Paper Info
Title
SIMPLE: single-frame based physical layer identification for intrusion detection and prevention on in-vehicle networks
Abstract
The Controller Area Network (CAN) is a bus standard commonly used in the automotive industry for connecting Electronic Control Units (ECUs) within a vehicle. The broadcast nature of this protocol, along with the lack of authentication or strong integrity guarantees for frames, allows for arbitrary data injection/modification and impersonation of the ECUs. While mitigation strategies have been proposed to counter these attacks, high implementation costs or violation of backward compatibility hinder their deployment. In this work, we first examine the shortcomings of state-of-the-art CAN intrusion detection and identification systems that rely on multiple frames to detect misbehavior and attribute it to a particular ECU, and show that they are vulnerable to a Hill-Climbing-style attack. Then we propose SIMPLE, a real-time intrusion detection and identification system that exploits physical layer features of ECUs, which would not only allow an attack to be detected using a single frame but also be effectively nullified. SIMPLE has low computational and data acquisition costs, and its efficacy is demonstrated by both in-lab experiments with automotive-grade CAN transceivers as well as in-vehicle experiments, where average equal error rates of close to 0% and 0.8985% are achieved, respectively.
Year
DOI
Venue
2019
10.1145/3359789.3359834
Proceedings of the 35th Annual Computer Security Applications Conference
Keywords
Field
DocType
controller area networks, electronic control units, hill-climbing attacks, physical layer identification
Intrusion detection and prevention,Computer science,Vehicle networks,Real-time computing,Frame based,Physical layer
Conference
ISBN
Citations 
PageRank 
978-1-4503-7628-0
2
0.36
References 
Authors
0
5
Name
Order
Citations
PageRank
Mahsa Foruhandeh120.36
Yanmao Man221.04
Ryan M. Gerdes34112.72
Ming Li4177084.74
Thidapat Chantem533324.48