Abstract
Researchers have responded to various cyber attacks on controller area network (CAN) by studying technologies for identifying the source of an attack. However, existing attack source identification technologies have shown significantly lower accuracy depending on changes in the vehicle environment (temperature, humidity, battery level, etc.), or have proven to be circumvented by identification-aware attackers, or do not provide real-time identification. A real-time attack node identification technology that cannot be bypassed by an attacker while not being affected by changes in the vehicle environment is essential for cyber attack response technologies such as node isolation, security patch, digital forensics, etc. To meet this need, we propose a novel real-time attack node identification method, called RIDAS, which can identify the attack source by using the error handling rule of CAN. RIDAS injects bit errors into the abnormal messages that have been detected by an existing intrusion detection system (IDS). The source that sent the abnormal message become the error passive state defined in CAN in which it cannot send consecutive messages. RIDAS then sequentially inspects all electronic control units (ECU) and identifies the node in the error passive state by checking the priority reduction phenomenon that occurs in that state. Moreover, RIDAS address two challenging issues, identification robustness and identification errors. Our experimental results, conducted on both a CAN bus prototype and one real vehicle, have demonstrated that RIDAS can accurately identify an attack source while remaining unaffected by changes in the vehicle’s environment. Additionally, RIDAS is able to deal with RIDAS-aware attackers.
Original language | English |
---|---|
Title of host publication | 32nd USENIX Security Symposium, USENIX Security 2023 |
Publisher | USENIX Association |
Pages | 6911-6928 |
Number of pages | 18 |
ISBN (Electronic) | 9781713879497 |
Publication status | Published - 2023 |
Event | 32nd USENIX Security Symposium, USENIX Security 2023 - Anaheim, United States Duration: 2023 Aug 9 → 2023 Aug 11 |
Publication series
Name | 32nd USENIX Security Symposium, USENIX Security 2023 |
---|---|
Volume | 10 |
Conference
Conference | 32nd USENIX Security Symposium, USENIX Security 2023 |
---|---|
Country/Territory | United States |
City | Anaheim |
Period | 23/8/9 → 23/8/11 |
Bibliographical note
Publisher Copyright:© 32nd USENIX Security Symposium, USENIX Security 2023. All rights reserved
ASJC Scopus subject areas
- Computer Networks and Communications
- Information Systems
- Safety, Risk, Reliability and Quality