CISPA
Browse

EdgeTDC: On the Security of Time Difference of Arrival Measurements in CAN Bus Systems

Download (1.41 MB)
conference contribution
posted on 2023-11-29, 18:25 authored by Marc Roeschlin, Giovanni Camurati, Pascal Brunner, Singh Mridula, Capkun Srdjan
A Controller Area Network (CAN bus) is a message- based protocol for intra-vehicle communication designed mainly with robustness and safety in mind. In real-world deployments, CAN bus does not offer common security features such as message authentication. Due to the fact that automotive suppliers need to guarantee interoperability, most manufacturers rely on a decade- old standard (ISO 11898) and changing the format by introducing MACs is impractical. Research has therefore suggested to address this lack of authentication with CAN bus Intrusion Detection Systems (IDSs) that augment the bus with separate modules. IDSs attribute messages to the respective sender by measuring physical- layer features of the transmitted frame. Those features are based on timings, voltage levels, transients—and, as of recently, Time Difference of Arrival (TDoA) measurements. In this work, we show that TDoA-based approaches presented in prior art are vulnerable to novel spoofing and poisoning attacks. We describe how those proposals can be fixed and present our own method called EdgeTDC. Unlike existing methods, EdgeTDC does not rely on Analog-to-digital converters (ADCs) with high sampling rate and high dynamic range to capture the signals at sample level granularity. Our method uses time-to-digital converters (TDCs) to detect the edges and measure their timings. Despite being inexpensive to implement, TDCs offer low latency, high location precision and the ability to measure every single edge (rising and falling) in a frame. Measuring each edge makes analog sampling redundant and allows the calculation of statistics that can even detect tampering with parts of a message. Through extensive experimentation, we show that EdgeTDC can successfully thwart masquerading attacks in the CAN system of modern vehicles.

History

Preferred Citation

Marc Roeschlin, Giovanni Camurati, Pascal Brunner, Singh Mridula and Capkun Srdjan. EdgeTDC: On the Security of Time Difference of Arrival Measurements in CAN Bus Systems. In: Network and Distributed System Security Symposium (NDSS). 2023.

Primary Research Area

  • Secure Connected and Mobile Systems

Name of Conference

Network and Distributed System Security Symposium (NDSS)

Legacy Posted Date

2023-03-09

Open Access Type

  • Green

BibTeX

@inproceedings{cispa_all_3906, title = "EdgeTDC: On the Security of Time Difference of Arrival Measurements in CAN Bus Systems", author = "Roeschlin, Marc and Camurati, Giovanni and Brunner, Pascal and Mridula, Singh and Srdjan, Capkun", booktitle="{Network and Distributed System Security Symposium (NDSS)}", year="2023", }

Usage metrics

    Categories

    No categories selected

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC