Skip to main content
SpringerLink
Log in

In-Vehicle ECU Identification and Intrusion Detection from Electrical Signaling

  • Chapter
  • First Online:
Machine Learning and Optimization Techniques for Automotive Cyber-Physical Systems

  • 392 Accesses

Abstract

The chapter considers the problem of Electronic Control Unit (ECU) identification from signal characteristics at the physical layers of in-vehicle Controller Area Network (CAN) and in-vehicle CAN-FD (CAN with flexible data rate) network. IDSs from in-vehicle CAN data frames (in prior chapter) have been found useful in detecting anomaly, however, they cannot determine which ECU launches the particular attacks. This chapter describes the IDS approaches that can not only detect the presence of malicious frames but also identify their sender ECUs. This is very essential for fast forensic, isolation, security patch, etc. The strategy counts on CAN signals’ unique characteristics of CAN physical layer, e.g., the hardware and CAN topology information (delineated by the signals characteristics) so that even if two ECUs send identical CAN messages, corresponding signals are divergent.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
eBook
USD 16.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Hardcover Book
USD 119.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    It is reported [34, 37] that for CAN-FD, high-speed data phase and low-speed arbitration phase challenge the same ringing surrounds (as ringing does not depend on transmission rate), and ring of some recessive bit might not converge until criterion and interfere with the next dominant bit.

References

  1. Kneib, M., Huth, C.: Scission: signal characteristic-based sender identification and intrusion detection in automotive networks. In: Proceedings of the 2018 ACM SIGSAC conference on computer and communications security, pp. 787–800 (2018)

    Google Scholar 

  2. ISO 11898-2. Road vehicles - Controller area network (CAN) - Part2: High-speed medium access unit. ISO Standard-11898, International Standards Organisation (ISO) (Dec. 2016).

    Google Scholar 

  3. Robert Bosch GmbH. CAN specification version 2.0, Robert Bosch GmbH, Stuttgart, Germany, 1991. Available: http://www.bosch.com (1991)

  4. Koscher, K., Czeskis, A., Roesner, F., Patel, S., Kohno, T., Checkoway, S., McCoy, D., Kantor, B., Anderson, D., Shacham, H., Savage, S.: Experimental security analysis of a modern automobile. In: IEEE symposium on security and privacy (2010)

    Google Scholar 

  5. Miller, C., Valasek, C.: Adventures in automotive networks and control units. Def Con 21, 15 (2013)

    Google Scholar 

  6. Miller, C., Valasek, C.: Remote exploitation of an unaltered passenger vehicle. Black Hat U S A 2015, 91 (2015)

    Google Scholar 

  7. Tencent Keen Security Lab. Experimental security assessment of Mercedes-Benz cars. https://keenlab.tencent.com/en/whitepapers/Mercedes_Benz_Security_Research_Report_Final.pdf

  8. Kang, M., Kang, J.: A novel intrusion detection method using deep neural network for in-vehicle network security. In: IEEE 83rd vehicular technology conference (VTC Spring), pp. 1–5 (2016)

    Google Scholar 

  9. Muter, M., Asaj, N.: Entropy-based anomaly detection for in-vehicle networks. In: Intelligent vehicles symposium (IV). IEEE (2011)

    Google Scholar 

  10. Song, H.M., Kim, H.R., Kim, H.K.: Intrusion detection system based on the analysis of time intervals of CAN messages for in-vehicle network. In: 2016 International conference on information networking, pp. 63–68 (2016)

    Google Scholar 

  11. Taylor, A., Leblanc, S., Japkowicz, N.: Anomaly detection in automobile control network data with long short-term memory networks. In: DSAA 2016, pp. 130–139 (2016)

    Google Scholar 

  12. Guo, F., Wang, Z., Du, S., Li, H., Zhu, H., Pei, Q., Cao, Z., Zhao, J.: Detecting vehicle anomaly in the edge via sensor consistency and frequency characteristic. IEEE Trans. Veh. Technol. 68(6), 5618–5628 (2019)

    Article  Google Scholar 

  13. Cho, K.-T., Shin, K.G.: Fingerprinting electronic control units for vehicle intrusion detection. In: Proc. of the 25th USENIX security symposium, Aug. (2016)

    Google Scholar 

  14. Cho, K., Shin, K.G.: Viden: attacker identification on in-vehicle networks. In: Proceedings of 2017 ACM CCS, pp. 1109–1123 (2017)

    Google Scholar 

  15. Choi, W., Jo, H.J., Woo, S., Chun, J.Y., Park, J., Lee, D.H.: Identifying ECUs using inimitable characteristics of signals in controller area networks. IEEE Trans. Veh. Technol. 67(6), 4757–4770 (2018)

    Article  Google Scholar 

  16. Choi, W., Joo, K., Jo, H.J., Park, M.C., Lee, D.H.: VoltageIDS: low-level communication characteristics for automotive intrusion detection system. IEEE Trans. Inf. Forens. Secur. 13, 2114 (2018)

    Article  Google Scholar 

  17. Foruhandeh, M., Man, Y., Gerdes, R., Li, M., Chantem, T.: Simple: single-frame based physical layer identification for intrusion detection and prevention on in-vehicle networks. In: 35th Annual computer security applications conference, pp. 229–244 (2019)

    Google Scholar 

  18. Murvay, P.S., Groza, B.: Source identification using signal characteristics in controller area networks. IEEE Signal Process. Lett. 21(4), 395–399 (2014)

    Article  Google Scholar 

  19. Kim, G., Lim, H.: Ringing suppression in a controller area network with flexible data rate using impedance switching and a limiter. IEEE Trans. Veh. Technol. 68(11), 10679–10686 (2019)

    Article  Google Scholar 

  20. Lim, H., Kim, G., Kim, S., Kim, D.: Quantitative analysis of ringing in a controller area network with flexible data rate for reliable physical layer designs. IEEE Trans. Veh. Technol. 68(9), 8906–8915 (2019)

    Article  Google Scholar 

  21. Mori, H., Suzuki, Y., Maeda, N., Obata, H., Kishigami, T.: Novel ringing suppression circuit to increase the number of connectable ECUs in a linear passive star CAN. In: International symposium on electromagnetic compatibility - EMC EUROPE, Rome, pp. 1–6 (2012)

    Google Scholar 

  22. High-Speed CAN (HSC) for vehicle applications at 500 kbps, SAE J2284-3, SAE International, Warrendale, PA, USA (2002)

    Google Scholar 

  23. Studnia, I., Nicomette, V., Alata, E., Deswarte, Y., Kaniche, M., Laarouchi, Y.: Survey on security threats and protection mechanisms in embedded automotive networks. In: 2013 43rd Annual IEEE/IFIP conference on dependable systems and networks workshop, pp. 1–12 (2013)

    Google Scholar 

  24. Checkoway, S., McCoy, D., et al.: Comprehensive experimental analyses of automotive attack surfaces. In: 20th USENIX security symposium. USENIX Association (2011)

    Google Scholar 

  25. Kononenko, I.: Estimating attributes: analysis and extensions of RELIEF. In: Machine learning: ECML-94, pp. 171–182. Springer, Berlin Heidelberg (1994)

    Google Scholar 

  26. Microchip-Corporation: Stand-Alone CAN Controller with SPI Interface (2005). Microchip MCP2515. https://www.mouser.com/datasheet/2/268/MCP2515-Stand-Alone-CAN-Controller-with-SPI-200018-708845.pdf

  27. Microchip-Corporation: MCP2551 High-Speed CAN Transceiver (2007). http://ww1.microchip.com/downloads/en/devicedoc/21667e.pdf

  28. Muller, K.-R., Mika, S., Ratsch, G., Tsuda, K., Scholkopf, B.: An introduction to kernel-based learning algorithms. IEEE Trans. Neural Netw. 12(2), 181–201 (2001)

    Article  Google Scholar 

  29. Kneib, M., Schell, O., Huth, C.: On the robustness of signal characteristic-based sender identification. CoRR, vol. abs/1911.09881 (2019)

    Google Scholar 

  30. Robert Bosch GmbH. CAN with flexible data-rate (2012). https://www.can-cia.org/fileadmin/resources/documents/proceedings/2012_hartwich.pdf

  31. Yu, T., Wang, X.: Topology verification enabled intrusion detection for in-vehicle CAN-FD networks. IEEE Commun. Lett. 24(1), 227–230 (2019)

    Article  Google Scholar 

  32. Woo, S., Jo, H.J., et al.: A practical security architecture for in-vehicle CAN-FD. IEEE Trans. Intell. Transp. Syst. 17(8), 2248–2261 (2016)

    Article  Google Scholar 

  33. Agrawal, M., Huang, T., et al.: CAN-FD-Sec: improving security of CAN-FD protocol. In: ESORICS 2018, Lecture notes in computer science 11552, pp. 77–93 (2018)

    Article  Google Scholar 

  34. Mori, H., Suzuki, Y., et al.: Novel ringing suppression circuit to increase the number of connectable ECUs in a linear passive star CAN. In: International symposium on electromagnetic compatibility - EMC EUROPE, pp. 1–6 (2012)

    Google Scholar 

  35. Lim, H., Kim, G., et al.: Quantitative analysis of ringing in a controller area network with flexible data rate for reliable physical layer designs. IEEE Trans. Veh. Technol. 68(9), 8906–8915 (2019)

    Article  Google Scholar 

  36. Microchip-Corporation. External CAN FD Controller with SPI Interface MCP2517FD (2017). http://ww1.microchip.com/downloads/en/DeviceDoc/MCP2517FD-External-CAN-FD-Controller-with-SPI-Interface-20005688B.pdf

  37. Islinger, T., Mori, Y.: Ringing suppression in CAN FD networks. CAN Newsl. Jan, pp. 12–16 (2016)

    Google Scholar 

Download references

Acknowledgements

The author is supported by the National Natural Science Foundation of China (61971192), Shanghai Municipal Education Commission (2021-01-07-00-08-E00101), and Shanghai Trusted Industry Internet Software Collaborative Innovation Center.

Author information

Authors and Affiliations

  1. East China Normal University and Shanghai Key Laboratory of Trustworthy Computing, Shanghai, China

    Xiangxue Li

  2. Shanghai Key Laboratory of Privacy-Preserving Computation, MatrixElements Technologies, Shanghai, China

    Xiangxue Li

  3. CATARC Software Testing (Tianjin) Co. Ltd, Tianjin, China

    Yue Bao & Xintian Hou

Authors
  1. Xiangxue Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yue Bao
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Xintian Hou
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Xiangxue Li .

Editor information

Editors and Affiliations

  1. NVIDIA, Santa Clara, CA, USA

    Vipin Kumar Kukkala

  2. Colorado State University, Fort Collins, CO, USA

    Sudeep Pasricha

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Li, X., Bao, Y., Hou, X. (2023). In-Vehicle ECU Identification and Intrusion Detection from Electrical Signaling. In: Kukkala, V.K., Pasricha, S. (eds) Machine Learning and Optimization Techniques for Automotive Cyber-Physical Systems. Springer, Cham. https://doi.org/10.1007/978-3-031-28016-0_15

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-28016-0_15

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-28015-3

  • Online ISBN: 978-3-031-28016-0

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation