Skip to main content
SpringerLink
Log in

Mitigating voltage fingerprint spoofing attacks on the controller area network bus

  • Published:
Cluster Computing Aims and scope Submit manuscript

Abstract

The Controller Area Network (CAN) bus suffers security vulnerabilities that allow message spoofing and masquerading Electronic Control Units (ECUs). A popular provision for mitigating these vulnerabilities is through the use of machine learning (ML) to derive ECU fingerprints based on the physical properties of bus signals. Particularly, voltage-based intrusion detection systems associate the message transmitter with its voltage fingerprint to detect conflicting logical ECU identifiers in the presence of cyberattacks. However, the signal characteristics depend on the operating conditions and hence the fingerprints need to be adapted overtime by online training of the underlying ML model. An adversary may exploit such a shortcoming to superimpose training data based on its own transmissions and thus bypass the protection mechanism. Such an attack not only allows device impersonation but also leads to rejecting transmissions of a legitimate ECU. This paper proposes an effective approach to thwart these attack scenarios. Our approach introduces unpredictably-scheduled transmissions involving one or multiple ECUs to confuse the adversary and ensure the generation of a legitimate fingerprinting dataset for online training. We validate the robustness of our approach using data collected from a real vehicle and show that it outperforms a prominent competing scheme by over 30% in terms of identifying malicious ECUs when the attacker could overwrite 50% of the retraining transmissions.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10

Similar content being viewed by others

Data availability

The datasets analyzed during the current study are available in [22].

References

  1. Bozda, M., Samie, M., Aslam, S., Jennions, I.: Evaluation of CAN bus security challenges. Sensors 20(8), 2364 (2020)

    Article  Google Scholar 

  2. Liu, J., Zhang, S., Sun, W., Shi, Y.: In-vehicle network attacks and countermeasures: challenges and future directions. IEEE Network 31(5), 50–58 (2017)

    Article  Google Scholar 

  3. O. Avatefipour. “Physical-Fingerprinting of Electronic Control Unit (ECU) Based on Machine Learning Algorithm for In-Vehicle Network Communication Protocol ‘CAN-BUS’,” MS Thesis, Dept. of Computer Engineering, University of Michigan-Dearborn (2017)

  4. Tencent Keen Security Lab, “Tencent keen security lab: experimental security research of Tesla autopilot,” (2019) https://keenlab.tencent.com/en/2019/03/29/Tencent-Keen-Security-Lab-Experimental-Security-Research-of-Tesla-Autopilot/. Accessed 17 Nov 2022

  5. R.-P. Weinmann and B. Schmotzle, “Tbone – a zero-click exploit for Tesla MCUs,” (2020) https://kunnamon.io/tbone/tbone-v1.0-redacted.pdf. Accessed 17 Nov 2022

  6. K.-T. Cho and K. G. Shin, “Error Handling of In-vehicle Networks Makes Them Vulnerable,” Proc. the ACM SIGSAC Conf. on Computer and Comm. Security (CCS '16), pp. 1044–1055 (2020)

  7. H. Wen, Q. A. Chen, and Z. Lin, “Plug-N-Pwned: Comprehensive Vulnerability Analysis of OBD-II Dongles as A New Over-the-Air Attack Surface in Automotive IoT,” Proc. of the 29th USENIX Conference on Security Symposium, pp. 949–965 (2020)

  8. U. Ezeobi, H. Olufowobi, C. Young, J. Zambreno, and G. Bloom, “Reverse Engineering Controller Area Network Messages using Unsupervised Machine Learning,” IEEE Consumer Electronics Magazine, pp. 1–1 (2020

  9. Olufowobi, H., Young, C., Zambreno, J., Bloom, G.: SAIDuCANT: specification-based automotive intrusion detection using controller area network (CAN) timing. IEEE Trans. Veh. Technol. 69(2), 1484–1494 (2020)

    Article  Google Scholar 

  10. M. D. Pese, T. Stacer, C. A. Campos, E. Newberry, D. Chen, and ´ K. G. Shin, “LibreCAN: Automated CAN Message Translator,” Proc of the ACM SIGSAC Conf, on Comp, & Comm. Security, pp. 2283–2300 (2019)

  11. S. Kulandaivel, T. Goyal, A. K. Agrawal, and V. Sekar, “CANvas: Fast and Inexpensive Automotive Network Mapping,” Proc. the 28th USENIX Security Symposium (USENIX Security 19), pp. 389–405 (2019)

  12. Lokman, S.F., Othman, A.T., Abu-Bakar, M.H.: Intrusion detection system for automotive Controller Area Network (CAN) bus system: a review. J. Wireless Com. Network 2019, 184 (2019)

    Article  Google Scholar 

  13. K. Iehira, H. Inoue and K. Ishida, “Spoofing attack using bus-off attacks against a specific ECU of the CAN bus,” Proc. 15th IEEE Annual Consumer Communications & Networking Conference (CCNC) (2018)

  14. Gu, Q., Formby, D., Ji, S., Cam, H., Beyah, R.: Fingerprinting for cyber-physical system security: device physics matters too. IEEE Secur. Priv. 16(5), 49–59 (2018)

    Article  Google Scholar 

  15. D. Formby, P. Srinivasan, A. M. Leonard, J. D. Rogers and R. A. Beyah. “Who's in Control of Your Control System? Device Fingerprinting for Cyber-Physical Systems.” Proc. of NDSS (2016)

  16. M. Müter and N. Asaj, “Entropy-based anomaly detection for in-vehicle networks,” Proc. IEEE Intell. Veh. Symp, pp. 1110–1115 (2011)

  17. K.-T. Cho, and K. G. Shin. “Fingerprinting electronic control units for vehicle intrusion detection,” Proc. 25th USENIX Security Symposium (USENIX Security 16) (2016)

  18. K.-T. Cho and K. G Shin, “Viden: Attacker Identification on In- Vehicle Networks,” Proc. of the ACM SIGSAC Conference on Computer and Communications Security, pp. 1109–1123 (2017)

  19. Yang, Y., Duan, Z., Tehranipoor, M.: Identify a spoofing attack on an in-vehicle CAN bus based on the deep features of an ECU fingerprint signal. Smart Cities 3, 17–30 (2020)

    Article  Google Scholar 

  20. Choi, W., et al.: VoltageIDS: Low-level communication characteristics for automotive intrusion detection system. IEEE Trans. Inf. Forensics Secur. 13(8), 2114–2129 (2018)

    Article  Google Scholar 

  21. M. Kneib and C. Huth, “Scission: Signal characteristic based sender identification and intrusion detection in automotive networks,” Proc. of the ACM SIGSAC Conference on Computer and Communications Security, pp. 787–800 (2018)

  22. M. Foruhandeh, et al.: “SIMPLE: Single-frame based physical layer identification for intrusion detection and prevention on in-vehicle networks,” Proc. the Annual Computer Security Applications Conference (ACSAC), pp. 229–244 (2019)

  23. R. Bhatia, V. Kumar, K. Serag, Z. B. Celik, M. Payer and D. Xu, “Evading Voltage-Based Intrusion Detection on Automotive CAN” Proc. of Network and Distributed System Security Symp. (NDSS) (2021)

  24. M. Tian, R. Jiang, C. Xing, H. Qu, Q. Lu and X. Zhou, :“Exploiting Temperature-Varied ECU Fingerprints for Source Identification in In-vehicle Network Intrusion Detection,” Proc. IEEE 38th Int’l Performance Computing and Communications Conference (IPCCC) (2019)

  25. Young, C., Zambreno, J., Olufowobi, H., Bloom, G.: Survey of automotive controller area network intrusion detection systems. IEEE Design Test 36(6), 48–55 (2019)

    Article  Google Scholar 

  26. C. Young, H. Olufowobi, G. Bloom, and J. Zambreno :“Automotive Intrusion Detection Based on Constant CAN Message Frequencies Across Vehicle Driving Modes,” Proc. of ACM Workshop on Automotive Cybersecurity, pp. 9–14 (2019)

  27. Zhao, Q., Chen, M., Gu, Z., Luan, S., Zeng, H., Chakrabory, S.: CAN bus intrusion detection based on auxiliary classifier GAN and out-of-distribution detection. ACM Trans. Embed. Comput. Syst. 21(4), 30 (2022)

    Article  Google Scholar 

  28. Li, X., Liu, F., Li, D., Hu, T., Han, M.: “Illegal intrusion detection for in-vehicle can bus based on immunology principle. Symmetry 14, 1532 (2022)

    Article  Google Scholar 

  29. Z. Bi, G. Xu, G. Xu, M. Tian, R. Jiang, and S. Zhang, “Intrusion Detection Method for In-Vehicle CAN Bus Based on Message and Time Transfer Matrix, ”Security and Communication Networks, vol. 2022, 19 (2022)

  30. T. Koyama, T. Shibahara, K. Hasegawa, Y. Okano, M. Tanaka, and Y. Oshima: “Anomaly Detection for Mixed Transmission CAN Messages Using Quantized Intervals and Absolute Difference of Payloads,” Proc. of ACM Workshop on Automotive Cybersecurity, pp. 19–24 (2019)

  31. S. Longari, M. Penco, M. Carminati, and S. Zanero, “CopyCAN: An Error-Handling Protocol Based Intrusion Detection System for Controller Area Network,” Proc. of ACM Workshop on Cyber-Physical Systems Security & Privacy, pp. 39–50 (2019)

  32. M. Marchetti, D. Stabili, A. Guido and M. Colajanni,: “Evaluation of anomaly detection for in-vehicle networks through information-theoretic algorithms,” Proc IEEE 2nd Int’l Forum on Research and Technologies for Society and Industry Leveraging a better tomorrow (RTSI) (2016)

  33. G. Bloom: “WeepingCAN: A Stealthy CAN Bus-off Attack,” Proc. of the Network and Distributed System Security Symposium (NDSS), San Diego (2022)

  34. Corrigan, S.: “Introduction to the Controller Area Network (CAN)”, Technical Report # SLOA101B. Texas Instrument, Dallas (2016)

    Google Scholar 

  35. Hamad, M., Prevelakis, V.: SAVTA: A hybrid vehicular threat model: overview and case study. Information 11(5), 273 (2020)

    Article  Google Scholar 

  36. Miller, C., Valasek, C.: Remote exploitation of an unaltered passenger vehicle. Proc of Black Hat, Las Vegas (2015)

    Google Scholar 

  37. Liu, J.W.S.: Real-Time Systems, 1/e. Prentice Hall, USA (2005)

    Google Scholar 

  38. Mughaid, A., AlZu’bi, S., Alnajjar, A., et al.: Improved dropping attacks detecting system in 5g networks using machine learning and deep learning approaches. Multimed. Tools Appl. 27(2), 22 (2022)

    Google Scholar 

Download references

Funding

The authors declare that no funds, grants, or other support were received during the preparation of this manuscript.

Author information

Authors and Affiliations

  1. Department of Computer and Information Sciences, Towson University, Towson, MD, USA

    Wassila Lalouani

  2. Department of Computer Science and Electrical Engineering, University of Maryland, Baltimore County, Baltimore, MD, USA

    Yi Dang & Mohamed Younis

Authors
  1. Wassila Lalouani
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yi Dang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Mohamed Younis
    View author publications

    You can also search for this author in PubMed Google Scholar

Contributions

All authors contributed to the study conception and design. Material preparation, data collection and analysis were performed by WL, and YD. The first draft of the manuscript was written by MY and all authors commented on previous versions of the manuscript. All authors read and approved the final manuscript.

Corresponding author

Correspondence to Mohamed Younis.

Ethics declarations

Conflict of interest

The authors have no relevant financial or non-financial interests to disclose.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Lalouani, W., Dang, Y. & Younis, M. Mitigating voltage fingerprint spoofing attacks on the controller area network bus. Cluster Comput 26, 1447–1460 (2023). https://doi.org/10.1007/s10586-022-03821-x

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10586-022-03821-x

Keywords

Search

Navigation