Source Identification Using Signal Characteristics in Controller Area Networks

Murvay, Pal-Stefan; Groza, Bogdan

doi:10.1109/lsp.2014.2304139

Cited by 134 publications

(64 citation statements)

References 4 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Statistical features represent the various characteristics of a sampled signal. As a result, numerous studies on signal processing and wireless communication area employed statistical features for node or channel identification [33], [34], [54]. Since the hardware characteristics of an attack device and channel condition affect the signal characteristics, we employed the statistical features to differentiate an attack signal.…”

Section: Feature Extractionmentioning

confidence: 99%

Hold the Door! Fingerprinting Your Car Key to Prevent Keyless Entry Car Theft

Joo¹,

Choi²,

Lee³

2020

Proceedings 2020 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

Recently, the traditional way to unlock car doors has been replaced with a keyless entry system which proves more convenient for automobile owners. When a driver with a key fob is in the vicinity of the vehicle, doors automatically unlock on user command. However, unfortunately, it has been shown that these keyless entry systems are vulnerable to signal-relaying attacks. While it is evident that automobile manufacturers incorporate preventative methods to secure these keyless entry systems, they continue to be vulnerable to a range of attacks. Relayed signals result in valid packets that are verified as legitimate, and this makes it is difficult to distinguish a legitimate door unlock request from a malicious signal. In response to this vulnerability, this paper presents an RF-fingerprinting method (coined "HOld the DOoR", HODOR) to detect attacks on keyless entry systemsthe first attempt to exploit the RF-fingerprint technique in the automotive domain. HODOR is designed as a sub-authentication method that supports existing authentication systems for keyless entry systems and does not require any modification of the main system to perform. Through a series of experiments, the results demonstrate that HODOR competently and reliably detects attacks on keyless entry systems. HODOR achieves both an average false positive rate (FPR) of 0.27% with a false negative rate (FNR) of 0% for the detection of simulated attacks, corresponding to current research on keyless entry car theft. Furthermore, HODOR was also observed under environmental factors: temperature variation, non-line-of-sight (NLoS) conditions, and battery aging. HODOR yields a false positive rate of 1.32% for the identification of a legitimated key fob even under NLoS conditions. Based on the experimental results, it is expected that HODOR will provide a secure service for keyless entry systems, while remaining convenient.

show abstract

Section: Feature Extractionmentioning

confidence: 99%

Hold the Door! Fingerprinting Your Car Key to Prevent Keyless Entry Car Theft

Joo¹,

Choi²,

Lee³

2020

Proceedings 2020 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

show abstract

“…Observation time of IDS Given that CAN has a preset tight bit budget for messages and resource-constrained ECUs have real-time requirements, it has not been a practical option to incorporate cryptographic primitives as in [8]- [10] into CAN. As an alternative, Intrusion Detection Systems (IDSs) have been proposed that exploit physical properties such as message periodicity and network entropy without modifying the CAN protocol [11]- [14].…”

Section: Accumulated Offsetmentioning

confidence: 99%

Shape of the Cloak: Formal Analysis of Clock Skew-Based Intrusion Detection System in Controller Area Networks

Xiang

Sagong

Clark

et al. 2019

IEEE Trans.Inform.Forensic Secur.

View full text Add to dashboard Cite

This paper presents a new masquerade attack called the cloaking attack and provides formal analyses for clock skewbased Intrusion Detection Systems (IDSs) that detect masquerade attacks in the Controller Area Network (CAN) in automobiles. In the cloaking attack, the adversary manipulates the message inter-transmission times of spoofed messages by adding delays so as to emulate a desired clock skew and avoid detection. In order to predict and characterize the impact of the cloaking attack in terms of the attack success probability on a given CAN bus and IDS, we develop formal models for two clock skew-based IDSs, i.e., the state-of-the-art (SOTA) IDS and its adaptation to the widely used Network Time Protocol (NTP), using parameters of the attacker, the detector, and the hardware platform. To the best of our knowledge, this is the first paper that provides formal analyses of clock skew-based IDSs in automotive CAN. We implement the cloaking attack on two hardware testbeds, a prototype and a real vehicle (the University of Washington (UW) EcoCAR), and demonstrate its effectiveness against both the SOTA and NTP-based IDSs. We validate our formal analyses through extensive experiments for different messages, IDS settings, and vehicles. By comparing each predicted attack success probability curve against its experimental curve, we find that the average prediction error is within 3.0% for the SOTA IDS and 5.7% for the NTP-based IDS.

show abstract

“…However, in our case, these features are utilized to attack the system. The authors in [19] use simple features such as meansquare error between bit samples, and convolution amplitude to fingerprint and identify the ECUs. However, the performance of these mechanisms is highly dependent on the message value, which can vary significantly for our schemes.…”

Section: Intrusion Detection Systems (Ids) Based On Can Signal Characmentioning

confidence: 99%

Probing Attacks on Physical Layer Key Agreement for Automotive Controller Area Networks

Jain

Wang

Arafin

et al. 2018

2018 Asian Hardware Oriented Security and Trust Symposium (AsianHOST)

View full text Add to dashboard Cite

Efficient key management for automotive networks (CAN) is a critical element, governing the adoption of security in the next generation of vehicles. A recent promising approach for dynamic key agreement between groups of nodes, Plugand-Secure for CAN, has been demonstrated to be information theoretically secure based on the physical properties of the CAN bus. In this paper, we illustrate side-channel attacks, leading to nearly-complete leakage of the secret key bits, by an adversary that is capable of probing the CAN bus. We identify the fundamental characteristics that lead to such attacks and propose techniques to minimize the information leakage at the hardware, controller and system levels.

show abstract

Source Identification Using Signal Characteristics in Controller Area Networks

Cited by 134 publications

References 4 publications

Hold the Door! Fingerprinting Your Car Key to Prevent Keyless Entry Car Theft

Hold the Door! Fingerprinting Your Car Key to Prevent Keyless Entry Car Theft

Shape of the Cloak: Formal Analysis of Clock Skew-Based Intrusion Detection System in Controller Area Networks

Probing Attacks on Physical Layer Key Agreement for Automotive Controller Area Networks

Contact Info

Product

Resources

About