Visible to the public Scission: Signal Characteristic-Based Sender Identification and Intrusion Detection in Automotive Networks

Submitted by aekwall on Mon, 12/16/2019 - 2:29pm
TitleScission: Signal Characteristic-Based Sender Identification and Intrusion Detection in Automotive Networks
Publication TypeConference Paper
Year of Publication2018
AuthorsKneib, Marcel, Huth, Christopher
Conference NameProceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security
PublisherACM
Conference LocationNew York, NY, USA
ISBN Number978-1-4503-5693-0
Keywordsautomotive security, controller area network, controller area network security, Cyber-physical systems, Internet of Things, Intrusion detection, pubcrawl, resilience, sender identification
AbstractIncreased connectivity increases the attack vector. This also applies to connected vehicles in which vulnerabilities not only threaten digital values but also humans and the environment. Typically, attackers try to exploit the Controller Area Network (CAN) bus, which is the most widely used standard for internal vehicle communication. Once an Electronic Control Unit (ECU) connected to the CAN bus is compromised, attackers can manipulate messages at will. The missing sender authentication by design of the CAN bus enables adversarial access to vehicle functions with severe consequences. In order to address this problem, we propose Scission, an Intrusion Detection System (IDS) which uses fingerprints extracted from CAN frames, enabling the identification of sending ECUs. Scission utilizes physical characteristics from analog values of CAN frames to assess whether it was sent by the legitimate ECU. In addition, to detect comprised ECUs, the proposed system is able to recognize attacks from unmonitored and additional devices. We show that Scission is able to identify the sender with an average probability of 99.85%, during the evaluation on two series production cars and a prototype setup. Due to the robust design of the system, the evaluation shows that all false positives were prevented. Compared to previous approaches, we have significantly reduced hardware costs and increased identification rates, which enables a broad application of this technology.
URLhttp://doi.acm.org/10.1145/3243734.3243751
DOI10.1145/3243734.3243751
Citation Keykneib_scission:_2018
Groups: