In recent years, the security of automotive Cyber-Physical Systems (CPSs) is facing urgent threats due to the widespread use of legacy in-vehicle communication systems. As a representative legacy bus system, the Controller Area Network (CAN) hosts Electronic Control Units (ECUs) that are crucial vehicle functioning. In this scenario, malicious actors can exploit CAN vulnerabilities, such as the lack of built-in authentication and encryption schemes, to launch CAN bus attacks with life-threatening consequences (e.g., disabling brakes). In this paper, we present TACAN (Transmitter Authentication in CAN), which provides secure authentication of ECUs on the legacy CAN bus by exploiting the covert channels, without introducing CAN protocol modifications or traffic overheads. TACAN turns upside-down the originally malicious concept of covert channels and exploits it to build an effective defensive technique that facilitates transmitter authentication via a centralized, trusted Monitor Node. TACAN consists of three different covert channels for ECU authentication: 1) the Inter-Arrival Time (IAT)-based; 2) the Least Significant Bit (LSB)-based; and 3) a hybrid covert channel, exploiting the combination of the first two. In order to validate TACAN, we implement the covert channels on the University of Washington (UW) EcoCAR (Chevrolet Camaro 2016) testbed. We further evaluate the bit error, throughput, and detection performance of TACAN through extensive experiments using the EcoCAR testbed and a publicly available dataset collected from Toyota Camry 2010. We demonstrate the feasibility of TACAN and the effectiveness of detecting CAN bus attacks, highlighting no traffic overheads and attesting the regular functionality of ECUs.
翻译:近年来,汽车网络物理系统(CCDS)的安全因车辆通信系统遗留下来的遗留信息系统的广泛使用而面临紧迫的威胁。作为一个具有代表性的遗留公车系统,主计长地区网络(CAN)拥有具有关键车辆运行功能的电子控制股(ECU),在这种情形下,恶意行为者可以利用CAN的脆弱性,如缺乏内在认证和加密计划,启动CAN公共汽车袭击,造成危及生命的后果(如失能刹车)。在本文中,我们介绍TACAN(CAN的透明认证),它通过利用隐蔽渠道,对遗留下来的ECU进行安全认证。TAN(CAN)是CARCR(CAN)的认证。TARCR(CAN)将最初的恶意秘密渠道概念反倒转,利用它建立有效的防御技术,便利通过集中和信任的Monitor Node进行发射认证。TACAN(CAN)由三个不同的秘密渠道组成:1)基于CARC(I)的大规模CARCLA(I)(以我们BI为基地的SB(LSB)和BA(CA-A-A-CA-CAR)通过BEN的常规测试系统运行,通过BLA(CAR)对CA的运行的运行数据进行。