Connected Vehicles Security; CAN Bus Reverse Engineering; Machine Learning; Frame Identification
Abstract :
[en] Modern connected vehicles are equipped with a large number of sensors, which enable a wide range of services that can improve overall traffic safety and efficiency. However, remote access to connected vehicles also introduces new security issues affecting both inter and intra-vehicle communications. In fact, existing intra-vehicle communication systems, such as Controller Area Network (CAN), lack security features, such as encryption and secure authentication for Electronic Control Units (ECUs). Instead, Original Equipment Manufacturers (OEMs) seek security through obscurity by keeping secret the proprietary format with which they encode the information. Recently, it has been shown that the reuse of CAN frame IDs can be exploited to perform CAN bus reverse engineering without physical access to the vehicle, thus raising further security concerns in a connected environment. This work investigates whether anonymizing the frames of each newly released vehicle is sufficient to prevent CAN bus reverse engineering based on frame ID matching. The results show that, by adopting Machine Learning techniques, anonymized CAN frames can still be fingerprinted and identified in an unknown vehicle with an accuracy of up to 80 %.
Disciplines :
Computer science
Author, co-author :
Buscemi, Alessio ; University of Luxembourg > Faculty of Science, Technology and Medicine (FSTM) > Department of Computer Science (DCS)
Turcanu, Ion; Luxembourg Institute of Science & Technology - LIST > ITIS
Castignani, German; University of Luxembourg > FSTM
Engel, Thomas ; University of Luxembourg > Faculty of Science, Technology and Medicine (FSTM) > Department of Computer Science (DCS)
External co-authors :
no
Language :
English
Title :
On Frame Fingerprinting and Controller Area Networks Security in Connected Vehicles
M. Bertoncello, G. Camplone, P. Gao, et al., "Monetizing car data-new service business opportunities to create new customer benefits, " McKinsey & Company, 2016.
L. Nkenyereye and J.-W. Jang, "Integration of big data for querying CAN bus data from connected car, " in 9th International Conference on Ubiquitous and Future Networks (ICUFN), 2017, pp. 946-950.
V. H. Le, J. den Hartog, and N. Zannone, "Security and privacy for innovative automotive applications: A survey, " Computer Communications, vol. 132, pp. 17-41, 2018.
J. Cui, L. S. Liew, G. Sabaliauskaite, and F. Zhou, "A review on safety failures, security attacks, and available countermeasures for autonomous vehicles, " Ad Hoc Networks, vol. 90, p. 101 823, 2019.
W. Wu, R. Li, G. Xie, et al., "A survey of intrusion detection for in-vehicle networks, " IEEE Transactions on Intelligent Transportation Systems, vol. 21, no. 3, pp. 919-933, 2019.
G. Brindescu. "DARPA Hacked a Chevy Impala Through Its OnStar System. " (2015), [Online]. Available: https://www. autoevolution. com/news/darpa-hacked-a-chevy-impala-through-its-onstar-system-video-92194. html (visited on 04/02/2021).
C. Miller and C. Valasek, "Remote exploitation of an unaltered passenger vehicle, " Black Hat USA, vol. 2015, no. S 91, 2015.
C. Quigley, D. Charles, and R. McLaughlin, "CAN Bus Message Electrical Signatures for Automotive Reverse Engineering, Bench Marking and Rogue ECU Detection, " in SAE Technical Paper, SAE International, Apr. 2019.
A. Buscemi, I. Turcanu, G. Castignani, R. Crunelle, and T. Engel, "Poster: A Methodology for Semi-Automated CAN Bus Reverse Engineering, " in 13th IEEE Vehicular Networking Conference (VNC), IEEE, Nov. 2021.
M. Jaynes, R. Dantu, R. Varriale, and N. Evans, "Automating ECU identification for vehicle security, " in 15th International Conference on Machine Learning and Applications (ICMLA), IEEE, 2016, pp. 632-635.
M. Marchetti and D. Stabili, "READ: Reverse engineering of automotive data frames, " IEEE Transactions on Information Forensics and Security, vol. 14, no. 4, pp. 1083-1097, 2018.
M. D. Pese, T. Stacer, C. A. Campos, E. Newberry, D. Chen, and K. G. Shin, "LibreCAN: Automated CAN Message Translator, " in Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security (CCS), ACM, 2019, pp. 2283-2300.
M. R. Moore, R. A. Bridges, F. L. Combs, and A. L. Anderson, "Data-Driven Extraction of Vehicle States From CAN Bus Traffic for Cyberprotection and Safety, " IEEE Consumer Electronics Magazine, vol. 8, no. 6, pp. 104-110, 2019.
A. Buscemi, G. Castignani, T. Engel, and I. Turcanu, "A Data-Driven Minimal Approach for CAN Bus Reverse Engineering, " in 3rd IEEE Connected and Automated Vehicles Symposium (CAVS), Victoria, Canada: IEEE, Oct. 2020.
A. Buscemi, I. Turcanu, G. Castignani, R. Crunelle, and T. Engel, "CANMatch: A Fully Automated Tool for CAN Bus Reverse Engineering based on Frame Matching, " IEEE Transactions on Vehicular Technology, vol. 70, no. 12, Nov. 2021.
B. C. Nolan, S. Graham, B. Mullins, and C. S. Kabban, "Unsupervised time series extraction from controller area network payloads, " in IEEE 88th Vehicular Technology Conference (VTC-Fall), IEEE, 2018, pp. 1-5.
K.-T. Cho and K. G. Shin, "Fingerprinting Electronic Control Units for Vehicle Intrusion Detection, " in 25th USENIX Security Symposium (USENIX Security 16), Aug. 2016, pp. 911-927.
C. Geng, S. Huang, and S. Chen, "Recent Advances in Open Set Recognition: A Survey, " CoRR, vol. abs/1811. 08581, 2018.
P. R. M. Junior, R. Souza, R. de Oliveira Werneck, et al., "Nearest neighbors distance ratio open-set classifier, " Machine Learning, vol. 106, pp. 359-386, 2016.
T. K. Ho, "Random decision forests, " in Proceedings of 3rd International Conference on Document Analysis and Recognition, vol. 1, 1995, 278-282 vol. 1.
M. Z. Alom, T. M. Taha, C. Yakopcic, et al., "A State-of-the-Art Survey on Deep Learning Theory and Architectures, " Electronics, vol. 8, no. 3, 2019.
A. Bendale and T. E. Boult, "Towards Open Set Deep Networks, " in 2016 IEEE Conference on Computer Vision and Pattern Recognition (CVPR), 2016, pp. 1563-1572.
L. P. Jain, W. J. Scheirer, and T. E. Boult, "Multi-class Open Set Recognition Using Probability of Inclusion, " in Computer Vision-ECCV 2014, D. Fleet, T. Pajdla, B. Schiele, and T. Tuytelaars, Eds., Springer International Publishing, 2014, pp. 393-409.
E. M. Rudd, L. P. Jain, W. J. Scheirer, and T. E. Boult, "The Extreme Value Machine, " CoRR, vol. abs/1506. 06112, 2015. [Online]. Available: http://arxiv. org/abs/1506. 06112.
S. Kotz and S. Nadarajah, Extreme value distributions: theory and applications, W. Scientific, Ed. 2000.
A. Niculescu-Mizil and R. Caruana, "Predicting Good Probabilities with Supervised Learning, " in Proceedings of the 22nd International Conference on Machine Learning, ser. ICML '05, Bonn, Germany: Association for Computing Machinery, 2005, pp. 625-632.