show that the proposed method has a high detection and identification rate, which is between 98.095% and 100% as the temperature increases from 10 °C to 70 °C.