35th Annual Computer Security Applications Conference (ACSAC 2019)

Full Program »
Paper
View File
ACM
Presentation
View File
pdf

SIMPLE: Single-Frame based Physical Layer Identification for Intrusion Detection and Prevention on In-Vehicle Networks

The Controller Area Network (CAN) is a bus standard commonly used in the automotive industry for connecting Electronic Control Units (ECUs) within a vehicle. The broadcast nature of this protocol, along with the lack of authentication or strong integrity guarantees for frames, allows for arbitrary data injection/modification and impersonation of the ECUs. While mitigation strategies have been proposed to counter these attacks, high implementation costs or violation of backward compatibility hinder their deployment. In this work, we first examine the shortcomings of state-of-the-art CAN intrusion detection and identification systems that rely on multiple frames to detect misbehavior and attribute it to a particular ECU, and show that they are vulnerable to a Hill-Climbing-style attack. Then we propose SIMPLE, a real-time intrusion detection and identification system that exploits physical layer features of ECUs, which would not only allow an attack to be detected using a single frame but also be effectively nullified. SIMPLE has low computational and data acquisition costs, and its efficacy is demonstrated by both in-lab experiments with automotive-grade CAN transceivers as well as in-vehicle experiments, where average equal error rates of close to $0\,\%$ and $0.8985\,\%$ are achieved, respectively.

Mahsa Foruhandeh
Virginia Tech

Yanmao Man
University of Arizona

Ryan Gerdes
Virginia Tech

Ming Li
University of Arizona

Thidapat Chantam
Virginia Tech

 



Powered by OpenConf®
Copyright©2002-2020 Zakon Group LLC