CANon: Lightweight and Practical Cyber-Attack Detection for Automotive Controller Area Networks
Abstract
:1. Introduction
- PROBLEM 1: What types of cyber-attacks can the proposed security service detect in real-time? it considers the cyber-attacks that can occur while driving.
- PROBLEM 2: What levels of security and safety can it provide while driving?
- PROBLEM 3: What is a suitable method to provide data integrity and availability for resource-limited nodes? With such a method, we should consider how to satisfy the requirements of real-time processing and timeliness for safety-critical applications such as the automotive CPS.
- PROBLEM 4: How do we minimize a key exposure problem when detecting cyber-attacks based on a symmetric key? We should address that either the same secret key used for a long period or the redistribution of new keys increases the potential for exposing security vulnerabilities when using a key-based detection scheme.
- PROBLEM 5: How do we design a new security service for the legacy in-vehicle network and the internal architecture in terms of a cost-effective system? We consider the ways to achieve scalability, feasibility, and adaptability of the proposed security service at the same time.
2. Background and Challenges
2.1. Key Characteristics and Limitations of Controller Area Network
2.2. Assumptions and Considerations of Efficient Cyber-Attack Detection
2.3. Conventional Cyber-Attack Detection Methods for Controller Area Network
2.4. Threat Model
3. Cyber-Attack Detection Based on Origin Authentication for Controller Area Network
3.1. Overview of CAN with Origin Authentication and Non-Repudiation for Cyber-Attack Detection
3.2. Group Organization and Identification
3.3. A CANon Platform
3.3.1. Transmission Time Interval-Based Cyber-Attack Detection
3.3.2. Sequential Hash Chain-Based Cyber-Attack Detection
3.3.3. Enclosed-Key Distribution and Management for Session Management
3.4. CANon Operation
3.4.1. Sender Operation
3.4.2. Receiver Operation
Algorithm 1: Sender Operations | |
Input: | Known , , , , and Given Given , the maximum number of iterations of a hash function |
Output: | |
1 | = an integer value between and |
2 | While |
3 | If = 1 Then |
4 | = |
5 | Else |
6 | = |
7 | End If |
8 | End While |
9 | = |
10 | = |
11 | |
12 | Transmit |
Algorithm 2: Receiver Operations during SHC-AD | |
Input: | Known , , , and Given |
Output: | Boolean |
1 | Extract from |
2 | Extract from |
3 | Extract from |
4 | While |
5 | If = 1 Then |
6 | = |
7 | Else |
8 | = |
9 | End If |
10 | End While |
11 | = |
12 | = |
13 | IF = Then |
14 | Verify as TRUE |
15 | Else |
16 | Verify as FALSE |
17 | Discard |
18 | End If |
3.4.3. Gateway Operation
Algorithm 3: Gateway Operations in E-KDM | |
Input: | Known , , and Given , = bits padded with randomized bits, = 0 |
Output: | , |
1 | = an integer value between and |
2 | = |
3 | |
4 | = |
5 | = |
6 | While |
7 | = |
8 | End While |
9 | = |
10 | Transmit |
11 | Return |
Algorithm 4: Group Operations in E-KDM | |
Input: | Known , , , and Given |
Output: | |
1 | Extract from |
2 | Extract from |
3 | Extract from |
4 | = |
5 | IF == Then |
6 | Verify as TRUE |
7 | Else |
8 | Verify as FALSE |
9 | Discard |
10 | Return |
11 | End If |
12 | = |
13 | = |
14 | While |
15 | = |
16 | End While |
17 | = |
18 | Return |
4. Security Analysis
4.1. Probability of Success of Cyber-Attack
4.2. Analysis of Key Freshness
5. Performance Evaluation
5.1. Experimental Environment
5.2. Determination of Variables
5.3. Experimental Results
5.3.1. CANon’s Defensibility
5.3.2. Comparison of Theoretical Analysis and Experimental Performance
6. Conclusions
Author Contributions
Funding
Conflicts of Interest
References
- Langner, R. Stuxnet: Dissecting a cyberwarfare weapon. IEEE Secur. Priv. 2011, 9, 49–51. [Google Scholar] [CrossRef]
- BlueLink. Available online: http://bluelink.hyundai.com/main/index.html (accessed on 9 December 2018).
- Mercedes Me Connect. Available online: https://www.mercedes-benz.com/en/mercedes-me/connectivity/ (accessed on 9 December 2018).
- BMW Connected Drive. Available online: https://www.bmw-connecteddrive.co.uk/app/index.html (accessed on 9 December 2018).
- Silva, J.F.M.C.; Santos, D.M.S.; Marques, V.C.; Oliveira, K.D.; Rodrigues, T.O.; Texeira, R.G.F.; Menezes, J.W.M.; Silva, F.D. A Study of Bluetooth Application for Remote Controlling of Mobile Embedded Systems. In Proceedings of the 2012 Brazilian Symposium on Computing System Engineering, Natal, Brazil, 5–7 November 2012; p. 116. [Google Scholar]
- Qi, Z.; Dong, P.; Ma, K.; Sargeant, N. A design of in-car multi-layer communication network with Bluetooth and CAN bus. In Proceedings of the 2016 IEEE 14th International Workshop on Advanced Motion Control (AMC), Auckland, New Zealand, 22–24 April 2016; pp. 323–326. [Google Scholar]
- Dudu, T.S.; Yadav, S.G.; Kumar, M.A.; Rani, N.C. In-Vehicle Automotive Network Gateway Electronic Control Unit for Low Price Vehicle. SASTech-Tech. J. RUAS 2009, 8, 79–86. [Google Scholar]
- Lokman, S.F.; Othman, A.T.; Abu-Bakar, M.H. Intrusion detection system for automotive Controller Area Network (CAN) bus system: A review. EURASIP J. Wirel. Commun. Netw. 2019, 2019, 184. [Google Scholar] [CrossRef] [Green Version]
- Security Affairs. Available online: https://securityaffairs.co/wordpress/58402/breaking-news/hyundai-blue-link-flaws.html (accessed on 28 December 2021).
- The Jeep Hackers Are Back to Prove Car Hacking Can Get Much Worse. Available online: https://www.wired.com/2016/08/jeep-hackers-return-high-speed-steering-acceleration-hacks/#:~:text=3%3A30%20PM-,The%20Jeep%20Hackers%20Are%20Back%20to%20Prove%20Car%20Hacking%20Can,still%20be%2D%2D%2Dmuch%20worse.&text=They%20could%20even%20disable%20the%20car’s%20brakes%20at%20low%20speeds (accessed on 28 December 2021).
- Lynch, K.; Marchuk, N.; Elwin, M. Controller Area Network. In Embedded Computing and Mechatronics with the PIC32 Microcontroller; Newnes: Oxford, UK; Boston, MA, USA, 2015. [Google Scholar]
- Farsi, M.; Ratcliff, K.; Barbosa, M. An overview of controller area network. Comput. Control. Eng. J. 1999, 10, 113–120. [Google Scholar] [CrossRef]
- Need a Simple, Practical Intro to CAN Bus? Available online: https://www.csselectronics.com/pages/can-bus-simple-intro-tutorial (accessed on 28 December 2021).
- Talbot, S.C.; Ren, S. Comparison of fieldbus systems can, ttcan, flexray and lin in passenger vehicles. In Proceedings of the 2009 29th IEEE International Conference on Distributed Computing Systems Workshops, Monteral, QC, Canada, 22–26 June 2009; pp. 26–31. [Google Scholar]
- SAE. SAE Technical Report J2056/1: Class C Application Requirement Considerations; Technical Report in SAE handbook; Society of Automotive Engineers: Pittsburgh, PA, USA, 2000. [Google Scholar]
- Tindell, K.; Burns, A. Guaranteed Message Latencies for Distributed Safety-Critical Hard Real-Time Control Networks; Department of Computer Science, University of York: York, UK, 1994; Volume 229, p. 8523751. [Google Scholar]
- Kopetz, H. A Solution to An Automotive Control System Benchmark; Research Report 4/1994; Institut für Technische Informatik, Technische Universität Wein: Vienna, Austria, 1994. [Google Scholar]
- Tindell, K.; Burns, A.; Wellings, A.J. Calculating controller area network (CAN) message response times. Control Eng. Pract. 1995, 3, 1163–1169. [Google Scholar] [CrossRef]
- Checkoway, S.; McCoy, D.; Kantor, B.; Anderson, D.; Shacham, H.; Savage, S.; Koscher, K.; Czeskis, A.; Roesner, F.; Kohno, T. Comprehensive experimental analyses of automotive attack surfaces. In Proceedings of the 20th USENIX Security Symposium (USENIX Security 11), San Francisco, CA, USA, 8–12 August 2011; pp. 6–22. [Google Scholar]
- Charlie, M.; Chris, V. CAN Message Injection: OG Dynamite Edition. Illmatics. 2016. Available online: https://illmatics.com/can%20message%20injection.pdf (accessed on 28 December 2021).
- Atzori, L.; Iera, A.; Morabito, G. The internet of things: A survey. Comput. Netw. 2010, 54, 2787–2805. [Google Scholar] [CrossRef]
- Stumpf, F.; Meves, C.; Weyl, B.; Wolf, M. A security architecture for multipurpose ECUs in vehicles. In Proceedings of the 25th Joint VDI/VW Automotive Security Conference, Ingolstadt, Germany, October 2009; Available online: https://www.evita-project.org/Publications/SMWW09.pdf (accessed on 28 December 2021).
- Mundhenk, P.; Paverd, A.; Mrowca, A.; Steinhorst, S.; Lukasiewycz, M.; Fahmy, S.A.; Chakraborty, S. Security in automotive networks: Lightweight authentication and authorization. ACM Trans. Des. Autom. Electron. Syst. (TODAES) 2017, 22, 1–27. [Google Scholar] [CrossRef] [Green Version]
- Salem, N.B.; Hubaux, J.P. Securing wireless mesh networks. IEEE Wirel. Commun. 2006, 13, 50–55. [Google Scholar] [CrossRef]
- Tsudik, G. Message authentication with one-way hash functions. ACM SIGCOMM Comput. Commun. Rev. 1992, 22, 29–38. [Google Scholar] [CrossRef]
- Groza, B.; Murvay, P.S. Security solutions for the controller area network: Bringing authentication to in-vehicle networks. IEEE Veh. Technol. Mag. 2018, 13, 40–47. [Google Scholar] [CrossRef]
- Woo, S.; Jo, H.J.; Lee, D.H. A practical wireless attack on the connected car and security protocol for in-vehicle CAN. IEEE Trans. Intell. Transp. Syst. 2014, 16, 993–1006. [Google Scholar] [CrossRef]
- Kumari, S.; Khan, M.K.; Li, X. An improved remote user authentication scheme with key agreement. Comput. Electr. Eng. 2014, 40, 1997–2012. [Google Scholar] [CrossRef]
- Dubrova, E.; Näslund, M.; Selander, G.; Lindqvist, F. Message authentication based on cryptographically secure CRC without polynomial irreducibility test. Cryptogr. Commun. 2018, 10, 383–399. [Google Scholar] [CrossRef] [Green Version]
- Krovetz, T.; Black, J.; Halevi, S.; Hevia, A.; Krawczyk, H.; Rogaway, P. UMAC: Message Authentication Code Using Universal Hashing; RFC 4418; The Internet Society: Reston, VA, USA, 2006. [Google Scholar] [CrossRef]
- Mikami, S.; Watanabe, D.; Li, Y.; Sakiyama, K. Fully integrated passive UHF RFID tag for hash-based mutual authentication protocol. Sci. World J. 2015, 2015, 498610. [Google Scholar] [CrossRef] [PubMed] [Green Version]
- Krawczyk, H. The order of encryption and authentication for protecting communications (or: How secure is SSL?). In Proceedings of the Annual International Cryptology Conference, Santa Barbara, CA, USA, 19–23 August 2001; Springer: Berlin/Heidelberg, Germany, 2001; pp. 310–331. [Google Scholar]
- Shamir, A. How to share a secret. Commun. ACM 1979, 22, 612–613. [Google Scholar] [CrossRef]
- Harn, L.; Lin, C. Strong (n, t, n) verifiable secret sharing scheme. Inf. Sci. 2010, 180, 3059–3064. [Google Scholar] [CrossRef]
- Li, Q.; Cao, G. Multicast authentication in the smart grid with one-time signature. IEEE Trans. Smart Grid 2011, 2, 686–696. [Google Scholar] [CrossRef] [Green Version]
- Kang, K.D.; Baek, Y.; Lee, S.; Son, S.H. An attack-resilient source authentication protocol in controller area network. In Proceedings of the 2017 ACM/IEEE Symposium on Architectures for Networking and Communications Systems (ANCS), Beijing, China, 18–19 May 2017; pp. 109–118. [Google Scholar]
- Wardoyo, R.; Setyaningsih, E.; Sari, A.K. Symmetric key distribution model using rsa-crt method. In Proceedings of the 2018 Third International Conference on Informatics and Computing (ICIC), Wuhan, China, 17–18 October 2018; pp. 1–9. [Google Scholar]
- Yashaswini, J. Key Distribution for Symmetric Key Cryptography: A Review. Int. J. Innov. Res. Comput. Commun. Eng. 2015, 2015, 2320–9801. [Google Scholar]
- Perrig, A.; Canetti, R.; Tygar, J.D.; Song, D. Efficient authentication and signing of multicast streams over lossy channels. In Proceedings of the 2000 IEEE symposium on security and privacy (S&P 2000), Berkeley, CA, USA, 14–17 May 2000; pp. 56–73. [Google Scholar]
- Groza, B.; Murvay, S.; Herrewege, A.V.; Verbauwhede, I. LiBrA-CAN: A lightweight broadcast authentication protocol for controller area networks. In Proceedings of the International Conference on Cryptology and Network Security 2012 (CANS 2012), Darmstadt, Germany, 12–14 December 2012; Springer: Berlin/Heidelberg, Germany, 2012; pp. 185–200. [Google Scholar]
- Szilagyi, C.; Koopman, P. Low-cost multicast authentication via validity voting in time-triggered embedded control networks. In Proceedings of the 5th Workshop on Embedded Systems Security 2010 (WESS 2010), Scottsdale, AZ, USA, 24 October 2010; pp. 1–10. [Google Scholar]
- Hammi, M.T.; Livolant, E.; Bellot, P.; Serhrouchni, A.; Minet, P. A lightweight mutual authentication protocol for the IoT. In Proceedings of the International Conference on Mobile and Wireless Technology 2017 (ICMWT 2017), Kuala Lumpur, Malaysia, 26–29 June 2017; Springer: Singapore, 2017; pp. 3–12. [Google Scholar]
- Hsieh, W.B.; Leu, J.S. Design of a time and location based One-Time Password authentication scheme. In Proceedings of the 2011 7th international wireless communications and mobile computing conference 2011, Istanbul, Turkey, 5–8 July 2011; pp. 201–206. [Google Scholar]
- Avdonin, I.; Budko, M.; Budko, M.; Grozov, V.; Guirik, A. A method of creating perfectly secure data transmission channel between unmanned aerial vehicle and ground control station based on one-time pads. In Proceedings of the 2017 9th International Congress on Ultra Modern Telecommunications and Control Systems and Workshops (ICUMT 2017), Munich, Germany, 6–8 November 2017; pp. 410–413. [Google Scholar]
- Zhu, X.; Zhang, H.; Cao, D.; Fang, Z. Robust control of integrated motor-transmission powertrain system over controller area network for automotive applications. Mech. Syst. Signal Process. 2015, 58, 15–28. [Google Scholar] [CrossRef]
- SAE J1939 Bandwidth, Busload and Message Frame Frequency. Available online: https://copperhilltech.com/blog/sae-j1939-bandwidth-busload-and-message-frame-frequency/ (accessed on 28 December 2021).
- Olsson, H. Vehicle Data Acquisition Using Can. OptimumG, Technical Report. 2012. Available online: https://students.optimumg.com/wp-content/uploads/2017/04/vehicledatacan.pdf (accessed on 28 December 2021).
- Rogaway, P.; Shrimpton, T. Cryptographic hash-function basics: Definitions, implications, and separations for preimage resistance, second-preimage resistance, and collision resistance. In Proceedings of the International workshop on fast software encryption 2004 (FSE 2004), Delhi, India, 5–7 February 2004; Springer: Berlin/Heidelberg, Germany, 2004; pp. 371–388. [Google Scholar]
- Flajolet, P.; Gardy, D.; Thimonier, L. Birthday paradox, coupon collectors, caching algorithms and self-organizing search. Discret. Appl. Math. 1992, 39, 207–229. [Google Scholar] [CrossRef] [Green Version]
- Koromilas, L.; Vasiliadis, G.; Athanasopoulos, E.; Ioannidis, S. GRIM: Leveraging GPUs for kernel integrity monitoring. In Proceedings of the International Symposium on Research in Attacks, Intrusions, and Defenses 2016 (RAID 2016), Telecom SudParis, Evry, France, 19–21 September 2016; Springer: Berlin/Heidelberg, Germany, 2016; pp. 3–23. [Google Scholar]
- Eckhoff, D.; Limmer, T.; Dressler, F. Hash tables for efficient flow monitoring: Vulnerabilities and countermeasures. In Proceedings of the IEEE 34th Conference on Local Computer Networks 2009 (LCN 2009), Zurich, Switzerland, 20–23 October 2009; pp. 1087–1094. [Google Scholar]
- Qian, Y.; Ye, F.; Chen, H.H. Security in 5G Wireless Networks. In Security in Wireless Communication Networks; Wiley: Hoboken, NJ, USA, 2021; pp. 281–310. [Google Scholar]
Notation | Description | Notation | Description |
---|---|---|---|
A CAN node that is divided into sender , receiver , and gateway | A keyed-message authentication code (KMAC) | ||
G | A sender-centric group (SCG) | An output of a hash function | |
A session’s identifier | A hash function | ||
A pre-shared initialization vector (IV) | || | Concatenation operation | |
The data of the data field of the -th message transmitted by node at the -th session | A message of the gateway to update an old session into a new session for -th session | ||
Control data of the data field in CAN frame | A normal node’s nonce to generate a local one-time authentication key | ||
A gateway node’s salt to generate the next session key for a given SCG | A session key of the SCG with identifier in the -th session | ||
A one-time local authentication key (OLAK) for | The maximum number of iterations of a hash operation | ||
Bitwise exclusive-OR operation |
Length of KMAC | Number of CAN Messages | Collision Probability |
---|---|---|
32 | 100 | 0.0001152511 |
200 | 0.0004633319 | |
1000 | 0.0116292153 | |
2000 | 0.0465320233 | |
3000 | 0.1046840574 | |
24 | 25 | 0.0017881242 |
50 | 0.0073013096 | |
100 | 0.0295000054 | |
200 | 0.1185433950 | |
16 | 100 | 7.2785590519 |
200 | 26.2108503279 | |
8 | 100 | 99.999999928 |
200 | 100 |
Message ID (Hex) | Message | Size (bit) | Period (ms) | Deadline (ms) | From | To | Description |
---|---|---|---|---|---|---|---|
0 | Session | 8 | 1000 | 0 | Gateway | All | Session Change |
Tool | Model | Note |
---|---|---|
Microcontroller | Freescale S12FX | 40 MHz and 512 KB |
Emulator | USB S08/HCS12 BDM Multilink | - |
Compiler | Code Warrior | For Freescale MCU |
Software | CANoe v8.5 | CAN Network simulator, CAPL, run on a system with an i7-7700 (4.20 GHz) Intel CPU and 16 G RAM |
Connector | VN1630A | Interface device |
Function | Processing Time (ms) |
SHA-256 | 5.3410 |
SHA-1 | 3.3328 |
mCRC32 | 0.0177 |
Bus load rate | 58.7% | 61% | 63.3% | 65.7% |
Total number of CAN messages including brute-force attacks | 221,193 | 230,426 | 238,686 | 247,682 |
Attack rate 1 | 3.9% | 7.5% | 10.8% | 13.9% |
Detection rate in TTI-AD 1 | 38.8% | 45.0% | 60.0% | 70.3% |
Detection rate in SHC-AD 1 | 61.2% | 55.0% | 40.0% | 29.7% |
False positive rate | 0% | 0% | 0% | 0% |
Bus load rate | 56.32% | 61.1% | 63.1% | 65.56% |
Total number of CAN messages including delayed-replay attacks | 212,172 | 230,214 | 236,282 | 245,240 |
Attack rate 1 | 0.1% | 7.9% | 10.4% | 13.6% |
Detection rate in TTI-AD 1 | 100% | 1.0% | 8.4% | 30.8% |
Detection rate in SHC-AD 1 | 0% | 99.0% | 91.6% | 69.2% |
False positive rate | 0% | 0% | 0% | 0% |
Bus load rate | 66.93% | |
Total number of CAN messages including cyber-attacks | 252,974 | |
Attack type | Brute-force attacks | Delayed-replay attacks |
Attack rate 1 | 6.78% | 8.97% |
Detection rate in TTI-AD 1 | 68.70% | 20.03% |
Detection rate in SHC-AD 1 | 31.30% | 79.97% |
False positive rate | 0% | 0% |
Publisher’s Note: MDPI stays neutral with regard to jurisdictional claims in published maps and institutional affiliations. |
© 2022 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
Share and Cite
Baek, Y.; Shin, S. CANon: Lightweight and Practical Cyber-Attack Detection for Automotive Controller Area Networks. Sensors 2022, 22, 2636. https://doi.org/10.3390/s22072636
Baek Y, Shin S. CANon: Lightweight and Practical Cyber-Attack Detection for Automotive Controller Area Networks. Sensors. 2022; 22(7):2636. https://doi.org/10.3390/s22072636
Chicago/Turabian StyleBaek, Youngmi, and Seongjoo Shin. 2022. "CANon: Lightweight and Practical Cyber-Attack Detection for Automotive Controller Area Networks" Sensors 22, no. 7: 2636. https://doi.org/10.3390/s22072636
APA StyleBaek, Y., & Shin, S. (2022). CANon: Lightweight and Practical Cyber-Attack Detection for Automotive Controller Area Networks. Sensors, 22(7), 2636. https://doi.org/10.3390/s22072636