TY - GEN
T1 - ShadowAuth
T2 - 17th ACM ASIA Conference on Computer and Communications Security 2022, ASIA CCS 2022
AU - Kim, Sungwoo
AU - Yeo, Gisu
AU - Kim, Taegyu
AU - Rhee, Junghwan "John"
AU - Jeon, Yuseok
AU - Bianchi, Antonio
AU - Xu, Dongyan
AU - Tian, Dave Jing
N1 - Funding Information:
We thank the anonymous reviewers and Dr. Haehyun Cho for their valuable comments and suggestions. We also thank the open-source contributors and maintainers for their technical help. This project was supported in part by Office of Naval Research (ONR) under Grant N00014-18-1-2674 and N00014-20-1-2128, National Science Foundation (NSF) under Award Number CNS-2145744, and Defense Advanced Research Projects Agency (DARPA) under contract number N6600120C4031. This project was also supported by Basic Science Research Program through the National Research Foundation of Korea (NRF) funded by the Ministry of Education (2021R1F1A1049822). The U.S. Government is authorized to reproduce and distribute reprints for Governmental purposes notwithstanding any copyright notation thereon. The views and conclusions contained herein are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements, either expressed or implied, of DARPA or the U.S. Government. Any opinions, findings, and conclusions in this paper are those of the authors and do not necessarily reflect the views of our sponsors.
Publisher Copyright:
© 2022 Owner/Author.
PY - 2022/5/30
Y1 - 2022/5/30
N2 - Controller Area Network (CAN) is the de-facto standard in-vehicle network system. Despite its wide adoption by automobile manufacturers, the lack of security design makes it vulnerable to attacks. For instance, broadcasting packets without authentication allows the impersonation of electronic control units (ECUs). Prior mitigations, such as message authentication or intrusion detection systems, fail to address the compatibility requirement with legacy ECUs, stealthy and sporadic malicious messaging, or guaranteed attack detection. We propose a novel authentication system called ShadowAuth that overcomes the aforementioned challenges by offering backwardcompatible packet authentication to ECUs without requiring ECU firmware source code. Specifically, our authentication scheme provides transparent CAN packet authentication without modifying existing CAN packet definitions (e.g., J1939) via automatic ECU firmware instrumentation technique to locate CAN packet transmission code, and instrument authentication code based on the CAN packet behavioral transmission patterns. ShadowAuth enables vehicles to detect state-of-the-art CAN attacks, such as busoff and packet injection, responsively within 60ms without false positives. ShadowAuth provides a sound and deployable solution for real-world ECUs.
AB - Controller Area Network (CAN) is the de-facto standard in-vehicle network system. Despite its wide adoption by automobile manufacturers, the lack of security design makes it vulnerable to attacks. For instance, broadcasting packets without authentication allows the impersonation of electronic control units (ECUs). Prior mitigations, such as message authentication or intrusion detection systems, fail to address the compatibility requirement with legacy ECUs, stealthy and sporadic malicious messaging, or guaranteed attack detection. We propose a novel authentication system called ShadowAuth that overcomes the aforementioned challenges by offering backwardcompatible packet authentication to ECUs without requiring ECU firmware source code. Specifically, our authentication scheme provides transparent CAN packet authentication without modifying existing CAN packet definitions (e.g., J1939) via automatic ECU firmware instrumentation technique to locate CAN packet transmission code, and instrument authentication code based on the CAN packet behavioral transmission patterns. ShadowAuth enables vehicles to detect state-of-the-art CAN attacks, such as busoff and packet injection, responsively within 60ms without false positives. ShadowAuth provides a sound and deployable solution for real-world ECUs.
UR - http://www.scopus.com/inward/record.url?scp=85133173982&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85133173982&partnerID=8YFLogxK
U2 - 10.1145/3488932.3523263
DO - 10.1145/3488932.3523263
M3 - Conference contribution
AN - SCOPUS:85133173982
T3 - ASIA CCS 2022 - Proceedings of the 2022 ACM Asia Conference on Computer and Communications Security
SP - 534
EP - 545
BT - ASIA CCS 2022 - Proceedings of the 2022 ACM Asia Conference on Computer and Communications Security
PB - Association for Computing Machinery, Inc
Y2 - 30 May 2022 through 3 June 2022
ER -