A simple intrusion detection method for controller area network

Boudguiga, Aymen; Klaudel, Witold; Boulanger, Antoine; Chiron, Pascal

doi:10.1109/icc.2016.7511098

Cited by 24 publications

(21 citation statements)

References 14 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…[15], [41], [42], [43], [44] Command Injection Request execution of existing command with malicious intent, typically to affect actuation [30], [15], [31], [32] Impersonation (or masquerade or spoofing) attack An adversary assumes successfully the identity of one of the legitimate nodes in the vehicular network [41], [45], [44], [46], [36], [47], [48], [49] Packet Duplication Transmit unnecessary network messages to exhaust bandwidth or trigger unnecessary processing [24], [23], [25] Selective Forwarding Retransmit data selectively in a vehicular network [24], [23], [25] GPS Jamming Jam legitimate GPS signals; possibly followed by GPS spoofing [28] GPS Spoofing Transmit false GPS signals to disrupt or hijack navigation of a GPSdependent vehicle, such as a UAV [28] Fuzzing (Fuzz testing) Send random messages to the in-vehicle network to trigger critical instructions in a brute force manner) [21] False Data Injection Transmit false data to trigger malicious events or affect situational/environmental awareness [28] False Information Dissemination Transmit false data, e.g. a reputation score, to affect a collaborative process in a network [28], [50] Location Spoofing Share false location coordinates within a vehicular network [39] Malware Infect vehicle with malicious software/firmware by compromising supply chain or hijacking an update [30], [51], [52], [19], [53] Resource exhaustion attack Exhaust a vehicle's battery/fuel, network, processing or other resource by repeating requests, infecting with malware, etc.…”

Section: Attackmentioning

confidence: 99%

“…haviour collected from real production automobile • TRL: 3 Boudguiga et al [41] have developed an IDS model for detecting the types of attacks where an attacker impersonates a legitimate ECU by forging or replaying legitimate CAN frames. The model suggests a CAN extension, where every legitimate ECU registers itself periodically with other ECUs, and from then on checks with each ECU register whether any data frames have been sent containing its own identifier.…”

Section: Accepted Manuscriptmentioning

confidence: 99%

See 1 more Smart Citation

A taxonomy and survey of cyber-physical intrusion detection approaches for vehicles

Loukas

Karapistoli²,

Panaousis

et al. 2019

Ad Hoc Networks

View full text Add to dashboard Cite

With the growing threat of cyber and cyber-physical attacks against automobiles, drones, ships, driverless pods and other vehicles, there is also a growing need for intrusion detection approaches that can facilitate defence against such threats. Vehicles tend to have limited processing resources and are energy-constrained. So, any security provision needs to abide by these limitations. At the same time, attacks against vehicles are very rare, often making knowledge-based intrusion detection systems less practical than behaviour-based ones, which is the reverse of what is seen in conventional computing systems. Furthermore, vehicle design and implementation can differ wildly between different types or different manufacturers, which can lead to intrusion detection designs that are vehicle-specific. Equally importantly, vehicles are practically defined by their ability to move, autonomously or not. Movement, as well as other physical manifestations of their operation may allow cyber security breaches to lead to physical damage, but can also be an opportunity for detection. For example, physical sensing can contribute to more accurate or more rapid intrusion detection through observation and analysis of physical manifestations of a security breach. This paper presents a classification and survey of intrusion detection systems designed and evaluated specifically on vehicles and networks of vehicles. Its aim is to help identify existing techniques that can be adopted in the industry, along with their advantages and disadvantages, as well as to identify gaps in the literature, which are attractive and highly meaningful areas of future research.

show abstract

Section: Attackmentioning

confidence: 99%

Section: Accepted Manuscriptmentioning

confidence: 99%

A taxonomy and survey of cyber-physical intrusion detection approaches for vehicles

Loukas

Karapistoli²,

Panaousis

et al. 2019

Ad Hoc Networks

View full text Add to dashboard Cite

show abstract

“…For Message Authentication Codes, alarm generation could be applied for mismatching hash digests. A combination of cryptographic prevention using continuous authentication for the detection is proposed in [13].…”

Section: A Detectionmentioning

confidence: 99%

Incident Reaction Based on Intrusion Detections’ Alert Analysis

Heigl

Doerr

Almaini

et al. 2018

2018 International Conference on Applied Electronics (AE)

View full text Add to dashboard Cite

The protection of internetworked systems by cryptographic techniques have crystallized as a fundamental aspect in establishing secure systems. Complementary, detection mechanisms for instance based on Intrusion Detection Systems has established itself as a fundamental part in holistic security ecosystems in the previous years. However, the interpretation of and reaction on detected incidents is still a challenging task. In this paper an incident handling environment with relevant components and exemplary functionality is proposed that involves the processes from the detection of incidents over their analysis to the execution of appropriate reactions. An evaluation of a selection of implemented interacting components using technology such as OpenFlow or Snort generally proofs the concept.

show abstract

“…Due to the lack of authentication in the CAN protocol, it is possible to masquerade an ECU or replace a legitimate ECU with a malicious one using a hardware device [8]. A device such as a hardware circuit board can also be attached to the CAN-Bus since the network wires of most vehicles are exposed in easy to find locations [14].…”

Section: Exploiting Can Vulnerabilitiesmentioning

confidence: 99%

“…One issue with CAN is that security was not even considered during its design stages since it was thought that vehicles would remain closed systems [7] and [8]. When vehicles were purely mechanical, the only way how one could gain access to a car is by physical access.…”

Section: Introductionmentioning

confidence: 99%

Security issues in controller area networks in automobiles

Buttigieg

Farrugia

Meli

2017

2017 18th International Conference on Sciences and Techniques of Automatic Control and Computer Engineering (STA)

View full text Add to dashboard Cite

Modern vehicles may contain a considerable number of ECUs (Electronic Control Units) which are connected through various means of communication, with the CAN (Controller Area Network) protocol being the most widely used. However, several vulnerabilities such as the lack of authentication and the lack of data encryption have been pointed out by several authors, which ultimately render vehicles unsafe to their users and surroundings. Moreover, the lack of security in modern automobiles has been studied and analyzed by other researchers as well as several reports about modern car hacking have (already) been published. The contribution of this work aimed to analyze and test the level of security and how resilient is the CAN protocol by taking a BMW E90 (3-series) instrument cluster as a sample for a proof of concept study. This investigation was carried out by building and developing a rogue device using cheap commercially available components while being connected to the same CAN-Bus as a man in the middle device in order to send spoofed messages to the instrument cluster.

show abstract

A simple intrusion detection method for controller area network

Cited by 24 publications

References 14 publications

A taxonomy and survey of cyber-physical intrusion detection approaches for vehicles

A taxonomy and survey of cyber-physical intrusion detection approaches for vehicles

Incident Reaction Based on Intrusion Detections’ Alert Analysis

Security issues in controller area networks in automobiles

Contact Info

Product

Resources

About