An Intrusion Detection System Against Rogue Master Attacks on gPTP

in Buscemi, Alessio; Ponaka, Manasvi; Fotouhi, Mahdi (Eds.) et al IEEE Vehicular Technology Conference (VTC2023-Spring), Florence 20-23 June 2023 (2023, July)

Due to the promise of deterministic Ethernet networking, Time Sensitive Network (TSN) standards are gaining popularity in the vehicle on-board networks sector. Among these, Generalized Precision Time ... [more ▼]

Due to the promise of deterministic Ethernet networking, Time Sensitive Network (TSN) standards are gaining popularity in the vehicle on-board networks sector. Among these, Generalized Precision Time Protocol (gPTP) allows network devices to be synchronized with a greater degree of precision than other synchronization protocols, such as Network Time Protocol (NTP). However, gPTP was developed without security measures, making it susceptible to a variety of attacks. Adding security controls is the initial step in securing the protocol. However, due to current gPTP design limitations, this countermeasure is insufficient to protect against all types of threats. In this paper, we present a novel supervised Machine Learning (ML)-based pipeline for the detection of high-risk rogue master attacks. [less ▲]

Automation of Controller Area Network Reverse Engineering: Approaches, Opportunities and Security Threats

Doctoral thesis (2022)

Controller Area Network (CAN ) is the de-facto in-vehicle communication system in the automotive industry today. CAN data represents a valuable source of information regarding the vehicle, which can be ... [more ▼]

Controller Area Network (CAN ) is the de-facto in-vehicle communication system in the automotive industry today. CAN data represents a valuable source of information regarding the vehicle, which can be exploited for a multitude of purposes by aftermarket companies, from fleet management to infotainment. With the rise of Vehicular Ad Hoc Networks (VANETs) and autonomous driving, we can expect the amount of data transiting on the CAN bus to further augment in the near future. While not encrypted, the communication inside the CAN bus is typically encoded using proprietary formats of the Original Equipment Manufacturers (OEM s) in order to prevent easy access to the information exchanged on the network. However, given the unwillingness of the OEM s to disclose the formats of most of the CAN signals of commercial vehicles (cars in particular) to the general public, the most common way to obtain such information is through reverse engineering. Recently, researchers have started investigating the automation of this process to make it faster, scalable and standardised. Aside from the evident advantages that it would bring to the industry, the automation of CAN bus reverse engineering has also gained interest in the scientific community, where automotive cybersecurity is a prominent topic. While achieving convincing results, the automation of CAN reverse engineering is still invasive, often includes complex hardware configurations or requires the presence of a human operator in the vehicle. This dissertation aims to analyse the main advancements achieved in the field of CAN bus reverse engineering and shed light on open issues. In the first part of this dissertation, we explore opportunities and challenges of the automation of CAN bus reverse engineering and present three approaches that achieve different degrees of automation. The first, FastCAN, is based on the taxonomy of signals. Its goal is to provide a complete, standardised and modular pipeline for semi-automated reverse engineering and reduce the total time for data collection. The second, CSI, is a Machine Learning (ML )-based algorithm for the identification of critical signals working under limited assumptions. We use CSI as a case study to investigate whether CAN reverse engineering can be achieved with no other hardware than a dongle for the collection of raw data. The third, CANMatch, is a complete and fully automated approach based on frame matching. Through CANMatch we seek to demonstrate that the reuse of CAN frame IDs can be exploited to reverse engineer a high number of signals with minimal hardware requirements and human effort. In the second part of this dissertation, we discuss the implications that the full automation of the reverse engineering process has on the security of the bus. In this context, we investigate whether the anonymisation of the CAN frame IDs is sufficient to prevent frame-matching based reverse engineering. The results highlight that ML models can fingerprint CAN frames despite the anonymisation of their IDs. Finally, we propose a defence against frame fingerprinting based on traffic mutations, such as padding on the payload and morphing on the sending frequency. We conclude that traffic mutations are a promising study direction to prevent frame-matching based reverse engineering. [less ▲]

CANMatch: A Fully Automated Tool for CAN Bus Reverse Engineering based on Frame Matching

in IEEE Transactions on Vehicular Technology (2021)

Controller Area Network (CAN) is the most frequently used in-vehicle communication system in the automotive industry today. The communication inside the CAN bus is typically encoded using proprietary ... [more ▼]

Controller Area Network (CAN) is the most frequently used in-vehicle communication system in the automotive industry today. The communication inside the CAN bus is typically encoded using proprietary formats in order to prevent easy access to the information exchanged on the bus. However, it is still possible to decode this information through reverse engineering, performed either manually or via automated tools. Existing automated CAN bus reverse engineering methods are still time-consuming and require some manual effort, i.e., to inject diagnostic messages in order to trigger specific responses. In this paper, we propose CANMatch a fully automated CAN bus reverse engineering framework that does not require any manual effort and significantly decreases the execution time by exploiting the reuse of CAN frames across different vehicle models. We evaluate the proposed solution on a dataset of CAN logs, or traces, related to 479 vehicles from 29 different automotive manufacturers, demonstrating its improved performance with respect to the state of the art. [less ▲]

A Data-Driven Minimal Approach for CAN Bus Reverse Engineering

in 3rd IEEE Connected and Automated Vehicles Symposium, Victoria, Canada, 4-5 October 2020 (2020)

Current in-vehicle communication systems lack security features, such as encryption and secure authentication. The approach most commonly used by car manufacturers is to achieve security through obscurity ... [more ▼]

Current in-vehicle communication systems lack security features, such as encryption and secure authentication. The approach most commonly used by car manufacturers is to achieve security through obscurity – keep the proprietary format used to encode the information secret. However, it is still possible to decode this information via reverse engineering. Existing reverse engineering methods typically require physical access to the vehicle and are time consuming. In this paper, we present a Machine Learning-based method that performs automated Controller Area Network (CAN) bus reverse engineering while requiring minimal time, hardware equipment, and potentially no physical access to the vehicle. Our results demonstrate high accuracy in identifying critical vehicle functions just from analysing raw traces of CAN data. [less ▲]