Covert Channel-Based Transmitter Authentication in Controller Area Networks

Xiang, Ying; Bernieri, Giuseppe; Conti, Mauro; Bushnell, Linda; Poovendran, Radha

doi:10.1109/tdsc.2021.3068213

Cited by 16 publications

(17 citation statements)

References 26 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Among the software solutions is TACAN [33], a covertchannel based solution. It shares a master key between an ECU and the Monitor Node to generate shared session keys.…”

Section: Related Workmentioning

confidence: 99%

CINNAMON: A Module for AUTOSAR Secure Onboard Communication

Bella

Biondi

Costantino

et al. 2020

2020 16th European Dependable Computing Conference (EDCC)

View full text Add to dashboard Cite

This paper introduces CINNAMON, a software module that extends and seamlessly integrates with the AU-TOSAR "Secure Onboard Communication" (SecOC) module [3],[5] to also account for confidentiality of data in transit.It stands for Confidential, INtegral aNd Authentic on board coMunicatiON (CINNAMON). It takes a resource-efficient and practical approach to ensure, at the same time, confidentiality, integrity and authenticity of frames. The main new requirement that CINNAMON puts forward is the use of encryption and thus, as a result, CINNAMON exceeds SecOC against information gathering attacks.This paper sets forth the essential requirements and specification of the new module by detailing where and how to position it within AUTOSAR and by emphasizing the relevant upgrades with respect to SecOC. The presentation continues with the definition of a Security Profile and a summary of a prototype implementation of ours [8], [9]. While CINNAMON is easily extensible, for example through the definition of additional profiles, the current performances obtained on inexpensive boards support the claim that the approach is feasible.

show abstract

“…Among the software solutions is TACAN [33], a covertchannel based solution. It shares a master key between an ECU and the Monitor Node to generate shared session keys.…”

Section: Related Workmentioning

confidence: 99%

CINNAMON: A Module for AUTOSAR Secure Onboard Communication

Bella

Biondi

Costantino

et al. 2020

2020 16th European Dependable Computing Conference (EDCC)

View full text Add to dashboard Cite

show abstract

“…The covert traffic is encoded within the output noise of the covertly-transmitting sensor, whose distribution is indistinguishable from that of a benign sensor. Finally, in [34], Ying et al utilised covert channels to build an effective defensive technique that facilitates transmitter authentication via a trusted monitor node for automotive applications. In particular, the authors presented transmitter authentication for controller area network (TACAN), which provides secure authentication of electronic control units (ECUs) by exploiting the covert channels without introducing CAN protocol modifications or traffic overheads.…”

Section: Related Workmentioning

confidence: 99%

Wyner wiretap‐like encoding scheme for cyber‐physical systems

Lúcia

Youssef

2020

IET cyber-phys. syst.

View full text Add to dashboard Cite

In this study, the authors consider the problem of exchanging secrete messages in cyber-physical systems (CPSs) without resorting to cryptographic solutions. In particular, they consider a CPS where the networked controller wants to send a secrete message to the plant. They show that such a problem can be solved by exploiting a Wyner wiretap-like encoding scheme taking advantage of the closed-loop operations typical of feedback control systems. Specifically, by resorting to the control concept of one-step reachable sets, they first show that a wiretap-like encoding scheme exists whenever there is an asymmetry in the plant model knowledge available to control system (the defender) and to the eavesdropper. The effectiveness of the proposed scheme is confirmed by means of a numerical example. Finally, they conclude the study by presenting open design challenges that can be addressed by the research community to improve, in different directions, the secrete message exchange problem in CPSs.

show abstract

“…Security solutions for CAN can be broadly classified into schemes that add cryptographic measures to the CAN bus [8]- [10], [18] and anomaly-based IDSs that 1) analyze the traffic on the CAN bus including message contents [19]- [21], timing/frequency [15], [22]- [25], entropy [26], and survival rates [27], 2) exploit the physical characteristics of ECUs extracted from in-vehicle sensing data [28]- [30] or measurements [11], [13], [14], [31], [32], and 3) exploit the characteristics of the CAN protocol, such as the remote frame [33]. Compared to the CAN traffic, it is more difficult for adversaries to imitate the physical characteristics of ECUs, such as the mean squared error of voltage measurements [11].…”

Section: Related Workmentioning

confidence: 99%

Shape of the Cloak: Formal Analysis of Clock Skew-Based Intrusion Detection System in Controller Area Networks

Xiang

Sagong

Clark

et al. 2019

IEEE Trans.Inform.Forensic Secur.

Self Cite

View full text Add to dashboard Cite

This paper presents a new masquerade attack called the cloaking attack and provides formal analyses for clock skewbased Intrusion Detection Systems (IDSs) that detect masquerade attacks in the Controller Area Network (CAN) in automobiles. In the cloaking attack, the adversary manipulates the message inter-transmission times of spoofed messages by adding delays so as to emulate a desired clock skew and avoid detection. In order to predict and characterize the impact of the cloaking attack in terms of the attack success probability on a given CAN bus and IDS, we develop formal models for two clock skew-based IDSs, i.e., the state-of-the-art (SOTA) IDS and its adaptation to the widely used Network Time Protocol (NTP), using parameters of the attacker, the detector, and the hardware platform. To the best of our knowledge, this is the first paper that provides formal analyses of clock skew-based IDSs in automotive CAN. We implement the cloaking attack on two hardware testbeds, a prototype and a real vehicle (the University of Washington (UW) EcoCAR), and demonstrate its effectiveness against both the SOTA and NTP-based IDSs. We validate our formal analyses through extensive experiments for different messages, IDS settings, and vehicles. By comparing each predicted attack success probability curve against its experimental curve, we find that the average prediction error is within 3.0% for the SOTA IDS and 5.7% for the NTP-based IDS.

show abstract

Covert Channel-Based Transmitter Authentication in Controller Area Networks

Cited by 16 publications

References 26 publications

CINNAMON: A Module for AUTOSAR Secure Onboard Communication

CINNAMON: A Module for AUTOSAR Secure Onboard Communication

Wyner wiretap‐like encoding scheme for cyber‐physical systems

Shape of the Cloak: Formal Analysis of Clock Skew-Based Intrusion Detection System in Controller Area Networks

Contact Info

Product

Resources

About