Connected Vehicles Security; CAN Bus Reverse Engineering; Fingerprinting; Morphing; Machine Learning
[en] The continuous increase of connectivity in commercial vehicles is leading to a higher number of remote access points to the Controller Area Network (CAN) – the most popular in-vehicle network system. This factor, coupled with the absence of encryption in the communication protocol, poses serious threats to the security of the CAN bus. Recently, it has been demonstrated that CAN data can be reverse engineered via frame fingerprinting, i.e., identification of frames based on statistical traffic analysis. Such a methodology allows fully remote decoding of in-vehicle data and paves the way for remote pre-compiled vehicle-agnostic attacks. In this work, we propose a first solution against CAN frame fingerprinting based on mutating the traffic without applying modifications to the CAN protocol. The results show that the proposed methodology halves the accuracy of CAN frame fingerprinting.
Author, co-author :
Buscemi, Alessio ; University of Luxembourg > Faculty of Science, Technology and Medicine (FSTM) > Department of Computer Science (DCS)
Turcanu, Ion; Luxembourg Institute of Science & Technology - LIST
Castignani, German ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)
Engel, Thomas ; University of Luxembourg > Faculty of Science, Technology and Medicine (FSTM) > Department of Computer Science (DCS)
External co-authors :
Preventing Frame Fingerprinting in Controller Area Network Through Traffic Mutation
Publication date :
Event name :
IEEE ICC 2022 Workshop - DDINS
Event date :
from 16-05-2022 to 20-05-2022
Main work title :
IEEE ICC 2022 Workshop - DDINS, Seoul 16-20 May 2022
Peer reviewed :
FnR Project :
FNR10621687 > Sjouke Mauw > SPsquared > Security And Privacy For System Protection > 01/01/2017 > 30/06/2023 > 2015
W. Wu, R. Li, G. Xie, J. An, Y. Bai, J. Zhou, and K. Li, "A survey of intrusion detection for in-vehicle networks, " IEEE Transactions on Intelligent Transportation Systems, vol. 21, no. 3, pp. 919-933, 2019.
G. Brindescu. (2015). "DARPA Hacked a Chevy Impala Through Its OnStar System, " [Online]. Available: https://www. autoevolution. com/news/darpa-hacked-a-chevy-impala-through-its-onstar-system-video-92194. html (visited on 04/02/2021).
S. Woo, H. J. Jo, and D. H. Lee, "A Practical Wireless Attack on the Connected Car and Security Protocol for In-Vehicle CAN, " IEEE Transactions on Intelligent Transportation Systems, vol. 16, no. 2, pp. 993-1006, 2015.
C. Miller and C. Valasek, "Remote exploitation of an unaltered passenger vehicle, " Black Hat USA, vol. 2015, no. S 91, 2015.
C. Quigley, D. Charles, and R. McLaughlin, "CAN Bus Message Electrical Signatures for Automotive Reverse Engineering, Bench Marking and Rogue ECU Detection, " in SAE Technical Paper, SAE International, Apr. 2019.
M. Marchetti and D. Stabili, "READ: Reverse engineering of automotive data frames, " IEEE Transactions on Information Forensics and Security, vol. 14, no. 4, pp. 1083-1097, 2018.
M. D. Pesé, T. Stacer, C. A. Campos, E. Newberry, D. Chen, and K. G. Shin, "LibreCAN: Automated CAN Message Translator, " in Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security (CCS), ACM, 2019, pp. 2283-2300.
A. Buscemi, I. Turcanu, G. Castignani, R. Crunelle, and T. Engel, "Poster: A Methodology for Semi-Automated CAN Bus Reverse Engineering, " in 13th IEEE Vehicular Networking Conference (VNC 2021), IEEE, Nov. 2021, pp. 125-126.
W. Choi, S. Lee, K. Joo, H. J. Jo, and D. H. Lee, "An Enhanced Method for Reverse Engineering CAN Data Payload, " IEEE Transactions on Vehicular Technology, vol. 70, no. 4, pp. 3371-3381, 2021.
A. Buscemi, I. Turcanu, G. Castignani, R. Crunelle, and T. Engel, "CANMatch: A Fully Automated Tool for CAN Bus Reverse Engineering based on Frame Matching, " IEEE Transactions on Vehicular Technology, vol. 70, no. 12, pp. 12 358-12 373, Nov. 2021.
A. Buscemi, I. Turcanu, G. Castignani, and T. Engel, "On Frame Fingerprinting and Controller Area Networks Security in Connected Vehicles, " in IEEE Consumer Communications & Networking Conference (CCNC), Virtual Conference: IEEE, Jan. 2022.
M. Liberatore and B. N. Levine, "Inferring the Source of Encrypted HTTP Connections, " ser. CCS '06, Alexandria, Virginia, USA: Association for Computing Machinery, 2006, pp. 255-263.
C. V. Wright, S. E. Coull, and F. Monrose, "Traffic Morphing: An Efficient Defense Against Statistical Traffic Analysis., " in NDSS, Citeseer, vol. 9, 2009.
T. O. Router. (2017). "Tor 0. 3. 1. 7, " [Online]. Available: https://blog. Torproject. org/tor-0317-now-released (visited on 10/18/2021).
L. Chaddad, A. Chehab, I. H. Elhajj, and A. Kayssi, "App traffic mutation: Toward defending against mobile statistical traffic analysis, " in IEEE INFOCOM 2018-IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), IEEE, 2018, pp. 27-32.
W. B. Moore, H. Tan, M. Sherr, and M. A. Maloof, "Multi-class traffic morphing for encrypted voip communication, " in International Conference on Financial Cryptography and Data Security, Springer, 2015, pp. 65-85.
I. Hafeez, M. Antikainen, and S. Tarkoma, "Protecting IoT-environments against traffic analysis attacks with traffic morphing, " in IEEE International Conference on Pervasive Computing and Communications Workshops (PerCom Workshops), IEEE, 2019, pp. 196-201.
K.-T. Cho and K. G. Shin, "Fingerprinting Electronic Control Units for Vehicle Intrusion Detection, " in 25th USENIX Security Symposium (USENIX Security 16), Aug. 2016, pp. 911-927.
C. Geng, S.-J. Huang, and S. Chen, "Recent Advances in Open Set Recognition: A Survey, " CoRR, vol. abs/1811. 08581, 2018.