Evading Voltage-Based Intrusion Detection on Automotive CAN

Rohit Bhatia, Vireshwar Kumar, Khaled Serag, Z. Berkay Celik, Mathias Payer, Dongyan Xu

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

34 Citations (Scopus)

Abstract

The controller area network (CAN) is widely adopted in modern automobiles to enable communications among in-vehicle electronic control units (ECUs). Lacking mainstream network security capabilities due to resource constraints, the CAN is susceptible to the ECU masquerade attack in which a compromised (attacker) ECU impersonates an uncompromised (victim) ECU and spoofs the latter's CAN messages. A cost-effective state-of-the-art defense against such attacks is the CAN bus voltage-based intrusion detection system (VIDS), which identifies the source of each message using its voltage fingerprint on the bus. Since the voltage fingerprint emanates from an ECU's hardware characteristics, an attacker ECU by itself cannot controllably modify it. As such, VIDS has been proved effective in detecting masquerade attacks that each involve a single attacker. In this paper, we discover a novel voltage corruption tactic that leverages the capabilities of two compromised ECUs (i.e., an attacker ECU working in tandem with an accomplice ECU) to corrupt the bus voltages recorded by the VIDS. By exploiting this tactic along with the fundamental deficiencies of the CAN protocol, we propose a novel masquerade attack called DUET, which evades all existing VIDS irrespective of the features and classification algorithms employed in them. DUET follows a two-stage attack strategy to first manipulate a victim ECU's voltage fingerprint during VIDS retraining mode, and then impersonate the manipulated fingerprint during VIDS operation mode. Our evaluation of DUET on real CAN buses (including three in two real cars) demonstrates an impersonation success rate of at least 90% in evading two state-of-the-art VIDS. Finally, to mitigate ECU masquerade attacks, we advocate the development of cost-effective defenses that break away from the “attack vs. IDS” arms race. We propose a lightweight defense called RAID, which enables each ECU to make protocol-compatible modifications in its frame format generating a unique dialect (spoken by ECUs) during VIDS retraining mode. RAID prevents corruption of ECUs' voltage fingerprints, and re-enables VIDS to detect all ECU masquerade attacks including DUET.

Original languageEnglish
Title of host publication28th Annual Network and Distributed System Security Symposium, NDSS 2021
PublisherThe Internet Society
ISBN (Electronic)1891562665, 9781891562662
DOIs
Publication statusPublished - 2021
Externally publishedYes
Event28th Annual Network and Distributed System Security Symposium, NDSS 2021 - Virtual, Online
Duration: 21 Feb 202125 Feb 2021

Publication series

Name28th Annual Network and Distributed System Security Symposium, NDSS 2021

Conference

Conference28th Annual Network and Distributed System Security Symposium, NDSS 2021
CityVirtual, Online
Period21/02/2125/02/21

Fingerprint

Dive into the research topics of 'Evading Voltage-Based Intrusion Detection on Automotive CAN'. Together they form a unique fingerprint.

Cite this