Viden: iden: Attac acker er Ident dentif ifica ication ion on - - PowerPoint PPT Presentation

viden iden attac acker er ident dentif ifica ication ion
SMART_READER_LITE
LIVE PREVIEW

Viden: iden: Attac acker er Ident dentif ifica ication ion on - - PowerPoint PPT Presentation

Sep 09, 2023 161 likes •450 views

Viden: iden: Attac acker er Ident dentif ifica ication ion on on In- n- Vehic ehicle le Net Networ orks ks Kyong-Tak Cho and Kang G. Shin 1 Cont ontent ent Mo%va%on CAN Viden Evalua%on Drawback Future Work 2

slide-1
SLIDE 1

Viden: iden: Attac acker er Ident dentif ifica ication ion on

  • n In-

n- Vehic ehicle le Net Networ

  • rks

ks

Kyong-Tak Cho and Kang G. Shin

1

slide-2
SLIDE 2

Cont

  • ntent

ent

Ø Mo%va%on Ø CAN Ø Viden Ø Evalua%on Ø Drawback Ø Future Work

2

slide-3
SLIDE 3

Cont

  • ntent

ent

Ø Mo%va%on Ø CAN Ø Viden Ø Evalua%on Ø Drawback Ø Future Work

3

slide-4
SLIDE 4

Mot

  • tiv

ivation ion

ü Advancements in Automo%ve Technology ü Drawbacks in Present Defense Schemes

4

slide-5
SLIDE 5

Wha hat is is ECU? U?

  • Electronic Control Unit(ECU)
  • Types of ECU’s
  • Threats

5

slide-6
SLIDE 6

What is ECU?

6

slide-7
SLIDE 7

Related Work

  • Clock based Intrusion detec%on system
  • Clock Skews
  • Works only in Periodic message
  • APacker informa%on evaded –a periodic messages
  • Mean square voltage measurements
  • Works only with slow speed (10kbps)
  • Supervised Batch learning Algorithm
  • Not prac%cal

7

slide-8
SLIDE 8

VIDEN: Voltage based attacker IDENtification

  • Voltage measurements output by transmiPer ECU
  • Creates Voltage profiles (Fingerprints) based on voltage instance
  • Adap%ve signal processing( Online learning)
  • Defense mechanism against
  • Naïve adversary
  • Timing-aware adversary
  • Timing-voltage-aware adversary

8

slide-9
SLIDE 9

Content

  • Mo%va%on
  • CAN
  • Viden
  • Evalua%on
  • Drawback
  • Future Work

9

slide-10
SLIDE 10

Controller Area Network Protocol

10

slide-11
SLIDE 11

CAN typical application Schematic

11

slide-12
SLIDE 12

CAN output Voltage

12

slide-13
SLIDE 13

CAN Data Frame

13

slide-14
SLIDE 14

Content

  • Mo%va%on
  • CAN
  • Viden
  • Evalua%on
  • Drawback
  • Future Work

14

slide-15
SLIDE 15

System em and and Thr hrea eat model model

CAN bus considera%on for system model

  • Fingerprin%ng device- IDS, %ming and voltage based
  • ECU aPached only through CAN bus

Threats involved are naïve, %ming-aware and %ming-voltage-aware adversaries

15

slide-16
SLIDE 16

High-Le High-Level el Ov Over erview iew of

  • f Viden

iden

Involves Four Phases

  • Phase 1: Learning ACK Threshold
  • Phase 2: Derives Voltage instances
  • Phase 3: Creates Voltage Profiles
  • Phase 4: Verifica%on

16

slide-17
SLIDE 17

Phas hase e 1: 1: Lear Learning ning ACK K Thr hres eshold hold

  • Measuring dominant voltages
  • Extrac%ng Non-ACK voltages

17

slide-18
SLIDE 18

Phas hase e 2: 2: Der eriv iving ing A Volt

  • ltage

ge Ins nstance ance

18

slide-19
SLIDE 19

Phas hase e 3: 3: Attac acker er Ident dentif ifica ication ion

19

slide-20
SLIDE 20

Phas hase e 4: 4: Ver erif ifica ication ion

20

  • Birthday paradox

ü Voltage profile collision ü Mul%ple ECUs can have same profile ü Narrower set up of ECU to look at

Target impersona%on

ü Further verifica%on required to complement the Phase 1-3

slide-21
SLIDE 21

Content

  • Mo%va%on
  • CAN
  • Viden
  • Evalua%on
  • Drawback
  • Ques%on

21

slide-22
SLIDE 22

Evaluation

  • Against Timing adversary
  • Against Timing and Voltage

adversary

22

slide-23
SLIDE 23

Content

  • Mo%va%on
  • CAN
  • Viden
  • Evalua%on
  • Drawback
  • Ques%on

23

slide-24
SLIDE 24

Drawbacks

  • APack from another network ECU
  • Atleast One Voltage profile
  • No message send from the ECU – Inaccurate

iden%fica%on

  • Voltage profile adjustments

24

slide-25
SLIDE 25

Content

  • Mo%va%on
  • CAN
  • Viden
  • Evalua%on
  • Drawback
  • Ques%on

25

slide-26
SLIDE 26

Question

26

slide-27
SLIDE 27

THANK YOU

27