CANOA: CAN Origin Authentication Through Power Side-Channel Monitoring
This addresses a critical security problem for automotive systems by preventing ECU impersonation attacks, though it is an incremental improvement over existing side-channel methods.
The paper tackles the lack of sender authentication in Controller Area Networks (CAN), which makes them vulnerable to spoofing attacks, by proposing a novel authentication technique using power consumption measurements of ECUs to verify message origins, achieving good accuracy in evaluations across lab and real vehicle setups.
The lack of any sender authentication mechanism in place makes CAN (Controller Area Network) vulnerable to security threats. For instance, an attacker can impersonate an ECU (Electronic Control Unit) on the bus and send spoofed messages unobtrusively with the identifier of the impersonated ECU. To address this problem, we propose a novel sender authentication technique that uses power consumption measurements of the ECU to authenticate the sender of a message. When an ECU is transmitting, its power requirement is affected, and a characteristic pattern appears in its power consumption. Our technique exploits the power consumption of each ECU during the transmission of a message to determine whether the message actually originated from the purported sender. We evaluate our approach in both a lab setup and a real vehicle. We also evaluate our approach against factors that can impact the power consumption measurement of the ECU. The results of the evaluation show that the proposed technique is applicable in a broad range of operating conditions with reasonable computational power requirements and attaining good accuracy.