Security-Aware Obfuscated Priority Assignment for Automotive CAN Platforms

M. Lukasiewycz, Philipp Mundhenk, S. Steinhorst
{"title":"Security-Aware Obfuscated Priority Assignment for Automotive CAN Platforms","authors":"M. Lukasiewycz, Philipp Mundhenk, S. Steinhorst","doi":"10.1145/2831232","DOIUrl":null,"url":null,"abstract":"Security in automotive in-vehicle networks is an increasing problem with the growing connectedness of road vehicles. This article proposes a security-aware priority assignment for automotive controller area network (CAN) platforms with the aim of mitigating scaling effects of attacks on vehicle fleets. CAN is the dominating field bus in the automotive domain due to its simplicity, low cost, and robustness. While messages might be encrypted to enhance the security of CAN systems, their priorities are usually identical for automotive platforms, comprising generally a large number of vehicle models. As a result, the identifier uniquely defines which message is sent, allowing attacks to scale across a fleet of vehicles with the same platform. As a remedy, we propose a methodology that is capable of determining obfuscated message identifiers for each individual vehicle. Since identifiers directly represent message priorities, the approach has to take the resulting response time variations into account while satisfying application deadlines for each vehicle schedule separately. Our approach relies on Quadratically Constrained Quadratic Program (QCQP) solving in two stages, specifying first a set of feasible fixed priorities and subsequently bounded priorities for each message. With the obtained bounds, obfuscated identifiers are determined, using a very fast randomized sampling. The experimental results, consisting of a large set of synthetic test cases and a realistic case study, give evidence of the efficiency of the proposed approach in terms of scalability. The results also show that the diversity of obtained identifiers is effectively optimized with our approach, resulting in a very good obfuscation of CAN messages in in-vehicle communication.","PeriodicalId":7063,"journal":{"name":"ACM Trans. Design Autom. Electr. Syst.","volume":"36 1","pages":"32:1-32:27"},"PeriodicalIF":0.0000,"publicationDate":"2016-01-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"34","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"ACM Trans. Design Autom. Electr. Syst.","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2831232","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 34

Abstract

Security in automotive in-vehicle networks is an increasing problem with the growing connectedness of road vehicles. This article proposes a security-aware priority assignment for automotive controller area network (CAN) platforms with the aim of mitigating scaling effects of attacks on vehicle fleets. CAN is the dominating field bus in the automotive domain due to its simplicity, low cost, and robustness. While messages might be encrypted to enhance the security of CAN systems, their priorities are usually identical for automotive platforms, comprising generally a large number of vehicle models. As a result, the identifier uniquely defines which message is sent, allowing attacks to scale across a fleet of vehicles with the same platform. As a remedy, we propose a methodology that is capable of determining obfuscated message identifiers for each individual vehicle. Since identifiers directly represent message priorities, the approach has to take the resulting response time variations into account while satisfying application deadlines for each vehicle schedule separately. Our approach relies on Quadratically Constrained Quadratic Program (QCQP) solving in two stages, specifying first a set of feasible fixed priorities and subsequently bounded priorities for each message. With the obtained bounds, obfuscated identifiers are determined, using a very fast randomized sampling. The experimental results, consisting of a large set of synthetic test cases and a realistic case study, give evidence of the efficiency of the proposed approach in terms of scalability. The results also show that the diversity of obtained identifiers is effectively optimized with our approach, resulting in a very good obfuscation of CAN messages in in-vehicle communication.
基于安全感知的汽车CAN平台模糊优先级分配
随着道路车辆的互联性不断提高,汽车车载网络的安全问题日益突出。本文提出了一种汽车控制器局域网(CAN)平台的安全感知优先级分配,旨在减轻对车队攻击的规模效应。CAN总线以其简单、低成本和健壮性在汽车领域占据主导地位。虽然消息可能会被加密以增强CAN系统的安全性,但它们的优先级通常是相同的,因为汽车平台通常包含大量的车型。因此,标识符唯一地定义了发送的消息,从而允许攻击在具有相同平台的车队中扩展。作为补救措施,我们提出了一种能够确定每个单独车辆的混淆消息标识符的方法。由于标识符直接表示消息优先级,因此该方法在分别满足每个车辆调度的应用程序截止日期的同时,必须考虑所产生的响应时间变化。我们的方法依赖于二次约束二次规划(QCQP)分两个阶段求解,首先为每个消息指定一组可行的固定优先级,然后为每个消息指定有界优先级。利用得到的边界,使用非常快的随机抽样来确定混淆的标识符。实验结果,包括大量的综合测试用例和一个实际的案例研究,证明了所提出的方法在可扩展性方面的有效性。结果还表明,该方法有效地优化了获得的标识符的多样性,从而在车载通信中对CAN消息进行了很好的混淆。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信