EARNEST: A challenge-based intrusion prevention system for CAN messages

Abstract

Modern vehicles are computers on wheels connected to the Internet. Thus, they may be vulnerable to local and remote cyber-attacks. This paper proposes a novel Intrusion Prevention System (IPS), named EARNEST aiming at preventing that an attacker sends malicious CAN frames among different partitions of intra-vehicle network. EARNEST stands for challEnge bAsed intRusioN prEvention SysTem. Its main novelty is the usage of a challenge-based mechanism: once an ECU sends a frame from a partition to another, EARNEST challenges it. If the ECU answers correctly, then its frame is forwarded, otherwise, it is discarded. The proposed algorithm is able to address both replay and fuzzing attacks. A proof of concept implementation of the EARNEST algorithm is provided within an evaluation of its performances in a simulated environment.