TIDAL-CAN: Differential Timing Based Intrusion Detection and Localization for Controller Area Network

Murvay, Pal-Stefan; Groza, Bogdan

doi:10.1109/access.2020.2985326

Cited by 23 publications

(1 citation statement)

References 19 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…It is critical to provide security mechanism to protect automotive network from malicious adversaries. By exploiting the inherent variations of physical characteristics in devices introduced by imperfect production process to provide the ability of authentication has been proved effective for such as PUF (Physical Unclonable Function) [27]- [30] as well as source identification and intrusion detection for automotive networks [31].…”

Section: B Related Workmentioning

confidence: 99%

Clock-Based Sender Identification and Attack Detection for Automotive CAN Network

Zhou

Xie

et al. 2021

IEEE Access

View full text Add to dashboard Cite

Building the security mechanism for Controller Area Network (CAN) to defend against attack has drawn substantial attention recently. Fingerprinting ECUs to provide the ability of authentication based on the physical characteristics can protect the CAN network effectively. The clock skew which is unique and stable can be exploited to pinpoint the attacker and detect intrusion. However, a common downside of existing clock-skew-based approaches is that the estimation process can be affected by the message scheduling or arbitration. In our work, a novel intrusion detection system (IDS) that exploits the inherent difference in the clock of devices for automotive CAN network is designed. The estimation process of clock skew in our approach relies only on the time measurement of a single CAN frame. Thus, the disturbance from the data-link layer can be avoided. Since the performance of our IDS depends heavily on the accuracy of estimated clock skew, our approach is evaluated on CAN networks with different settings to simulate cases in which the sampling rate is sufficient or not. The feasibility as well as the limitation of our approach are presented in our work. The evaluation shows that our IDS can identify the sender and detect attacks with an average identification rate of more than 99.7% when the sampling rate is sufficient. Besides, the performance degradation as low sampling accuracy is shown and feasible measures for improvement are also discussed.

show abstract

Section: B Related Workmentioning

confidence: 99%