Efficient In-Vehicle Delayed Data Authentication Based on Compound Message Authentication Codes
24 Oct 2008-pp 1-5
TL;DR: This paper proposes an efficient delayed data authentication using compound message authentication codes, calculated on a compound of successive messages and sent together with the subsequent messages, resulting in a delayed authentication.
Abstract: Modern vehicles contain an in-vehicle network consisting of a number of electronic control units (ECUs). These ECUs are responsible for most of the functionality in the vehicle, including vehicle control and maneuverability. To date, no security features exist in this network since it has been isolated. However, an upcoming trend among automobile manufacturers is to establish a wireless connection to the vehicle to provide remote diagnostics and software updates. As a consequence, the in-vehicle network is exposed to external communication, and a potential entry point for attackers is introduced. Messages sent on the in-vehicle network lack integrity protection and data authentication; thus, the network is vulnerable to injection and modification attacks. Due to the real-time constraints and the limited resources in the ECUs, achieving data authentication is a challenge. In this paper, we propose an efficient delayed data authentication using compound message authentication codes. A message authentication code is calculated on a compound of successive messages and sent together with the subsequent messages, resulting in a delayed authentication. This data authentication could be used to detect and possibly recover from injection and modification attacks in the in-vehicle network.
Citations
More filters
Proceedings Article•
10 Aug 2016TL;DR: An anomaly-based intrusion detection system (IDS), called Clock-based IDS (CIDS), which measures and then exploits the intervals of periodic in-vehicle messages for fingerprinting ECUs and facilitates a rootcause analysis; identifying which ECU mounted the attack.
Abstract: As more software modules and external interfaces are getting added on vehicles, new attacks and vulnerabilities are emerging. Researchers have demonstrated how to compromise in-vehicle Electronic Control Units (ECUs) and control the vehicle maneuver. To counter these vulnerabilities, various types of defense mechanisms have been proposed, but they have not been able to meet the need of strong protection for safety-critical ECUs against in-vehicle network attacks. To mitigate this deficiency, we propose an anomaly-based intrusion detection system (IDS), called Clock-based IDS (CIDS). It measures and then exploits the intervals of periodic in-vehicle messages for fingerprinting ECUs. The thus-derived fingerprints are then used for constructing a baseline of ECUs' clock behaviors with the Recursive Least Squares (RLS) algorithm. Based on this baseline, CIDS uses Cumulative Sum (CUSUM) to detect any abnormal shifts in the identification errors - a clear sign of intrusion. This allows quick identification of in-vehicle network intrusions with a low false-positive rate of 0.055%. Unlike state-of-the-art IDSs, if an attack is detected, CIDS's fingerprinting of ECUs also facilitates a rootcause analysis; identifying which ECU mounted the attack. Our experiments on a CAN bus prototype and on real vehicles have shown CIDS to be able to detect a wide range of in-vehicle network attacks.
412 citations
TL;DR: It is shown that a long-range wireless attack is physically possible using a real vehicle and malicious smartphone application in a connected car environment and a security protocol for CAN is proposed as a countermeasure designed in accordance with current CAN specifications.
Abstract: Vehicle-IT convergence technology is a rapidly rising paradigm of modern vehicles, in which an electronic control unit (ECU) is used to control the vehicle electrical systems, and the controller area network (CAN), an in-vehicle network, is commonly used to construct an efficient network of ECUs. Unfortunately, security issues have not been treated properly in CAN, although CAN control messages could be life-critical. With the appearance of the connected car environment, in-vehicle networks (e.g., CAN) are now connected to external networks (e.g., 3G/4G mobile networks), enabling an adversary to perform a long-range wireless attack using CAN vulnerabilities. In this paper we show that a long-range wireless attack is physically possible using a real vehicle and malicious smartphone application in a connected car environment. We also propose a security protocol for CAN as a countermeasure designed in accordance with current CAN specifications. We evaluate the feasibility of the proposed security protocol using CANoe software and a DSP-F28335 microcontroller. Our results show that the proposed security protocol is more efficient than existing security protocols with respect to authentication delay and communication load.
370 citations
Cites background from "Efficient In-Vehicle Delayed Data A..."
...For example, when data are broadcast using the BUS network, CAN does not ensure the confidentiality and authentication of the CAN data frame, paving the way for a malicious adversary to easily eavesdrop on data or launch a replay attack [7], [8]....
[...]
05 Jun 2011
TL;DR: This paper briefly survey the research with respect to the security of the connected car, and in particular its in-vehicle network, and concludes that even though quite some effort has already been expended in the area, most of it has been directed towards problem definition and not so much towards security solutions.
Abstract: In this paper, we briefly survey the research with respect to the security of the connected car, and in particular its in-vehicle network. The aim is to highlight the current state of the research; which are the problems found, and what solutions have been suggested. We have structured our investigation by categorizing the research into the following five categories: problems in the in-vehicle network, architectural security features, intrusion detection systems, honeypots, and threats and attacks. We conclude that even though quite some effort has already been expended in the area, most of it has been directed towards problem definition and not so much towards security solutions. We also highlight a few areas that we believe are of immediate concern.
216 citations
24 Oct 2016
TL;DR: A new type of Denial-of-Service (DoS) is proposed, called the bus-off attack, which exploits the error-handling scheme of in-vehicle networks to disconnect or shut down good/uncompromised ECUs.
Abstract: Contemporary vehicles are getting equipped with an increasing number of Electronic Control Units (ECUs) and wireless connectivities. Although these have enhanced vehicle safety and efficiency, they are accompanied with new vulnerabilities. In this paper, we unveil a new important vulnerability applicable to several in-vehicle networks including Control Area Network (CAN), the de facto standard in-vehicle network protocol. Specifically, we propose a new type of Denial-of-Service (DoS), called the bus-off attack, which exploits the error-handling scheme of in-vehicle networks to disconnect or shut down good/uncompromised ECUs. This is an important attack that must be thwarted, since the attack, once an ECU is compromised, is easy to be mounted on safety-critical ECUs while its prevention is very difficult. In addition to the discovery of this new vulnerability, we analyze its feasibility using actual in-vehicle network traffic, and demonstrate the attack on a CAN bus prototype as well as on two real vehicles. Based on our analysis and experimental results, we also propose and evaluate a mechanism to detect and prevent the bus-off attack.
197 citations
Cites background from "Efficient In-Vehicle Delayed Data A..."
...Similarly, the authors of [17] proposed to use multiple CRC fields for including a 64-bit MAC....
[...]
...To detect and prevent vehicle cyber attacks, various types of security solutions, such as Message Authentication Code (MAC) and Intrusion Detection Systems (IDSs) for in-vehicle networks — akin to those in the Internet security — have been proposed [8, 14, 17, 21]....
[...]
TL;DR: An IVN environment is introduced, and the constraints and characteristics of an intrusion detection system (IDS) design for IVNs are presented, and a survey of the proposed IDS designs for the IVNs is conducted.
Abstract: The development of the complexity and connectivity of modern automobiles has caused a massive rise in the security risks of in-vehicle networks (IVNs). Nevertheless, existing IVN designs (e.g., controller area network) lack cybersecurity consideration. Intrusion detection, an effective method for defending against cyberattacks on IVNs while providing functional safety and real-time communication guarantees, aims to address this issue. Therefore, the necessity of its research has risen. In this paper, an IVN environment is introduced, and the constraints and characteristics of an intrusion detection system (IDS) design for IVNs are presented. A survey of the proposed IDS designs for the IVNs is conducted, and the corresponding drawbacks are highlighted. Various optimization objectives are considered and comprehensively compared. Lastly, the trend, open issues, and emerging research directions are described.
187 citations
Cites background from "Efficient In-Vehicle Delayed Data A..."
...The following categorizes have been proposed as countermeasures that provide IVN protection against various types of malicious attacks [12]–[14]: (1) ensuring the confidentiality and integrity of IVN message frames through encryption and authentication technologies [15]–[17], (2) separating potential attacking interfaces from IVNs (firewall policy) [18]–[20], and (3) developing intrusion detection systems (IDSs) for IVNs (IVN IDSs)....
[...]
References
More filters
TL;DR: Analysis of the paradigm problem demonstrates that allowing a small number of test messages to be falsely identified as members of the given set will permit a much smaller hash area to be used without increasing reject time.
Abstract: In this paper trade-offs among certain computational factors in hash coding are analyzed. The paradigm problem considered is that of testing a series of messages one-by-one for membership in a given set of messages. Two new hash-coding methods are examined and compared with a particular conventional hash-coding method. The computational factors considered are the size of the hash area (space), the time required to identify a message as a nonmember of the given set (reject time), and an allowable error frequency.The new methods are intended to reduce the amount of space required to contain the hash-coded information from that associated with conventional methods. The reduction in space is accomplished by exploiting the possibility that a small fraction of errors of commission may be tolerable in some applications, in particular, applications in which a large amount of data is involved and a core resident hash area is consequently not feasible using conventional methods.In such applications, it is envisaged that overall performance could be improved by using a smaller core resident hash area in conjunction with the new methods and, when necessary, by using some secondary and perhaps time-consuming test to “catch” the small fraction of errors associated with the new methods. An example is discussed which illustrates possible areas of application for the new methods.Analysis of the paradigm problem demonstrates that allowing a small number of test messages to be falsely identified as members of the given set will permit a much smaller hash area to be used without increasing reject time.
7,390 citations
"Efficient In-Vehicle Delayed Data A..." refers background in this paper
...An initial approach to identifying which frame was bad in the compound MAC verification is to create a bloom filter [24, 25] of the compounded messages....
[...]
Journal Article•
TL;DR: This chapter identifies the vulnerabilities associated with the operational paradigms currently employed by Wireless Sensor Networks and a framework for implementing security in WSNs, which identifies the security measures necessary to mitigate the identified vulnerabilities.
Abstract: This chapter identifies the vulnerabilities associated with the operational paradigms currently employed by Wireless Sensor Networks. A survey of current WSN security research is presented. The security issues of Mobile Ad-Hoc Networks and infrastructure supported wireless networks are briefly compared and contrasted to the security concerns of Wireless Sensor Networks. A framework for implementing security in WSNs, which identifies the security measures necessary to mitigate the identified vulnerabilities is defined.
2,939 citations
"Efficient In-Vehicle Delayed Data A..." refers methods in this paper
...[10] present a solution using delayed key release for authenticated broadcasting in μTesla, a broadcasting...
[...]
16 Jul 2001
TL;DR: A suite of security building blocks optimized for resource-constrained environments and wireless communication, and shows that they are practical even on minimal hardware: the performance of the protocol suite easily matches the data rate of the network.
Abstract: As sensor networks edge closer towards wide-spread deployment, security issues become a central concern. So far, much research has focused on making sensor networks feasible and useful, and has not concentrated on security.We present a suite of security building blocks optimized for resource-constrained environments and wireless communication. SPINS has two secure building blocks: SNEP and mTESLA SNEP provides the following important baseline security primitives: Data confidentiality, two-party data authentication, and data freshness. A particularly hard problem is to provide efficient broadcast authentication, which is an important mechanism for sensor networks. mTESLA is a new protocol which provides authenticated broadcast for severely resource-constrained environments. We implemented the above protocols, and show that they are practical even on minimal hardware: the performance of the protocol suite easily matches the data rate of our network. Additionally, we demonstrate that the suite can be used for building higher level protocols.
2,703 citations
03 Nov 2004
TL;DR: TinySec is introduced, the first fully-implemented link layer security architecture for wireless sensor networks, and results on a 36 node distributed sensor network application clearly demonstrate that software based link layer protocols are feasible and efficient, adding less than 10% energy, latency, and bandwidth overhead.
Abstract: We introduce TinySec, the first fully-implemented link layer security architecture for wireless sensor networks. In our design, we leverage recent lessons learned from design vulnerabilities in security protocols for other wireless networks such as 802.11b and GSM. Conventional security protocols tend to be conservative in their security guarantees, typically adding 16--32 bytes of overhead. With small memories, weak processors, limited energy, and 30 byte packets, sensor networks cannot afford this luxury. TinySec addresses these extreme resource constraints with careful design; we explore the tradeoffs among different cryptographic primitives and use the inherent sensor network limitations to our advantage when choosing parameters to find a sweet spot for security, packet overhead, and resource requirements. TinySec is portable to a variety of hardware and radio platforms. Our experimental results on a 36 node distributed sensor network application clearly demonstrate that software based link layer protocols are feasible and efficient, adding less than 10% energy, latency, and bandwidth overhead.
1,751 citations
Additional excerpts
...This approach has been presented in [20, 21] to secure communication in wireless sensor networks....
[...]
19 Oct 1997
TL;DR: This work studies notions and schemes for symmetric (ie. private key) encryption in a concrete security framework and gives four different notions of security against chosen plaintext attack, providing both upper and lower bounds, and obtaining tight relations.
Abstract: We study notions and schemes for symmetric (ie. private key) encryption in a concrete security framework. We give four different notions of security against chosen plaintext attack and analyze the concrete complexity of reductions among them, providing both upper and lower bounds, and obtaining tight relations. In this way we classify notions (even though polynomially reducible to each other) as stronger or weaker in terms of concrete security. Next we provide concrete security analyses of methods to encrypt using a block cipher, including the most popular encryption method, CBC. We establish tight bounds (meaning matching upper bounds and attacks) on the success of adversaries as a function of their resources.
1,089 citations
"Efficient In-Vehicle Delayed Data A..." refers background in this paper
...as long as the underlying encryption algorithm is secure [17, 18]....
[...]