Concealing CAN Message Sequences to Prevent Schedule-based Bus-off Attacks
This work focuses on eliminating timing-side channels in real-time safety-critical cyber-physical network protocols like Controller Area Networks (CAN). Automotive Electronic Control Units (ECUs) implement predictable scheduling decisions based on task level response time estimation. Such levels of...
Saved in:
Main Authors | , , , , , |
---|---|
Format | Journal Article |
Language | English |
Published |
15.06.2023
|
Subjects | |
Online Access | Get full text |
Cover
Loading…
Summary: | This work focuses on eliminating timing-side channels in real-time
safety-critical cyber-physical network protocols like Controller Area Networks
(CAN). Automotive Electronic Control Units (ECUs) implement predictable
scheduling decisions based on task level response time estimation. Such levels
of determinism exposes timing information about task executions and therefore
corresponding message transmissions via the network buses (that connect the
ECUs and actuators). With proper analysis, such timing side channels can be
utilized to launch several schedule-based attacks that can lead to eventual
denial-of-service or man-in-the-middle-type attacks. To eliminate this
determinism, we propose a novel schedule obfuscation strategy by skipping
certain control task executions and related data transmissions along with
random shifting of the victim task instance. While doing this, our strategy
contemplates the performance of the control task as well by bounding the number
of control execution skips. We analytically demonstrate how the attack success
probability (ASP) is reduced under this proposed attack-aware skipping and
randomization. We also demonstrate the efficacy and real-time applicability of
our attack-aware schedule obfuscation strategy Hide-n-Seek by applying it to
synthesized automotive task sets in a real-time Hardware-in-loop (HIL) setup. |
---|---|
DOI: | 10.48550/arxiv.2306.09206 |