SPARTA: Signal Propagation-based Attack Recognition and Threat Avoidance for Automotive Networks

With wider availability of wireless interfaces and a rising integration of software, it becomes easier for attackers to access vehicular communication networks and exploit vulnerabilities in Electronic Control Units (ECUs). Once having compromised an ECU, the intruder can control safety-relevant functions without requiring physical access to the vehicle. An essential aspect for the feasibility of such attacks is the lack of security measures in the Controller Area Network (CAN). And although physical-based Intrusion Detection Systems (IDSs) gain relevance for CAN security, current voltage and time-based systems have reached a point where crucial improvements can only be achieved at intolerable expense. To assess the potential of novel approaches, we present SPARTA, an advanced Intrusion Detection and Prevention System (IDPS) which identifies the sending ECU by measuring signal arrival differences on the CAN bus. With a highly reliable detection procedure, SPARTA improves current IDSs and implements an active prevention mechanism to decimate the impact of attacks. In this context, it not only detects violations of the transmission authenticity, but also recognizes the attempt of a denial-of-service (DoS) attack. Further, SPARTA was designed to require few resources and to meet real-time constraints of automotive systems. For this reason, the entire approach was realized on a resource-constrained embedded system and evaluated on different CAN and CAN with Flexible Data-Rate (CAN-FD) setups to demonstrate the efficiency, performance and adaptability to external influences of a dynamic environment.