ERACAN: Defending Against an Emerging CAN Threat Model
Authors: 
Zhaozhou Tang, Khaled Serag, Saman Zonouz, Z. Berkay Celik, Dongyan Xu, Raheem BeyahAuthors Info & Claims
Zhaozhou Tang, Khaled Serag, Saman Zonouz, Z. Berkay Celik, Dongyan Xu, Raheem BeyahAuthors Info & ClaimsPages 1894 - 1908
Abstract
The Controller Area Network (CAN) is a pivotal communication protocol extensively utilized in vehicles, aircraft, factories, and diverse cyber-physical systems (CPSs). The extensive CAN security literature resulting from decades of wide usage may create an impression of thorough scrutiny. However, a closer look reveals its reliance on a specific threat model with a limited range of abilities. Notably, recent works show that this model is outdated and that a more potent and versatile model could soon become the norm, prompting the need for a new defense paradigm. Unfortunately, the security impact of this emerging model on CAN systems has not received sufficient attention, and the defense systems addressing it are almost nonexistent. In this paper, we introduce ERACAN, the first comprehensive defense system against this new threat model. We first begin with a threat analysis to ensure that ERACAN comprehensively understands this model's capabilities, evasion tactics, and propensity to enable new attacks or enhance existing ones. ERACAN offers versatile protection against this spectrum of threats, providing attack detection, classification, and optional prevention abilities. We implement and evaluate ERACAN on a testbed and a real vehicle's CAN bus to demonstrate its low latency, real-time operation, and protective capabilities. ERACAN achieves detection rates of 100% and 99.7%+ for all attacks launched by the conventional and the enhanced threat models, respectively.
References
[1]
Natasha Alkhatib, Lina Achaji, Maria Mushtaq, Hadi Ghauch, and Jean-Luc Danger. 2023. WIP: AMICA: Attention-based Multi-Identifier model for asynchronous intrusion detection on Controller Area networks. In Symposium on Vehicles Security and Privacy (VehicleSec).
[2]
Khaled Serag Alsharif. 2023. PROACTIVE VULNERABILITY IDENTIFICATION AND DEFENSE CONSTRUCTION -- THE CASE FOR CAN. (2023).
[3]
AMD. 2024. XA Automotive Product Selection Guide. https://docs.amd.com/v/u/en-US/xa-portfolio-product-selection-guide.
[4]
Rohit Bhatia, Vireshwar Kumar, Khaled Serag, Z Berkay Celik, Mathias Payer, and Dongyan Xu. 2021. Evading Voltage-Based Intrusion Detection on Automotive CAN. In Network and Distributed System Security Symposium (NDSS).
[5]
Benjamin Blase. 2015. tdc-fpga: Time to digital converter for use on a Xilinx 7-series FPGA. https://github.com/benbr8/tdc-fpga.
[6]
Tim Brom. 2018. CANT. https://github.com/bitbane/CANT.
[7]
Paolo Cerracchio, Stefano Longari, Michele Carminati, and Stefano Zanero. 2024. Investigating the Impact of Evasion Attacks Against Automotive Intrusion Detection Systems. In Symposium on Vehicles Security and Privacy (VehicleSec).
[8]
Stephen Checkoway, Damon McCoy, Brian Kantor, Danny Anderson, Hovav Shacham, Stefan Savage, Karl Koscher, Alexei Czeskis, Franziska Roesner, and Tadayoshi Kohno. 2011. Comprehensive Experimental Analyses of Automotive Attack Surfaces. In USENIX Security Symposium.
[9]
Kyong-Tak Cho and Kang G. Shin. 2016. Error Handling of In-vehicle Networks Makes Them Vulnerable. In ACM SIGSAC Conference on Computer and Communications Security (CCS).
[10]
Kyong-Tak Cho and Kang G. Shin. 2017. Viden: Attacker Identification on In-Vehicle Networks. In ACM SIGSAC Conference on Computer and Communications Security (CCS).
[11]
Kyong-Tak Cho and Kang G. Shin. 2016. Fingerprinting electronic control units for vehicle intrusion detection. In USENIX Security Symposium.
[12]
Wonsuk Choi, Hyo Jin Jo, Samuel Woo, Ji Young Chun, Jooyoung Park, and Dong Hoon Lee. 2018. Identifying ECUs Using Inimitable Characteristics of Signals in Controller Area Networks. IEEE Transactions on Vehicular Technology (2018).
[13]
Wonsuk Choi, Kyungho Joo, Hyo Jin Jo, Moon Chan Park, and Dong Hoon Lee. 2018. VoltageIDS: Low-Level Communication Characteristics for Automotive Intrusion Detection System. IEEE Transactions on Information Forensics and Security (2018).
[14]
Alvise de Faveri Tron, Stefano Longari, Michele Carminati, Mario Polino, and Stefano Zanero. 2022. CANflict: Exploiting Peripheral Conflicts for Data-Link Layer Attacks on Automotive Networks. In ACM SIGSAC Conference on Computer and Communications Security (CCS).
[15]
Josh D Eckhardt, Thomas E Donofrio, and Khaled Serag. 2019. System and method of monitoring data traffic on a MIL-STD-1553 data bus. US Patent 10,467,174.
[16]
Josh D Eckhardt, Thomas E Donofrio, and Khaled Serag. 2020. Multiple security level monitor for monitoring a plurality of MIL-STD-1553 buses with multiple independent levels of security. US Patent 10,685,125.
[17]
Bernd Elend and Tony Adamson. 2017. Cyber security enhancing CAN transceivers. In International CAN Conference.
[18]
International Organization for Standardization (ISO). 2016. Road Vehicles Controller area network (CAN). Part 2: Highspeed medium access unit.
[19]
Mahsa Foruhandeh, Yanmao Man, Ryan M. Gerdes, Ming Li, and Thidapat Chantem. 2019. SIMPLE: single-frame based physical layer identification for intrusion detection and prevention on in-vehicle networks. In Annual Computer Security Applications Conference (ACSAC).
[20]
Robert Bosch GmbH. 1991. CAN Specification. (1991).
[21]
Bogdan Groza, Stefan Murvay, Anthony Van Herrewege, and Ingrid Verbauwhede. 2012. Libra-can: a lightweight broadcast authentication protocol for controller area networks. In International Conference on Cryptology and Network Security.
[22]
Bogdan Groza, Lucian Popa, and Pal-Stefan Murvay. 2018. INCANTA - INtrusion Detection in Controller Area Networks with Time-Covert Authentication. In Security and Safety Interplay of Intelligent Software Systems.
[23]
Bogdan Groza, Lucian Popa, and Pal-Stefan Murvay. 2021. CANTO - Covert AutheNtication With Timing Channels Over Optimized Traffic Flows for CAN. IEEE Transactions on Information Forensics and Security (2021).
[24]
Bogdan Groza, Lucian Popa, Pal-Stefan Murvay, Yuval Elovici, and Asaf Shabtai. 2021. CANARY - a reactive defense mechanism for Controller Area Networks based on Active RelaYs. In USENIX Security Symposium.
[25]
Kyusuk Han, André Weimerskirch, and Kang G. Shin. 2015. A practical solution to achieve real-time performance in the automotive network by randomizing frame identifier. In ESCAR Europe.
[26]
Oliver Hartkopp and R Schilling. 2012. Message authenticated CAN (MaCAN). In ESCAR.
[27]
Ahmed Hazem and HA Fahmy. 2012. Lcap-a lightweight can authentication protocol for securing in-vehicle networks. In EASCAR.
[28]
Magnus-Maria Hell. 2015. The physical layer in the CAN FD world-The update. In International CAN Conference.
[29]
Abdulmalik Humayed, Fengjun Li, Jingqiang Lin, and Bo Luo. 2020. CANSentry: Securing CAN-Based Cyber-Physical Systems against Denial and Spoofing Attacks. In European Symposium on Research in Computer Security (ESORICS).
[30]
Sungwoo Kim, Gisu Yeo, Taegyu Kim, Junghwan "John" Rhee, Yuseok Jeon, Antonio Bianchi, Dongyan Xu, and Dave (Jing) Tian. 2022. ShadowAuth: Backward-Compatible Automatic CAN Authentication for Legacy ECUs. In ACM ASIA Conference on Computer and Communications Security.
[31]
Marcel Kneib and Christopher Huth. 2018. Scission: Signal Characteristic-Based Sender Identification and Intrusion Detection in Automotive Networks. In ACM SIGSAC Conference on Computer and Communications Security (CCS).
[32]
Marcel Kneib, Oleg Schell, and Christopher Huth. 2020. EASI: Edge-Based Sender Identification on Resource-Constrained Platforms for Automotive Networks. In Network and Distributed System Security Symposium (NDSS).
[33]
Karl Koscher, Alexei Czeskis, Franziska Roesner, Shwetak Patel, Tadayoshi Kohno, Stephen Checkoway, Damon McCoy, Brian Kantor, Danny Anderson, Hovav Shacham, et al. 2010. Experimental security analysis of a modern automobile. In IEEE Symposium on Security and Privacy (S&P).
[34]
Sekar Kulandaivel, Shalabh Jain, Jorge Guajardo, and Vyas Sekar. 2021. CANNON: Reliable and Stealthy Remote Shutdown Attacks via Unaltered Automotive Microcontrollers. In IEEE Symposium on Security and Privacy (S&P).
[35]
Ryo Kurachi, Yutaka Matsubara, Hiroaki Takada, Naoki Adachi, Yukihiro Miyashita, and Satoshi Horihata. 2014. CaCAN-centralized authentication system in CAN (controller area network). In ESCAR.
[36]
Hansang Lim, Gyunha Kim, Seungsu Kim, and Dongok Kim. 2019. Quantitative analysis of ringing in a controller area network with flexible data rate for reliable physical layer designs. IEEE Transactions on Vehicular Technology (2019).
[37]
Stefano Longari, Matteo Penco, Michele Carminati, and Stefano Zanero. 2019. CopyCAN: An Error-Handling Protocol based Intrusion Detection System for Controller Area Network. In ACM Workshop on Cyber-Physical Systems Security & Privacy.
[38]
Stefano Longari, Carlo Alberto Pozzoli, Alessandro Nichelini, Michele Carminati, and Stefano Zanero. 2023. Candito: improving payload-based detection of attacks on controller area networks. In International Symposium on Cyber Security, Cryptology, and Machine Learning.
[39]
Charlie. Miller and Chris. Valasek. 2013. Adventures in automotive networks and control units. Def Con (2013).
[40]
Charlie Miller and Chris Valasek. 2015. Remote exploitation of an unaltered passenger vehicle. Black Hat USA (2015).
[41]
Abdullah Zubair Mohammed, Yanmao Man, Ryan Gerdes, Ming Li, and Z Berkay Celik. 2022. Physical layer data manipulation attacks on the can bus. In Workshop on Automotive and Autonomous Vehicle Security (AutoSec).
[42]
Igor Mohor. 2017. CAN Protocol Controller. https://opencores.org/projects/can.
[43]
Pal-Stefan Murvay and Bogdan Groza. 2017. DoS Attacks on Controller Area Networks by Fault Injections from the Software Layer. In International Conference on Availability, Reliability and Security (ARES).
[44]
Pal-Stefan Murvay and Bogdan Groza. 2020. TIDAL-CAN: Differential Timing Based Intrusion Detection and Localization for Controller Area Network. IEEE Access (2020).
[45]
Sen Nie, Ling Liu, and Yuefeng Du. 2017. Free-fall: Hacking tesla from wireless to can bus. Black Hat USA (2017).
[46]
Sen Nie, Ling Liu, Yuefeng Du, and Wenkai Zhang. 2018. Over-the-air: How we remotely compromised the gateway, BCM, and autopilot ECUs of Tesla cars. Black Hat USA (2018).
[47]
Shuji Ohira, Araya Kibrom Desta, Ismail Arai, and Kazutoshi Fujikawa. 2021. PLI-TDC: Super fine delay-time based physical-layer identification with time-to-digital converter for in-vehicle networks. In ACM Asia Conference on Computer and Communications Security.
[48]
Andrea Palanca, Eric Evenchick, Federico Maggi, and Stefano Zanero. 2017. A Stealth, Selective, Link-Layer Denial-of-Service Attack Against Automotive Networks. In Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA).
[49]
Mert D Pesé, Jay W Schauer, Junhui Li, and Kang G. Shin. 2021. S2-CAN: Sufficiently Secure Controller Area Network. In Annual Computer Security Applications Conference (ACSAC).
[50]
Andreea-Ina Radu and Flavio D Garcia. 2016. LeiA: A lightweight authentication protocol for CAN. In European Symposium on Research in Computer Security (ESORICS).
[51]
Stuart Robb and East Kilbride. 1999. CAN bit timing requirements. Motorola Semiconductor Application Note, AN1798 (1999).
[52]
Marc Roeschlin, Giovanni Camurati, Pascal Brunner, Mridula Singh, and Srdjan Capkun. 2023. EdgeTDC: On the Security of Time Difference of Arrival Measurements in CAN Bus Systems. In Network and Distributed System Security Symposium (NDSS).
[53]
Matthew Rogers, Phillip Weigand, Jassim Happa, and Kasper Rasmussen. 2023. Detecting CAN Attacks on J1939 and NMEA 2000 Networks. IEEE Transactions on Dependable and Secure Computing (2023).
[54]
Sang Uk Sagong, Xuhang Ying, Andrew Clark, Linda Bushnell, and Radha Poovendran. 2018. Cloaking the clock: Emulating clock skew in controller area networks. In ACM/IEEE International Conference on Cyber-Physical Systems (ICCPS).
[55]
Oleg Schell and Marcel Kneib. 2023. SPARTA: Signal Propagation-based Attack Recognition and Threat Avoidance for Automotive Networks. In ACM Asia Conference on Computer and Communications Security.
[56]
Oleg Schell, Claudio Oechsler, and Marcel Kneib. 2022. Asymmetric Symbol and Skew Sender Identification for Automotive Networks. IEEE Transactions on Information Forensics and Security (2022).
[57]
Khaled Serag, Rohit Bhatia, Akram Faqih, Muslum Ozgur Ozmen, Vireshwar Kumar, Z. Berkay Celik, and Dongyan Xu. 2023. ZBCAN: A Zero-Byte CAN Defense System. In USENIX Security Symposium.
[58]
Khaled Serag, Rohit Bhatia, Vireshwar Kumar, Z. Berkay Celik, and Dongyan Xu. 2021. Exposing New Vulnerabilities of Error Handling Mechanism in CAN. In USENIX Security Symposium.
[59]
Khaled Serag, Vireshwar Kumar, Z Berkay Celik, Rohit Bhatia, Mathias Payer, and Dongyan Xu. 2022. Attacks on can error handling mechanism. In Workshop on Automotive and Autonomous Vehicle Security (AutoSec).
[60]
Jiwoo Shin, Hyunghoon Kim, Seyoung Lee, Wonsuk Choi, Dong Hoon Lee, and Hyo Jin Jo. 2023. RIDAS: Real-time identification of attack sources on controller area networks. In USENIX Security Symposium.
[61]
Hyun Min Song, Ha Rang Kim, and Huy Kang Kim. 2016. Intrusion detection system based on the analysis of time intervals of CAN messages for in-vehicle network. In International Conference on Information Networking (ICOIN).
[62]
Ken Tindell. 2020. CAN Bus Security: Attacks on CAN bus and their mitigations. Technical Report. Canis Automotive Labs.
[63]
Ken Tindell. 2020. CANHack. https://github.com/kentindell/canhack.
[64]
Ken Tindell. 2020. Three new CAN protocol hacks. https://kentindell.github.io/2020/01/20/new-can-hacks/.
[65]
Ken Tindell. 2022. Running high speed signals through CAN bus wiring. https://kentindell.github.io/2022/11/15/canbus-wiring/.
[66]
Anthony Van Herrewege, Dave Singelee, and Ingrid Verbauwhede. 2011. CANAuth-a simple, backward compatible broadcast authentication protocol for CAN bus. In ECRYPT Workshop on Lightweight Cryptography.
[67]
Armin Wasicek, Mert D Pesé, André Weimerskirch, Yelizaveta Burakova, and Karan Singh. 2017. Context-aware intrusion detection in automotive control systems. In ESCAR USA.
[68]
Haohuang Wen, Qi Alfred Chen, and Zhiqiang Lin. 2020. Plug-N-Pwned: Comprehensive Vulnerability Analysis of OBD-II Dongles as A New Over-the-Air Attack Surface in Automotive IoT. In USENIX Security Symposium.
[69]
Marko Wolf, André Weimerskirch, and Christof Paar. 2004. Security in automotive bus systems. In Workshop on Embedded Security in Cars.
[70]
Samuel Woo, Daesung Moon, Taek-Young Youn, Yousik Lee, and Yongeun Kim. 2019. CAN ID shuffling technique (CIST): Moving target defense strategy for protecting in-vehicle CAN. IEEE Access (2019).
[71]
Xuhang Ying, Giuseppe Bernieri, Mauro Conti, and Radha Poovendran. 2019. TACAN: Transmitter authentication through covert channels in controller area networks. In ACM/IEEE International Conference on Cyber-Physical Systems (ICCPS).
[72]
Clinton Young, Habeeb Olufowobi, Gedare Bloom, and Joseph Zambreno. 2019. Automotive intrusion detection based on constant can message frequencies across vehicle driving modes. In ACM Workshop on Automotive Cybersecurity.
[73]
Li Yue, Zheming Li, Tingting Yin, and Chao Zhang. 2021. Cancloak: Deceiving two ecus with one frame. In Workshop on Automotive and Autonomous Vehicle Security (AutoSec).
[74]
Jia Zhou, Prachi Joshi, Haibo Zeng, and Renfa Li. 2019. Btmonitor: Bit-time-based intrusion detection and attacker identification in controller area network. ACM Transactions on Embedded Computing Systems (TECS) (2019).
Index Terms
- ERACAN: Defending Against an Emerging CAN Threat Model
Recommendations
CANflict: Exploiting Peripheral Conflicts for Data-Link Layer Attacks on Automotive Networks
CCS '22: Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications SecurityCurrent research in the automotive domain has proven the limitations of the Controller Area Network (CAN) protocol from a security standpoint. Application-layer attacks, which involve the creation of malicious packets, are deemed feasible from remote ...
CAN Bus Intrusion Detection Based on Auxiliary Classifier GAN and Out-of-distribution Detection
The Controller Area Network (CAN) is a ubiquitous bus protocol present in the Electrical/Electronic (E/E) systems of almost all vehicles. It is vulnerable to a range of attacks once the attacker gains access to the bus through the vehicle’s attack ...
BTMonitor: Bit-time-based Intrusion Detection and Attacker Identification in Controller Area Network
With the rapid growth of connectivity and autonomy for today’s automobiles, their security vulnerabilities are becoming one of the most urgent concerns in the automotive industry. The lack of message authentication in Controller Area Network (CAN), ...
Comments
Information & Contributors
Information
Published In
December 2024
5188 pages
ISBN:9798400706363
DOI:10.1145/3658644
- General Chairs:
- Bo Luo,
- Xiaojing Liao,
- Jun Xu,
- Program Chairs:
- Engin Kirda,
- David Lie
Copyright © 2024 Owner/Author.
This work is licensed under a Creative Commons Attribution-NonCommercial International 4.0 License.
Sponsors
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 09 December 2024
Check for updates
Author Tags
Qualifiers
- Research-article
Funding Sources
Conference
CCS '24
Sponsor:
CCS '24: ACM SIGSAC Conference on Computer and Communications Security
October 14 - 18, 2024
UT, Salt Lake City, USA
Acceptance Rates
Overall Acceptance Rate 1,261 of 6,999 submissions, 18%
Upcoming Conference
CCS '25
- Sponsor:
- sigsac
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 509Total Downloads
- Downloads (Last 12 months)509
- Downloads (Last 6 weeks)186
Reflects downloads up to 22 Feb 2025
Other Metrics
Citations
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in