Mitigating Vulnerabilities of Voltage-based Intrusion Detection Systems in Controller Area Networks
This addresses security risks in automotive networks for vehicle manufacturers and safety-critical systems, but is incremental as it builds on existing VIDS approaches.
The paper identified new vulnerabilities in voltage-based intrusion detection systems (VIDS) for Controller Area Networks, showing that compromised VIDS can allow attacks like ECU damage and message blocking, and proposed two hardware-based intrusion response systems (IRSs) that effectively defend against these attacks by disconnecting compromised ECUs.
Data for controlling a vehicle is exchanged among Electronic Control Units (ECUs) via in-vehicle network protocols such as the Controller Area Network (CAN) protocol. Since these protocols are designed for an isolated network, the protocols do not encrypt data nor authenticate messages. Intrusion Detection Systems (IDSs) are developed to secure the CAN protocol by detecting abnormal deviations in physical properties. For instance, a voltage-based IDS (VIDS) exploits voltage characteristics of each ECU to detect an intrusion. An ECU with VIDS must be connected to the CAN bus using extra wires to measure voltages of the CAN bus lines. These extra wires, however, may introduce new attack surfaces to the CAN bus if the ECU with VIDS is compromised. We investigate new vulnerabilities of VIDS and demonstrate that an adversary may damage an ECU with VIDS, block message transmission, and force an ECU to retransmit messages. In order to defend the CAN bus against these attacks, we propose two hardware-based Intrusion Response Systems (IRSs) that disconnect the compromised ECU from the CAN bus once these attacks are detected. We develop four voltage-based attacks by exploiting vulnerabilities of VIDS and evaluate the effectiveness of the proposed IRSs using a CAN bus testbed.