skip to main content
10.1145/3243734.3243751acmconferencesArticle/Chapter ViewAbstractPublication PagesccsConference Proceedingsconference-collections
research-article

Scission: Signal Characteristic-Based Sender Identification and Intrusion Detection in Automotive Networks

Published: 15 October 2018 Publication History

Abstract

Increased connectivity increases the attack vector. This also applies to connected vehicles in which vulnerabilities not only threaten digital values but also humans and the environment. Typically, attackers try to exploit the Controller Area Network (CAN) bus, which is the most widely used standard for internal vehicle communication. Once an Electronic Control Unit (ECU) connected to the CAN bus is compromised, attackers can manipulate messages at will. The missing sender authentication by design of the CAN bus enables adversarial access to vehicle functions with severe consequences. In order to address this problem, we propose Scission, an Intrusion Detection System (IDS) which uses fingerprints extracted from CAN frames, enabling the identification of sending ECUs. Scission utilizes physical characteristics from analog values of CAN frames to assess whether it was sent by the legitimate ECU. In addition, to detect comprised ECUs, the proposed system is able to recognize attacks from unmonitored and additional devices. We show that Scission is able to identify the sender with an average probability of 99.85%, during the evaluation on two series production cars and a prototype setup. Due to the robust design of the system, the evaluation shows that all false positives were prevented. Compared to previous approaches, we have significantly reduced hardware costs and increased identification rates, which enables a broad application of this technology.

Supplementary Material

MP4 File (p787-kneib.mp4)

References

[1]
Stefan Axelsson. 2000. Intrusion Detection Systems: A Survey and Taxonomy.
[2]
Léon Bottou. 2010. Large-Scale Machine Learning with Stochastic Gradient Descent Proceedings of COMPSTAT'2010, Yves Lechevallier and Gilbert Saporta (Eds.). Physica-Verlag HD, Heidelberg, 177--186.
[3]
Stephen Checkoway, Damon McCoy, Brian Kantor, Danny Anderson, Hovav Shacham, Stefan Savage, Karl Koscher, Alexei Czeskis, Franziska Roesner, and Tadayoshi Kohno. 2011. Comprehensive Experimental Analyses of Automotive Attack Surfaces Proceedings of the 20th USENIX Conference on Security (SEC'11). USENIX Association, Berkeley, CA, USA, 6--6.
[4]
Kyong-Tak Cho and Kang G. Shin. 2016. Fingerprinting Electronic Control Units for Vehicle Intrusion Detection 25th USENIX Security Symposium (USENIX Security 16). USENIX Association, Austin, TX, 911--927. https://www.usenix.org/conference/usenixsecurity16/technical-sessions/presentation/cho
[5]
Kyong-Tak Cho and Kang G. Shin. 2017. Viden: Attacker Identification on In-Vehicle Networks Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security (CCS '17). ACM, New York, NY, USA, 1109--1123.
[6]
W. Choi, H. J. Jo, S. Woo, J. Y. Chun, J. Park, and D. H. Lee. 2018. Identifying ECUs Using Inimitable Characteristics of Signals in Controller Area Networks. IEEE Transactions on Vehicular Technology Vol. 67, 6 (2018), 4757--4770.
[7]
Martin A. Fischler and Robert C. Bolles. 1981. Random Sample Consensus: A Paradigm for Model Fitting with Applications to Image Analysis and Automated Cartography. Commun. ACM Vol. 24, 6 (June. 1981), 381--395.
[8]
Federal Office for Information Security. 2018. TR-02102--1 Cryptographic Mechanisms: Recommendations and Key Lengths.
[9]
Jo ao Gama, Indr.e vZliobait.e, Albert Bifet, Mykola Pechenizkiy, and Abdelhamid Bouchachia. 2014. A survey on concept drift adaptation. ACM Computing Surveys (CSUR) Vol. 46, 4 (2014), 44.
[10]
Robert Bosch GmbH. 1991. CAN Specification v2.0.
[11]
Robert Bosch GmbH. 2012. CAN with Flexible Data-Rate Specification Version 1.0.
[12]
B. Groza and S. Murvay. 2013. Efficient Protocols for Secure Broadcast in Controller Area Networks. IEEE Transactions on Industrial Informatics Vol. 9, 4 (Nov. 2013), 2034--2042.
[13]
Florian Hartwich. 2012. CAN with flexible data-rate.
[14]
Aaron Higbee. 2007. Hack Your Car for Boost and Power! DEF CON 15 Hacking Conference.
[15]
T. Hoppe, S. Kiltz, and J. Dittmann. 2008 a. Adaptive Dynamic Reaction to Automotive IT Security Incidents Using Multimedia Car Environment. In 2008 The Fourth International Conference on Information Assurance and Security. ACM, New York, NY, USA, 295--298.
[16]
Tobias Hoppe, Stefan Kiltz, and Jana Dittmann. 2008 b. Security Threats to Automotive CAN Networks -- Practical Examples and Selected Short-Term Countermeasures. In Computer Safety, Reliability, and Security, Michael D. Harrison and Mark-Alexander Sujan (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 235--248.
[17]
Tobias Hoppe, Stefan Kiltz, and Jana Dittmann. 2009. Applying intrusion detection to automotive it-early insights and remaining challenges. Journal of Information Assurance and Security (JIAS) Vol. 4, 6 (2009), 226--235.
[18]
Peter J. Huber. 1992. Robust Estimation of a Location Parameter. Springer New York, New York, NY, 492--518.
[19]
Boris Igelnik, Boris Igelnik, and Jacek M. Zurada. 2013. Efficiency and Scalability Methods for Computational Intellect (1st ed.). IGI Global, Hershey, PA, USA.
[20]
Alberto Garcia Illera. 2013. Dude, WTF in my car? DEF CON 21 Hacking Conference.
[21]
Microchip Technology Inc. 2005. MCP2515 Stand-Alone CAN Controller With SPI Interface. Revision D.
[22]
Microchip Technology Inc. 2007. MCP2551 High-Speed CAN Transceiver. Revision E.
[23]
Tobias Islinger and Yasuhiro Mori. 2016. Ringing suppression in CAN FD networks. CAN Newsletter.
[24]
M. Jagielski, A. Oprea, B. Biggio, C. Liu, C. Nita-Rotaru, and B. Li. 2018. Manipulating Machine Learning: Poisoning Attacks and Countermeasures for Regression Learning. In 2018 IEEE Symposium on Security and Privacy (SP). IEEE, New York, NY, 19--35.
[25]
B. Jungk. 2016. Automotive security state of the art and future challenges 2016 International Symposium on Integrated Circuits (ISIC). IEEE, New York, NY, 1--4.
[26]
Igor Kononenko. 1994. Estimating attributes: Analysis and extensions of RELIEF Machine Learning: ECML-94, Francesco Bergadano and Luc De Raedt (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 171--182.
[27]
K. Koscher, A. Czeskis, F. Roesner, S. Patel, T. Kohno, S. Checkoway, D. McCoy, B. Kantor, D. Anderson, H. Shacham, and S. Savage. 2010. Experimental Security Analysis of a Modern Automobile 2010 IEEE Symposium on Security and Privacy. IEEE, New York, NY, 447--462.
[28]
Hung-Jen Liao, Chun-Hung Richard Lin, Ying-Chih Lin, and Kuang-Yuan Tung. 2013. Review: Intrusion Detection System: A Comprehensive Review. J. Netw. Comput. Appl. Vol. 36, 1 (Jan. 2013), 16--24.
[29]
C. W. Lin and A. Sangiovanni-Vincentelli. 2012. Cyber-Security for the Controller Area Network (CAN) Communication Protocol 2012 International Conference on Cyber Security. IEEE, New York, NY, 1--7.
[30]
Charlie Miller and Chris Valasek. 2013. Adventures in automotive networks and control units., 260--264 pages.
[31]
Charlie Miller and Chris Valasek. 2015. Remote exploitation of an unaltered passenger vehicle. Black Hat USA Vol. 2015 (2015), 91.
[32]
H. Mori, Y. Suzuki, N. Maeda, H. Obata, and T. Kishigami. 2012. Novel ringing suppression circuit to increase the number of connectable ECUs in a linear passive star CAN. In International Symposium on Electromagnetic Compatibility - EMC EUROPE. IEEE, New York, NY, 1--6.
[33]
P. S. Murvay and B. Groza. 2014. Source Identification Using Signal Characteristics in Controller Area Networks. IEEE Signal Processing Letters Vol. 21, 4 (April. 2014), 395--399.
[34]
Michael Müter, André Groll, and Felix C. Freiling. 2010. A structured approach to anomaly detection for in-vehicle networks 2010 Sixth International Conference on Information Assurance and Security. IEEE, New York, NY, 92--98.
[35]
AUTOSAR Development Partnership. 2016. Specification of Module Secure Onboard Communication.
[36]
Sang Uk Sagong, Xuhang Ying, Andrew Clark, Linda Bushnell, and Radha Poovendran. 2018. Cloaking the Clock: Emulating Clock Skew in Controller Area Networks Proceedings of the 9th ACM/IEEE International Conference on Cyber-Physical Systems (ICCPS '18). IEEE Press, Piscataway, NJ, USA, 32--42.
[37]
Florian Sagstetter, Martin Lukasiewycz, Sebastian Steinhorst, Marko Wolf, Alexandre Bouard, William R. Harris, Somesh Jha, Thomas Peyrin, Axel Poschmann, and Samarjit Chakraborty. 2013. Security Challenges in Automotive Hardware/Software Architecture Design Proceedings of the Conference on Design, Automation and Test in Europe (DATE '13). EDA Consortium, San Jose, CA, USA, 458--463. http://dl.acm.org/citation.cfm?id=2485288.2485398
[38]
H. Schweppe, Y. Roudier, B. Weyl, L. Apvrille, and D. Scheuermann. 2011. Car2X Communication: Securing the Last Meter - A Cost-Effective Approach for Ensuring Trust in Car2X Applications Using In-Vehicle Symmetric Cryptography 2011 IEEE Vehicular Technology Conference (VTC Fall). IEEE, New York, NY, 1--5.
[39]
Tony C. Smith and Eibe Frank. 2016. Statistical Genomics: Methods and Protocols. Springer, New York, NY, Chapter Introducing Machine Learning Concepts with WEKA, 353--378.
[40]
Anthony Van Herrewege, Dave Singelee, and Ingrid Verbauwhede. 2011. CANAuth - A Simple, Backward Compatible Broadcast Authentication Protocol for CAN bus.
[41]
Inc. Vector CANtech. 2003. Common High Speed Physical Layer Problems.
[42]
Marko Wolf, André Weimerskirch, and Thomas Wollinger. 2007. State of the Art: Embedding Security in Vehicles. EURASIP Journal on Embedded Systems Vol. 2007, 1 (19 Jun. 2007), 074706.
[43]
T. Ziermann, S. Wildermann, and J. Teich. 2009. CAN+: A new backward-compatible Controller Area Network (CAN) protocol with up to 16× higher data rates. In 2009 Design, Automation Test in Europe Conference Exhibition. IEEE, New York, NY, 1088--1093.

Cited By

View all
  • (2025)Deploying Intrusion Detection on In-Vehicle Networks: Challenges and OpportunitiesIEEE Network10.1109/MNET.2024.348622039:1(306-312)Online publication date: Jan-2025
  • (2024)Windowed Hamming Distance-Based Intrusion Detection for the CAN BusApplied Sciences10.3390/app1407280514:7(2805)Online publication date: 27-Mar-2024
  • (2024)A Model for CAN Message Timestamp Fluctuations to Accurately Estimate Transmitter Clock SkewsInternational Journal of Automotive Engineering10.20485/jsaeijae.15.1_1015:1(10-18)Online publication date: 2024
  • Show More Cited By

Index Terms

  1. Scission: Signal Characteristic-Based Sender Identification and Intrusion Detection in Automotive Networks

    Recommendations

    Comments

    Information & Contributors

    Information

    Published In

    cover image ACM Conferences
    CCS '18: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security
    October 2018
    2359 pages
    ISBN:9781450356930
    DOI:10.1145/3243734
    Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

    Sponsors

    Publisher

    Association for Computing Machinery

    New York, NY, United States

    Publication History

    Published: 15 October 2018

    Permissions

    Request permissions for this article.

    Check for updates

    Author Tags

    1. automotive security
    2. controller area network
    3. intrusion detection
    4. sender identification

    Qualifiers

    • Research-article

    Conference

    CCS '18
    Sponsor:

    Acceptance Rates

    CCS '18 Paper Acceptance Rate 134 of 809 submissions, 17%;
    Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

    Upcoming Conference

    CCS '25

    Contributors

    Other Metrics

    Bibliometrics & Citations

    Bibliometrics

    Article Metrics

    • Downloads (Last 12 months)114
    • Downloads (Last 6 weeks)10
    Reflects downloads up to 17 Feb 2025

    Other Metrics

    Citations

    Cited By

    View all
    • (2025)Deploying Intrusion Detection on In-Vehicle Networks: Challenges and OpportunitiesIEEE Network10.1109/MNET.2024.348622039:1(306-312)Online publication date: Jan-2025
    • (2024)Windowed Hamming Distance-Based Intrusion Detection for the CAN BusApplied Sciences10.3390/app1407280514:7(2805)Online publication date: 27-Mar-2024
    • (2024)A Model for CAN Message Timestamp Fluctuations to Accurately Estimate Transmitter Clock SkewsInternational Journal of Automotive Engineering10.20485/jsaeijae.15.1_1015:1(10-18)Online publication date: 2024
    • (2024)PHIDIAS: Power Signature Host-based Intrusion Detection in Automotive MicrocontrollersProceedings of the 2024 Workshop on Attacks and Solutions in Hardware Security10.1145/3689939.3695780(36-47)Online publication date: 19-Nov-2024
    • (2024)ERACAN: Defending Against an Emerging CAN Threat ModelProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3690267(1894-1908)Online publication date: 2-Dec-2024
    • (2024)Multi-Dimensional Clock Fingerprinting for Abnormal ECU Sourcing in CAN Bus2024 IEEE Wireless Communications and Networking Conference (WCNC)10.1109/WCNC57260.2024.10571096(1-6)Online publication date: 21-Apr-2024
    • (2024)Automotive Security: Threat Forewarning and ECU Source Mapping Derived From Physical Features of Network SignalsIEEE Transactions on Intelligent Transportation Systems10.1109/TITS.2023.332189625:3(2479-2491)Online publication date: Mar-2024
    • (2024)Intrusion Device Detection in Fieldbus Networks Based on Channel-State Group FingerprintIEEE Transactions on Information Forensics and Security10.1109/TIFS.2024.337459619(4012-4027)Online publication date: 2024
    • (2024)IdentifierIDS: A Practical Voltage-Based Intrusion Detection System for Real In-Vehicle NetworksIEEE Transactions on Information Forensics and Security10.1109/TIFS.2023.332702619(661-676)Online publication date: 2024
    • (2024)Targeted Detection for Attacks on the MIL-STD-1553 BusIEEE Transactions on Aerospace and Electronic Systems10.1109/TAES.2023.332542360:1(548-557)Online publication date: Feb-2024
    • Show More Cited By

    View Options

    Login options

    View options

    PDF

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader

    Figures

    Tables

    Media

    Share

    Share

    Share this Publication link

    Share on social media