posted on 2023-11-29, 18:25authored byMarc Roeschlin, Giovanni Camurati, Pascal Brunner, Singh Mridula, Capkun Srdjan
A Controller Area Network (CAN bus) is a message- based protocol for intra-vehicle communication designed mainly with robustness and safety in mind. In real-world deployments, CAN bus does not offer common security features such as message authentication. Due to the fact that automotive suppliers need to guarantee interoperability, most manufacturers rely on a decade- old standard (ISO 11898) and changing the format by introducing MACs is impractical. Research has therefore suggested to address this lack of authentication with CAN bus Intrusion Detection Systems (IDSs) that augment the bus with separate modules. IDSs attribute messages to the respective sender by measuring physical- layer features of the transmitted frame. Those features are based on timings, voltage levels, transients—and, as of recently, Time Difference of Arrival (TDoA) measurements. In this work, we show that TDoA-based approaches presented in prior art are vulnerable to novel spoofing and poisoning attacks. We describe how those proposals can be fixed and present our own method called EdgeTDC. Unlike existing methods, EdgeTDC does not rely on Analog-to-digital converters (ADCs) with high sampling rate and high dynamic range to capture the signals at sample level granularity. Our method uses time-to-digital converters (TDCs) to detect the edges and measure their timings. Despite being inexpensive to implement, TDCs offer low latency, high location precision and the ability to measure every single edge (rising and falling) in a frame. Measuring each edge makes analog sampling redundant and allows the calculation of statistics that can even detect tampering with parts of a message. Through extensive experimentation, we show that EdgeTDC can successfully thwart masquerading attacks in the CAN system of modern vehicles.
History
Preferred Citation
Marc Roeschlin, Giovanni Camurati, Pascal Brunner, Singh Mridula and Capkun Srdjan. EdgeTDC: On the Security of Time Difference of Arrival Measurements in CAN Bus Systems. In: Network and Distributed System Security Symposium (NDSS). 2023.
Primary Research Area
Secure Connected and Mobile Systems
Name of Conference
Network and Distributed System Security Symposium (NDSS)
Legacy Posted Date
2023-03-09
Open Access Type
Green
BibTeX
@inproceedings{cispa_all_3906,
title = "EdgeTDC: On the Security of Time Difference of Arrival Measurements in CAN Bus Systems",
author = "Roeschlin, Marc and Camurati, Giovanni and Brunner, Pascal and Mridula, Singh and Srdjan, Capkun",
booktitle="{Network and Distributed System Security Symposium (NDSS)}",
year="2023",
}