Using ID-Hopping to Defend Against Targeted DoS on CAN

Humayed, Abdulmalik; Luo, Bo

doi:10.1145/3055378.3055382

Cited by 25 publications

(12 citation statements)

References 14 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The T 1 of the similarity-based IDS meets the 10 ms of the requirement, whereas the entropy-based IDS's T 1 does not meet the requirement. Thus, we confirmed that the similarity-based Incidentally, in ID-Hopping Mechanism [6]- [8] which avoids Targeted DoS attacks, the average overhead required for AES encryption to generate a one-time ID and for newly setting the CAN ID register are 20.23 µs and 0.2 µs respectively. Therefore, the impact of achieving rapid IDS 14 µs faster than the entropy-based IDS is worth to cancel the overhead for utilizing the conventional IDS and the ID-Hopping Mechanism together.…”

Section: B Detection Timesupporting

confidence: 74%

“…There are three types of DoS attacks on CAN according to the report [6] Here, we describe that the realization of the entropymanipulated attack. Firstly, after an adversary intrudes an ECU from some external network, the adversary sniffs the messages of CAN.…”

Section: ) Attack Modelmentioning

confidence: 99%

“…To disable DoS attacks, a security solution different from encryption and authentication is necessary. In order to prevent a DoS attack of one type in which an adversary sends messages to flood the buffer of receiving ECU, Intrusion Prevention System (IPS) defenses have been proposed [6]- [8]. However, these methods do not affect other DoS attacks, in which an adversary sends many messages of the highest CAN ID priority.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Normal and Malicious Sliding Windows Similarity Analysis Method for Fast and Accurate IDS Against DoS Attacks on In-Vehicle Networks

et al. 2020

View full text Add to dashboard Cite

Controller Area Network (CAN) is a de facto standard of in-vehicle networks. Since CAN employs broadcast communication and a slower network than other general networks (e.g. Ethernet, IEEE802.11), it is inherently vulnerable to Denial-of-Service (DoS) attacks. As a countermeasure against DoS attacks on CAN, a method for detecting a DoS attack using the entropy in a sliding window has been proposed. This method has a good advantage in terms of effectiveness and the small computational overhead. However, this method may only be effective against DoS attacks under naive conditions such as some higher priority messages. In addition, if an adversary can adjust the entropy of the DoS attack to its normal value, the conventional method cannot detect a DoS attack in which the adversary manipulates the entropy. We found this type of DoS attack, which is called an entropy-manipulated attack. In this paper, we propose a method that can detect an entropy-manipulated attack by using the similarity of two sliding windows. We confirmed that the proposed method detected the DoS attack in 100% of the cases in our experiment, and we showed that the detection time is up to 93% (14 µs) shorter than the conventional method.INDEX TERMS Automotive security, controller area network, DoS attack, intrusion detection system, simulated annealing.

show abstract

Section: B Detection Timesupporting

confidence: 74%

Section: ) Attack Modelmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Normal and Malicious Sliding Windows Similarity Analysis Method for Fast and Accurate IDS Against DoS Attacks on In-Vehicle Networks

et al. 2020

View full text Add to dashboard Cite

show abstract

“…ID hopping: Humayed and Luo [11] proposed an ID hopping method to prevent target DoS attack. When the attack was detected, the proposed method changed IDs by adding an offset to original IDs.…”

Section: Related Workmentioning

confidence: 99%

“…• A range division algorithm divides the all ID spaces (2 11 ) into random sizes. Through the key, H, and RN, a range division algorithm distributes the range randomly each session.…”

Section: ) Substitution Table Initializationmentioning

confidence: 99%

Catch ID if You CAN: Dynamic ID Virtualization Mechanism for the Controller Area Network

et al. 2019

View full text Add to dashboard Cite

The controller area network (CAN) is the most widely used in-vehicle network to communicate among electronic control units. However, the CAN does not provide security functionalities, such as encryption or message authentication. Attackers can analyze CAN logs and inject valid messages based on the analysis to cause malfunctions. Thus, security functions appropriate to the CAN environment are required to prevent attacks. In this paper, we propose a dynamic identifier (ID) virtualization method that prevents CAN logs from being analyzed and makes it difficult for attackers to generate valid messages. We implement a virtualization module to perform dynamic ID virtualization and measure the delay and computational overhead caused by the proposed method. Additionally, we demonstrate the security of the proposed method.INDEX TERMS Controller area network, vehicular security, network security, in-vehicle network.

show abstract

Cybersecurity protection on in‐vehicle networks for distributed automotive cyber‐physical systems: State‐of‐the‐art and future challenges

Xie

Zhou

et al. 2021

Softw Pract Exp

View full text Add to dashboard Cite

The ever‐evolving trip mode of human being leads the automobiles moving toward connected, autonomous, sharing, and electrified vehicles rapidly. But the connection introduces new cybersecurity problems on in‐vehicle networks, which poses great challenges for safety guarantee of distributed automotive cyber‐physical systems. This article first analyzes the cybersecurity vulnerabilities and defines the security requirements for in‐vehicle networks, and then introduces the architecture evolution of in‐vehicle network. Based on the definition on architecture of in‐vehicle networks, this article defines a security protection framework for it. And then, it surveys the state‐of‐the‐art works for availability protection, integrity protection, and confidentiality protection of in‐vehicle networks, respectively, and detailed analysis and comparisons are given about the proposed cybersecurity protection mechanisms. Finally, it summarizes the future challenges for cybersecurity protection of in‐vehicle networks, and proposes possible solutions for these challenges.

show abstract

Using ID-Hopping to Defend Against Targeted DoS on CAN

Cited by 25 publications

References 14 publications

Normal and Malicious Sliding Windows Similarity Analysis Method for Fast and Accurate IDS Against DoS Attacks on In-Vehicle Networks

Normal and Malicious Sliding Windows Similarity Analysis Method for Fast and Accurate IDS Against DoS Attacks on In-Vehicle Networks

Catch ID if You CAN: Dynamic ID Virtualization Mechanism for the Controller Area Network

Cybersecurity protection on in‐vehicle networks for distributed automotive cyber‐physical systems: State‐of‐the‐art and future challenges

Contact Info

Product

Resources

About