In the last years, the automotive industry has incorporated more and more electronic components in vehicles, leading to complex on-board networks of Electronic Control Units (ECUs) that com- municate with each other to control all vehicle functions, making it safer and easier to drive. This communication often relies on Controller Area Network (CAN), a bus communication protocol that defines a standard for real-time reliable and efficient trans- mission. However, CAN does not provide any security measure against cyber attacks. In particular, it lacks message authentication, leading to the possibility of transmitting spoofed CAN messages for malicious purposes. Nowadays, Intrusion Detection Systems (IDSs) detect such attacks by identifying inconsistencies in the stream of information allegedly transmitted by a single ECU, hence assuming the existence of a second malicious node generating these messages. However, attackers can bypass this defense technique by discon- necting from the network the ECU of which they want to spoof the messages, therefore removing the authentic source of information. To contrast this attack, we present CopyCAN, an Intrusion De- tection System (IDS) that detects whether a node has been discon- nected by monitoring the traffic and deriving the error counters of ECUs on CAN. Through this process, it flags subsequent spoofed messages as attacks and reacts accordingly even if there is no incon- sistency in the stream of information. Our system, differently from many previous works, does not require any modification to the protocol or to already installed ECUs. Instead, it only requires the installation of a monitoring unit to the existing network, making it easily deployable in current systems and compliant with required CAN standards.

CopyCAN: An Error-Handling Protocol based Intrusion Detection System for Controller Area Network

LONGARI, STEFANO;Carminati, Michele;Zanero, Stefano
2019-01-01

Abstract

In the last years, the automotive industry has incorporated more and more electronic components in vehicles, leading to complex on-board networks of Electronic Control Units (ECUs) that com- municate with each other to control all vehicle functions, making it safer and easier to drive. This communication often relies on Controller Area Network (CAN), a bus communication protocol that defines a standard for real-time reliable and efficient trans- mission. However, CAN does not provide any security measure against cyber attacks. In particular, it lacks message authentication, leading to the possibility of transmitting spoofed CAN messages for malicious purposes. Nowadays, Intrusion Detection Systems (IDSs) detect such attacks by identifying inconsistencies in the stream of information allegedly transmitted by a single ECU, hence assuming the existence of a second malicious node generating these messages. However, attackers can bypass this defense technique by discon- necting from the network the ECU of which they want to spoof the messages, therefore removing the authentic source of information. To contrast this attack, we present CopyCAN, an Intrusion De- tection System (IDS) that detects whether a node has been discon- nected by monitoring the traffic and deriving the error counters of ECUs on CAN. Through this process, it flags subsequent spoofed messages as attacks and reacts accordingly even if there is no incon- sistency in the stream of information. Our system, differently from many previous works, does not require any modification to the protocol or to already installed ECUs. Instead, it only requires the installation of a monitoring unit to the existing network, making it easily deployable in current systems and compliant with required CAN standards.
2019
ACM Workshop on Cyber-Physical Systems Security & Privacy
978-1-4503-6831-5
Automotive Security, Intrusion Detection Systems, Controller Area Network (CAN) Protocol
File in questo prodotto:
File Dimensione Formato  
CopyCAN.pdf

accesso aperto

: Pre-Print (o Pre-Refereeing)
Dimensione 712.89 kB
Formato Adobe PDF
712.89 kB Adobe PDF Visualizza/Apri

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11311/1104918
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 13
  • ???jsp.display-item.citation.isi??? 7
social impact