RIDAS: Real-time identification of attack sources on controller area networks

Jiwoo Shin, Hyunghoon Kim, Seyoung Lee, Wonsuk Choi, Dong Hoon Lee, Hyo Jin Jo

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    Abstract

    Researchers have responded to various cyber attacks on controller area network (CAN) by studying technologies for identifying the source of an attack. However, existing attack source identification technologies have shown significantly lower accuracy depending on changes in the vehicle environment (temperature, humidity, battery level, etc.), or have proven to be circumvented by identification-aware attackers, or do not provide real-time identification. A real-time attack node identification technology that cannot be bypassed by an attacker while not being affected by changes in the vehicle environment is essential for cyber attack response technologies such as node isolation, security patch, digital forensics, etc. To meet this need, we propose a novel real-time attack node identification method, called RIDAS, which can identify the attack source by using the error handling rule of CAN. RIDAS injects bit errors into the abnormal messages that have been detected by an existing intrusion detection system (IDS). The source that sent the abnormal message become the error passive state defined in CAN in which it cannot send consecutive messages. RIDAS then sequentially inspects all electronic control units (ECU) and identifies the node in the error passive state by checking the priority reduction phenomenon that occurs in that state. Moreover, RIDAS address two challenging issues, identification robustness and identification errors. Our experimental results, conducted on both a CAN bus prototype and one real vehicle, have demonstrated that RIDAS can accurately identify an attack source while remaining unaffected by changes in the vehicle’s environment. Additionally, RIDAS is able to deal with RIDAS-aware attackers.

    Original languageEnglish
    Title of host publication32nd USENIX Security Symposium, USENIX Security 2023
    PublisherUSENIX Association
    Pages6911-6928
    Number of pages18
    ISBN (Electronic)9781713879497
    Publication statusPublished - 2023
    Event32nd USENIX Security Symposium, USENIX Security 2023 - Anaheim, United States
    Duration: 2023 Aug 92023 Aug 11

    Publication series

    Name32nd USENIX Security Symposium, USENIX Security 2023
    Volume10

    Conference

    Conference32nd USENIX Security Symposium, USENIX Security 2023
    Country/TerritoryUnited States
    CityAnaheim
    Period23/8/923/8/11

    Bibliographical note

    Publisher Copyright:
    © 32nd USENIX Security Symposium, USENIX Security 2023. All rights reserved

    ASJC Scopus subject areas

    • Computer Networks and Communications
    • Information Systems
    • Safety, Risk, Reliability and Quality

    Fingerprint

    Dive into the research topics of 'RIDAS: Real-time identification of attack sources on controller area networks'. Together they form a unique fingerprint.

    Cite this