Abstract
In the light of the attacks on Controller Area Networks (CAN) recorded over the past decade, detecting intrusions has become a critical demand. While cryptographic mechanisms are largely absent on CAN buses and clever adversaries may evade intrusion detection mechanisms that rely solely on traffic analysis, using physical signal characteristics to detect the source of incoming frames started to attract a lot of interest in the recent years. This technique is based on physical imperfections of transceivers and microcontrollers as well as network characteristics that are hard if not impossible to clone. In this chapter we discuss the use of voltage fingerprints for source identification as well as the recently emerged topic of localizing controllers by means of signal propagation time. These techniques can have a number of applications ranging from forensics, the detection of unauthorized components and as a complementary mechanism to traditional cryptographic protection and intrusion detection mechanisms.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
AUTOSAR. Specification of secure onboard communication, 4.3.1 edition (2017)
Checkoway, S., McCoy, D., Kantor, B., Anderson, D., Shacham, H., Savage, S., Koscher, K., Czeskis, A., Roesner, F., Kohno, T., et al. Comprehensive experimental analyses of automotive attack surfaces. In USENIX security symposium. San Francisco (2011)
Cho, K.-T., Shin, K.G.: Fingerprinting electronic control units for vehicle intrusion detection. In 25th {USENIX} security symposium ({USENIX} Security 16), pp. 911–927 (2016)
Cho, K.-T., Shin, K.G.: Viden: attacker identification on in-vehicle networks. In Proceedings of the 2017 ACM SIGSAC conference on computer and communications security, CCS ’17, pp. 1109–1123. ACM, New York (2017)
Choi, W., Jo, H.J., Woo, S., Chun, J.Y., Park, J., Lee, D.H.: Identifying ecus using inimitable characteristics of signals in controller area networks. IEEE Trans. Veh. Technol. 67(6), 4757–4770 (2018)
Choi, W., Joo, K., Jo, H.J., Park, M.C., Lee, D.H.: Voltageids: low-level communication characteristics for automotive intrusion detection system. IEEE Trans. Inf. Forens. Secur. 13(8), 2114–2129 (2018)
Foruhandeh, M., Man, Y., Gerdes, R., Li, M., Chantem, T.: Simple: single-frame based physical layer identification for intrusion detection and prevention on in-vehicle networks. In Proceedings of the 35th annual computer security applications conference, ACSAC ’19, pp. 229–244. Association for Computing Machinery, New York (2019)
Groza, B., Murvay, P.: Security solutions for the controller area network: Bringing authentication to in-vehicle networks. IEEE Veh. Technol. Mag. 13(1), 40–47 (2018)
Groza, B., Murvay, P.-S., Popa, L., Jichici, C.: Can-square-decimeter level localization of electronic control units on can buses. In European symposium on research in computer security, pp. 668–690. Springer (2021)
ISO. 11898-1, Road vehicles - Controller area network (CAN)–Part 1: Data link layer and physical signalling, International Organization for Standardization, Geneva, Switzerland (2015)
ISO. 11898-2, Road vehicles - Controller area network (CAN) Part 2: High-speed medium access unit, International Organization for Standardization, Geneva, Switzerland (2016)
ISO/SAE. 21434, Road vehicles - Cybersecurity engineering, International Organization for Standardization, Geneva, Switzerland (2021)
Kneib, M., Huth, C.: Scission: signal characteristic-based sender identification and intrusion detection in automotive networks. In Proceedings of the 2018 ACM SIGSAC conference on computer and communications security, CCS ’18, pp. 787–800. ACM, New York (2018)
Kneib, M., Schell, O., Huth, C.: On the robustness of signal characteristic-based sender identification. Preprint. arXiv:1911.09881 (2019)
Kneib, M., Schell, O., Huth, C.: EASI: edge-based sender identification on resource-constrained platforms for automotive networks. In Proceedings of the 2020 network and distributed system security symposium, San Diego, CA (2020)
Kohno, T., Broido, A., Claffy, K.C.: Remote physical device fingerprinting. IEEE Trans. Depend. Secure Comput. 2(2), 93–108 (2005)
Koscher, K., Czeskis, A., Roesner, F., Patel, S., Kohno, T., Checkoway, S., McCoy, D., Kantor, B., Anderson, D., Shacham, H., et al.: Experimental security analysis of a modern automobile. In: 2010 IEEE symposium on security and privacy, pp. 447–462. IEEE (2010)
Kulandaivel, S., Goyal, T., Agrawal, A.K., Sekar, V.: Canvas: fast and inexpensive automotive network mapping. In 28th {USENIX} security symposium ({USENIX} Security 19), pp. 389–405 (2019)
Limbasiya, T., Teng, K.Z., Chattopadhyay, S., Zhou, J.: A systematic survey of attack detection and prevention in connected and autonomous vehicles. Preprint. arXiv:2203.14965 (2022)
Marchetti, M., Stabili, D.: Read: reverse engineering of automotive data frames. IEEE Trans. Inf. Forens. Secur. 14(4), 1083–1097 (2019)
Mathworks. Choose classifier options. https://www.mathworks.com/help/stats/choose-a-classifier.html [Online]; Accessed 1 Apr 2022
Miller, C., Valasek, C.: Remote exploitation of an unaltered passenger vehicle. Black Hat U S A 2015, 91 (2015)
Murvay, P., Groza, B.: Source identification using signal characteristics in controller area networks. IEEE Signal Process. Lett. 21(4), 395–399 (2014)
Murvay, P.-S., Groza, B.: Tidal-can: differential timing based intrusion detection and localization for controller area network. IEEE Access 8, 68895–68912 (2020)
Ohira, S., Desta, A.K., Arai, I., Fujikawa, K.: PLI-TDC: super fine delay-time based physical-layer identification with time-to-digital converter for in-vehicle networks. In Proceedings of the 2021 ACM Asia conference on computer and communications security, pp. 176–186 (2021)
Popa, L., Groza, B., Jichici, C., Murvay, P.-S.: ECUprint—physical fingerprinting electronic control units on CAN buses inside cars and SAE J1939 compliant vehicles. IEEE Trans. Inf. Forens. Secur. 17, 1185–1200 (2022)
Robert Bosch GmbH. CAN Specification, Version 2.0, Robert Bosch GmbH.Postfach 50, D-7000 Stuttgart. 1, (1991)
Rumez, M., Dürrwang, J., Brecht, T., Steinshorn, T., Neugebauer, P., Kriesten, R., Sax, E.. CAN radar: sensing physical devices in CAN networks based on time domain reflectometry. In 2019 IEEE vehicular networking conference (VNC), pp. 1–8. IEEE (2019)
SAE International. J1939-11 – Physical layer, 250K bits/s, twisted shielded pair, Sept. (2006)
Sagong, S.U., Ying, X., Clark, A., Bushnell, L., Poovendran, R.: Cloaking the clock: emulating clock skew in controller area networks. In 2018 ACM/IEEE 9th international conference on cyber-physical systems (ICCPS), pp. 32–42. IEEE (2018)
UNECE. WP.29 Addendum 154 – UN Regulation No. 155, Uniform provisions concerning the approval of vehicles with regards to cyber security and cyber security management system, March (2021)
Wolf, M., Weimerskirch, A., Paar, C.: Security in automotive bus systems. In Workshop on embedded security in cars, pp. 1–13. Citeseer (2004)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this chapter
Cite this chapter
Murvay, PS., Berdich, A., Groza, B. (2023). Physical Layer Intrusion Detection and Localization on CAN Bus. In: Kukkala, V.K., Pasricha, S. (eds) Machine Learning and Optimization Techniques for Automotive Cyber-Physical Systems. Springer, Cham. https://doi.org/10.1007/978-3-031-28016-0_13
Download citation
DOI: https://doi.org/10.1007/978-3-031-28016-0_13
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-28015-3
Online ISBN: 978-3-031-28016-0
eBook Packages: EngineeringEngineering (R0)