I Introduction
Recent studies have identified security vulnerabilities in networked automobiles, in which attackers have compromised invehicle Electronic Control Units (ECUs), and disabled brakes [2], remotely controlled steering [3], and disabled vehicles on a highway [4]. Such exploits of ECUs are feasible because invehicle network protocols, such as the Controller Area Network (CAN) [5], were designed for closed systems and do not have security mechanisms such as message authentication. Networked automobiles, however, contain externally accessible ECUs that can be compromised by remote adversaries [6, 2, 7]. Since the CAN bus is a broadcast medium and there is no message authentication, a compromised ECU can be used to inject spoofed messages with faked message IDs and masquerade as a targeted ECU (masquerade attack) [2].
Given that CAN has a preset tight bit budget for messages and resourceconstrained ECUs have realtime requirements, it has not been a practical option to incorporate cryptographic primitives as in [8, 9, 10] into CAN. As an alternative, Intrusion Detection Systems (IDSs) have been proposed that exploit physical properties such as message periodicity and network entropy without modifying the CAN protocol [11, 12, 13, 14].
One stateoftheart (SOTA) IDS was proposed in USENIX 2016 [12]
based on two key observations: 1) almost all CAN messages are periodic, and 2) periodically received messages can be used to estimate the
clock skew of the transmitter, a unique physical invariant of each ECU due to variations in the clock’s hardware crystal. Therefore, a change in estimated clock skew at the receiver implies an anomaly in the transmitter’s clock characteristics, which indicates the presence of a masquerade attack with high probability (Fig. 0(a)). The novelty of the SOTA IDS is the use of the clock skew for detecting a masquerade attack without requiring any synchronization and identifying the compromised ECU that mounts the attack.In our preliminary work [1], we investigated IDSs that use the clock skew for detecting masquerade attacks. Our key observation is that an adversary, who realizes that the IDS at the receiver ECU computes the clock skew using message interarrival times, can manipulate the intertransmission times by adding delays to emulate the clock skew of the targeted ECU and avoid detection. We refer to masquerade attacks of this kind as the cloaking attack (Fig. 0(b)). We experimentally obtained the attack success probability curves (attack success probability as a function of the added intertransmission delay) and noticed that they have a consistent bellshaped structure across different hardware platforms, which may be captured by a formal model. In this paper, we provide such formal models that accurately predict and characterize the attack success probability curves for the SOTA IDS and its adaptation to the Network Time Protocol (NTP), using parameters of the attacker, the detector, and the hardware platform. Moreover, we collect additional 16+ hours of CAN data from the UW EcoCAR testbed for six representation messages with different periods, message ID levels, and transmitting ECUs for experimental evaluation. We further demonstrate the applicability of our formal models for different IDS settings and vehicles. To the best of our knowledge, this is the first paper that provides formal analyses of clock skewbased IDSs in automotive CAN. Throughout this paper, we make the following specific contributions:

We propose the cloaking attack, in which an adversary adjusts message intertransmission times and cloaks its clock to match the targeted ECU’s clock skew and avoid detection.

We analyze and formally model the attack success probability of the proposed attack on both the SOTA and NTPbased IDSs.

We evaluate the proposed attack on hardware testbeds, including a CAN bus prototype and a real vehicle (the UW EcoCAR). Our results show that while the NTPbased IDS is more effective than the SOTA IDS in detecting masquerade attacks, the cloaking attack is successful against both IDSs during all hardware trials.

We validate our formal analyses using the data collected from the UW EcoCAR and the Toyota dataset that was also used in [12]. Our results show that our formal models provide accurate predictions of attack success probability curves for different messages, IDS settings, and vehicles. We define a metric called the Area Deviation Error (ADE) to measure the modeling accuracy, which is the ratio of the absolute difference of the areas under the predicted and experimental attack success probability curves to the area under the experimental curve. Our results show that the average ADEs of the proposed formal models are within for the SOTA IDS and for the NTPbased IDS.
The remainder of this paper is organized as follows. Section II reviews the related work. Sections III presents our system and adversary models. Section IV reviews the SOTA IDS and presents the proposed NTPbased IDS. The cloaking attack is proposed in Section V. Section VI presents formal models for the SOTA and NTPbased IDSs. Section VII presents the experimental evaluation. Section VIII concludes this paper.
Ii Related Work
Recent experimental studies have shown that automobiles are vulnerable to cyber attacks with potentially lifethreatening consequences such as disabling brakes or overriding steering [6, 15, 16, 2, 7, 17], most of which are caused by the lack of security protections in CAN [2, 8]. Hence, there is an urgent need for securing CAN buses.
Security solutions for CAN can be broadly classified into schemes that add
cryptographic measures to the CAN bus [10, 9, 8, 18] and anomalybased IDSs that 1) analyze the traffic on the CAN bus including message contents [19, 20, 21], timing/frequency [15, 22, 23, 24, 25], entropy [26], and survival rates [27], 2) exploit the physical characteristics of ECUs extracted from invehicle sensing data [28, 29, 30] or measurements [13, 31, 11, 14, 32], and 3) exploit the characteristics of the CAN protocol, such as the remote frame [33]. Compared to the CAN traffic, it is more difficult for adversaries to imitate the physical characteristics of ECUs, such as the mean squared error of voltage measurements [11]. In [13], Cho and Shin proposed an IDS called Viden that constructs voltage profiles to identify the attacker. In [32], Choi et al. proposed VoltageIDS that leverages the time and frequency domain features of the electrical CAN signals to fingerprint ECUs. In [34], Kneib and Huth proposed Scission that exploits physical characteristics from analog values of CAN frames to determines if whether was transmitted by the legitimate ECU. However, realtime sensing/measurement and processing can be challenging for ECUs with limited resource, which may hinder the deployment of the existing schemes in practice. In addition, it has been shown in [35] that the extra wires required by voltagebased IDSs may introduce new attack surfaces for various voltagebased attacks.Notation  Description 
Arrival time of th message in th batch  
Noise in arrival time of th message in th batch  
Mean of all interarrival times before the attack  
Mean of interarrival times in th batch  
Standard deviation of all interarrival times  
Standard deviation of noise in arrival times  
Batch size  
(Constant) clock offset in each period  
Average offset in th batch  
Accumulated offset up to th batch  
Clock skew estimate in th batch  
Elapsed time up to last message in th batch  
(Unnormalized) identification error in th batch  
Mean of reference identification errors  
Standard deviation of reference identification errors  
Normalized identification error in th batch  
Identification error used as reference in CUSUM  
,  Upper and lower control limits in th batch 
CUSUM detection threshold  
CUSUM update threshold  
CUSUM sensitivity parameter  
Intertransmission delay added by adversary that  
exactly achieves the targeted ECU’s clock skew  
Difference between the total added delay and  
Probability of a successful cloaking attack  
Rate of decrease of normalized identification error  
after an attack occurs (for the SOTA IDS)  
Expected value of (for the  
NTPbased IDS) 
A novel IDS that uses the clock skew to fingerprint ECUs was proposed in [12]. As a physical invariant, the clock skew can be estimated from the timestamps of periodically received CAN messages and used for detecting masquerade attacks. In this paper, we propose the cloaking attack, in which the adversary alters the message intertransmission times to match the clock skew of the targeted ECU and evade detection with a high probability. We further propose formal models that predict the attack success probability for a given CAN bus and IDS with high accuracy.
Iii System Model
In this section, we provide brief background on the CAN protocol, review clockrelated concepts as defined in NTP, and present our timing model for the CAN bus. A list of frequently used notations is provided in Table I.
Iiia CAN Background
IiiB ClockRelated Concepts in NTP
Let denote the time kept by clock , and be the true time. According to the NTP [38, 39], the clock offset of clock A is given by
(1) 
which is the difference between the time reported by and the true time. The frequency of at time , denoted , is the first derivative of , while the clock skew is the first derivative of the clock offset . A positive clock skew means that runs faster than . The unit of clock skew is microseconds per second (s/s) or parts per million (ppm). For example, if is faster by s every ms w.r.t. , then its clock skew relative to is ppm.
Invehicle ECUs typically have constant clock skews [12]. Suppose that has a constant clock skew . If is the time duration measured by , the amount of time that has passed according to is , and . Similarly, if there is a second nontrue clock with a constant clock skew that reports a time duration of , we have . Then the clock skew of relative to , denoted as , is given by
(2) 
and the relationship between and is given by
(3) 
In the absence of a true clock, the relative clock offset and relative clock skew can be defined with respect to a reference clock. Two clocks are said to be synchronized at time if both the relative clock offset and relative clock skew are zero.
IiiC Timing Model
We now discuss our timing model in Fig. 2, in which the receiving ECU R timestamps messages that arrive periodically. We consider R’s clock as the reference clock and refer to the relative offset and relative skew of the transmitter’s clock as offset and skew, respectively.
Consider an ECU that transmits a message every seconds as per its local clock. If the two clocks are synchronized, the th message will be transmitted at in R’s clock. However, due to the transmitter’s clock skew, there exists an accumulated offset between the transmitter’s clock that reports time and R’s clock that reports time since the transmission of message , which means according to Eq. (1). Therefore, the actual transmission time is
in R’s clock. While the clock skew may be slowly varying due to factors like temperature, it is almost constant over short durations. Hence, we model the accumulated offset as a random variable
, where is the clock offset induced in one period given the constant clock skew, and is the offset deviation due to jitters in the transmitter. We assume that the ’s are independent and identically distributed zeromean random variables. After a network delay of (due to message transmission, propagation, and reception), the message arrives at R’s incoming buffer and has a timestamp(4) 
where is the zeromean noise introduced by R’s timestamp quantization process [Zander:2008:ICM:1496711.1496726].
Let and thus . Since the data lengths of periodic CAN messages are constant over time, it is reasonable to assume constantmean network delays, i.e., . Hence, we model the ’s as i.i.d. Gaussian random variables with .
The interarrival time between the ()th message and the th message is . Hence, the interarrival times have a mean
, and a variance
.IiiD Adversary Model
We consider adversaries who gain access to the CAN bus of an automobile by compromising one or more ECUs. We adopt the following two adversary models [17, 12]:

Weak adversary – A weak adversary who compromises an ECU is able to eavesdrop on all the CAN traffic and can block outgoing messages from the compromised ECU. The weak adversary, however, cannot send messages from the compromised ECU.

Strong adversary – A strong adversary who compromises an ECU has complete control over the compromised ECU, including eavesdropping on all messages, blocking outgoing messages, and transmitting messages with the timing and content of the adversary’s choosing.
We consider adversaries who attempt to mount masquerade attacks. Fig. 3 illustrates a masquerade attack that is mounted by a weak adversary and a strong adversary acting in coordination. The strong adversary has compromised ECU A, while the weak adversary has compromised ECU B. The goal of the attack is to inject false messages from ECU A, so as to degrade the safety, performance, and/or functionality of the vehicle. This attack enables an adversary who compromises a lowpriority^{1}^{1}1On the CAN bus, messages with smaller ID levels (i.e., higher priorities) will be transmitted earlier in the event of collisions through a process called arbitration. A larger ID indicates a lower priority. See [37] for more details. ECU to effectively impersonate a higherpriority ECU, thus maximizing the impact of the attack.
We observe that, if ECU B were compromised by a strong adversary, the attack would be trivial. On the other hand, when ECU B is compromised by a weak adversary, the adversary cannot directly inject messages from ECU B itself. Instead, the weak adversary blocks the targeted messages from ECU B. The strong adversary then uses the compromised ECU A to inject false messages that are claimed to be from ECU B.
This attack exploits two vulnerabilities of CAN that have been identified in the related literature [2, 12]. First, all ECUs have access to the same broadcast medium, allowing easilycompromised, lowpriority ECUs (ECU A in Fig. 3) to listen to and impersonate higherpriority ECUs. Second, the lack of integrity checks means that spoofed messages from ECU A are not detected as long as the normal formatting and errorcorrection checks of CAN messages are passed.
Iv Clock SkewBased IDS
Clock skewbased IDSs leverage the clock skew to uniquely fingerprint each ECU and detect masquerade attacks. Since CAN messages do not have transmit timestamps, approaches that require transmit timestamps for clock skew estimation such as [40, 41, 42] are not applicable. Similar to [43], clock skewbased IDSs on CAN buses instead exploit traffic periodicity [12]. Since almost all messages are transmitted periodically, the receiving IDS can monitor the interarrival times of a target message and estimate the clock skew of the transmitting ECU accordingly. We note that this approach is only viable for periodic message traffic. In the rest of this section, we will review the SOTA IDS and propose an NTPbased IDS.
Iva Review of SOTA IDS
The SOTA IDS in [12] consists of a clock skew estimator and a CUSUM (Cumulative Sum [44])based detector. The estimator tracks the clock skew from message interarrival times and feeds identification errors to the CUSUM for detection. We now describe the two components in more detail.
IvA1 Clock Skew Estimator
Incoming periodic messages are processed in batches of size to mitigate undesired impacts of quantization and other sources of noise in receive timestamps. Let be the arrival time of the th message in the th batch. The average offset of the th batch is given by
(5) 
where is the mean interarrival time of the previous (th) batch.
The absolute value of is added to the previous accumulated offset to compute the updated value,
(6) 
which is modeled as , where , , and denote the clock skew estimate in batch , the elapsed time until the last message of the th batch, and the (unnormalized) identification error in batch , respectively.
The estimated clock skew is the output of the Recursive Least Squares (RLS) algorithm. Ideally, the identification error would converge to zero if clock skew is correctly estimated. Hence, a change in the identification error indicates a change in the clock skew. Besides, the rate of convergence is governed by a parameter (e.g., ) that exponentially weighs past samples. More details are available in [12].
IvA2 CUSUMBased Detector
The detector tracks the mean and the standard deviation of identification errors that are used as reference (denoted as ). In batch , is first normalized as
. To mitigate the undesired impact of outliers,
will be considered as a reference error sample for updating and only if is less than the preset update threshold (e.g., ), as noted in [12].The detector then uses to update the upper control limit and the lower control limit in batch as follows
(7)  
(8) 
where is a sensitivity parameter that reflects the number of standard deviations to be detected. The detector declares an attack if either the control limit, or , exceeds the preset detection threshold , which implies a sudden positive or negative shift in value, respectively. As the general rule of thumb for CUSUM, is usually set to or [45], and the SOTA IDS chooses .
IvB Proposed NTPbased IDS
We now present an adapted IDS that computes clock offset and clock skew as per the NTP specifications, which is referred to as the NTPbased IDS. The motivation for our NTPbased IDS is twofold. First, we note that the metric in Eq. (5) is not consistent with the NTP definition in Eq. (1), since it does not calculate the time difference between the transmitter’s clock and the reference clock. In addition, it is assumed that is a random variable and . It implies that for , which does not hold in general since offsets accumulate over time (if , ). Our second motivation is the widespread use and acceptance of NTP as a timing mechanism for realtime systems, which raises the question of whether NTP definitions of clocks can be used for intrusion detection as well. While both the SOTA IDS [12] and the proposed NTPbased IDS estimate the clock skew via the RLS and detect an attack via the CUSUM, they update average and accumulated offsets differently, as explained below.
Let be the message period and be the clock offset of the th period observed by the receiver. According to the NTP clock definitions (Section IIIB) and the timing model (Section IIIC), is equal to
(9) 
where . In batch , the average offset is
(10) 
where is the receive timestamp of the last message in the previous (()th) batch. The accumulated offset of the th batch is updated as follows
(11) 
Eq. (5) and (10) highlight the differences in how the average offset is updated by the SOTA and NTPbased IDSs, respectively. Similarly, Eq. (6) and (11) show how the SOTA and NTPbased IDSs update the accumulated offset, respectively. Compared to the SOTA IDS, the NTPbased IDS provides more consistent clock skew estimates for the same message across different batch sizes and data traces. See Appendix A for a detailed discussion. As we will show in Section VII, the NTPbased IDS is more effective in detecting masquerade attacks than the SOTA IDS.
V Proposed Cloaking Attack
In this section, we propose a new masquerade attack called the cloaking attack, in which the adversary adjusts the intertransmission times of the spoofed messages in order to manipulate the estimated clock skew and bypass an IDS.
Consider a message transmitted by the targeted ECU B every seconds in its own clock, which corresponds to every seconds in the receiver R’s clock, where is B’s clock skew. For the ease of discussion, we ignore offset deviations and the noise in arrival timestamps due to network delay and quantization. Then B’s clock skew as estimated by R is given by .
In a masquerade attack, the weak adversary prevents ECU B from transmitting the targeted message, and the strong adversary controlling ECU A transmits the spoofed message every seconds as per A’s local clock . Hence, ECU R receives messages every seconds, as measured by , where is A’s clock skew. The clock skew measured by ECU R will then be . Hence, if , then the IDS will detect a change in the estimated clock skew after the adversary launches the attack.
The insight underlying our attack is that, while clock skew is a physical invariant, clock skew estimation in an IDS is based entirely on message interarrival times, which can be easily manipulated by the transmitter (i.e., the strong adversary controlling ECU A) adjusting the message intertransmission times. Effectively, the adversary cloaks the skew of its hardware clock, thus motivating the term cloaking attack. Under the cloaking attack, instead of transmitting every seconds, the compromised ECU A transmits every seconds, in order to match the clock skew observed at R.
We now discuss the choice of . Under the cloaking attack, the interarrival time observed by R is
and the transmitter’s clock skew estimated by R is
(12) 
Hence, to bypass the IDS, the adversary needs to choose such that , or equivalently , which means
(13) 
where is A’s clock skew relative to B’s clock, and the last two equalities are due to Eq. (2) and Eq. (3), respectively.
Therefore, the message intertransmission time would be
which is the period of the message from B (weak adversary) measured by the local clock of A (strong adversary).
To summarize, the cloaking attack is performed as follows. After the adversary compromises two ECUs as strong and weak adversaries, the strong adversary estimates the period of the targeted message using its local clock. During the cloaking attack, the strong adversary transmits spoofed messages every seconds. While the preceding analysis ignores the noise in the system, our results in Section VII show that the cloaking attack is effective in a realistic environment.
In practice, however, the adversary may not be able to achieve the exact value of due to hardware limitations and possible measurement inaccuracy. Let the total amount of the actual intertransmission delay added by the adversary be , where is the amount of deviation from . When is closer to zero, the attack will be successful with a higher probability. Hence, the attack success probability is a function of (an attack parameter), parameters of the detector (e.g., , , and ), and the hardware platform. In order to predict and characterize the impact of the cloaking attack on a CAN bus and IDS without having to solely rely on extensive experiments, we aim to formally model for both the SOTA and NTPbased IDSs, as presented below.
Vi Formal Analysis
Via Formal Analysis of SOTA IDS
In this section, we develop a formal model for the probability of a successful cloaking attack as a function of parameters including the distribution of message interarrival times, the message period, the added intertransmission delay, and the detection parameters of the IDS. We first present our modeling assumptions and observations. We then formulate our formal model and derive for the SOTA IDS.
ViA1 Assumptions for SOTA IDS
For the SOTA IDS, the detection parameters including batch size and CUSUM parameters (the detection threshold) and (the sensitivity parameter) are known to the IDS. Since the IDS records all message arrival timestamps, it knows the message period and can measure the mean and standard deviation of the message interarrival times.
Our analysis takes as input a “snapshot” of the IDS right before the attack that begins in the th batch. This means that the following parameters maintained by the IDS are readily available: the mean and standard deviation of the reference identification errors in the CUSUM, the average interarrival time , the accumulated offset , the estimated skew , and the elapsed time .
ViA2 Observations
Our modeling and analysis of the SOTA IDS are based on the following observations. As shown in Fig. 3(a), the first batch after the attack begins is the only batch that has a large average offset, and all subsequent batches have small offsets. This is because the average offset of the current batch is computed from the mean interarrival time of the previous batch (Eq. (5)). The first attack batch has a very different mean interarrival time from the last normal batch due to , whereas adjacent batches before and after the attack have close mean interarrival time.
As a result, for an attack that begins in the th batch^{2}^{2}2We assume that the first attack message appears as the 1st message of the th batch., the identification error will be larger due to the sudden change in the mean interarrival time and will decrease over time due to clock skew update. In fact, we observe that the attack is usually either detected during the first tens of batches following the attack, or is not detected at all (Fig. 3(b)).
If we take a closer look at the first tens of batches after the attack begins, we observe a linear decrease in the normalized identification error (Fig. 3(c)). These observations motivate the following model of the normalized identification error at batch
(14) 
where is a constant slope representing the rate of decrease of the normalized identification error.
ViA3 Attack Success Probability
Based on the observations of Section VIA2, we divide our formal analysis into three stages: 1) modeling the distribution of the normalized identification error in the first attack batch , 2) estimating the rate of decrease of the normalized identification error, and 3) computing the attack success probability from estimated distributions of . Each stage is described as follows.
Distribution of the normalized identification error in the first attack batch. We now examine the identification error at the first attack batch , which is
The clock skew value is known, but the parameters and are to be modeled. From the definitions of accumulated offset and elapsed time, we have
(15) 
where is the interarrival time between the last message of the previous (()th) batch and the first message of the current (th) batch. Next, we will compute the mean and standard deviation of .
Based on our timing model (Section IIIC), the average offset under an attack with a delay of (i.e., the equivalent total amount of added delay is ) is
where is the mean interarrival time before an attack^{3}^{3}3Strictly speaking, the resulting offset due to the added delay of is . However, is usually much smaller than , and thus we can approximate as . . Although the statistics of after the attack may be different from those before the attack due to different characteristics of transmitting ECUs, such information is not available at batch . Therefore, we assume the same statistics of before and after the attack, namely, for , which yields
(16) 
Since (Section IIIC), the variance of is also equal to , where is the standard deviation of interarrival times. For sufficiently large, the term will dominate , and hence we have
(17) 
Next, we can substitute the term in Eq. (VIA3) with Eq. (17) and compute the mean and standard deviation of , as described in the following lemma.
Lemma 1.
Under the assumption (17), the identification error of the first attack batch is Gaussian with mean
(18) 
and variance
A proof can be found in Appendix B.
The distribution of the normalized identification error in the first attack batch is Gaussian and satisfies
After obtaining the distribution of the normalized identification error in the first attack batch, our next task is to model the rate of decrease of the normalized identification error in Eq. (14), which will give us an approximation of for .
Rate of decrease of the normalized identification error. According to Eq. (VIA3), the identification error after an attack begins (i.e., ) is given by
where is the interarrival time between the last message in the th batch and the first message of the ()th batch during the attack.
Since skew updating is slow in the first tens of batches due to the slow convergence of the RLS algorithm, we may assume that is a constant. Then we have
According to Eq. (16), the average offset is Gaussian with mean and variance . Although the value of for is not available at batch , we have , which means can be approximated as zero.
Therefore, we can derive a linear approximation to by taking the expectation of . Since is the absolute value of a Gaussian random variable with mean zero and variance , we have
Since the normalized identification error is computed as , the rate of decrease of can be approximated as
Note that the fixed is used, since is usually larger than and thus will not be updated.
Now that we have distributions of normalized identification errors , we can compute the distribution of the maximum value of control limits and , and derive the attack success probability.
Computation of the attack success probability. In order to derive the attack success probability, let us take a closer look at how the control limits are updated. Without loss of generality, we consider positive and assume that the upper control limit is zero before the attack. From Eq. (7), we can see that if , the attack will be detected immediately in the first batch; if , it will not be detected at all. If lies in and is greater than for some , the attack will still be detected after several batches. Hence, we can first compute the maximum value of , which depends on and , and then relate the attack success probability to the distribution of , as shown in the following theorem.
Theorem 1.
The attack success probability satisfies
(19) 
The proof can be found in Appendix C.
By Theorem 1, we can see that the attack success probability can be computed by evaluating the cumulative density function of a Gaussian random variable.
ViB Formal Analysis of NTPBased IDS
We then formally analyze the probability of a successful cloaking attack for the NTPbased IDS, given the system parameters immediately before the attack.
ViB1 Assumptions for NTPBased IDS
For the NTPbased IDS, the batch size and CUSUM parameters including (the update threshold), (the detection threshold), (the sensitivity parameter) and (the parameter in the RLS), are known to the IDS. Since the IDS records the receive timestamps of the target message, it knows the period and can also measure the mean and standard deviation of interarrival times.
As mentioned in Section IV, the NTPbased IDS tracks the accumulated offset and elapsed time in each batch , and maintains the reference identification errors. Hence, it is reasonable to assume that the values of , , and are known to the NTPbased IDS prior to the attack.
ViB2 Observations
Our modeling and analysis of the NTPbased IDS are based on the following observations. First, if the attack with an added delay of starts in the th batch, the resulting , , and can be estimated from , , , and . Second, although the IDS keeps track of the slowly changing clock skew via the RLS based on newly obtained and , the output of the RLS converges to that of a nonRLS estimator that minimizes the weighted mean squared error. Third, with the estimated value of , the IDS can further estimate the CUSUM statistics following its updating rule, as well as the mean value and distribution of normalized errors.
ViB3 Attack Success Probability
Based on the observations in Section VIB2, we divide our formal analysis into four stages: 1) estimating the accumulated offset and the elapsed time after the attack begins at batch , 2) approximating the clock skew estimated by the RLS, 3) modeling the distributions of normalized identification errors , and 4) computing the probability of control limits exceeding to obtain the attack success probability.
Accumulated offset and elapsed time. For the NTPbased IDS, the accumulated offset before the attack is
(20) 
where is the arrival timestamp of the last message in the initialization batch, and is the average offset in each period . The elapsed time is
(21) 
We assume that the attack starts from the first message of batch , and the interarrival time between the last normal message and the first attack message is roughly equal to . Then for , we have
(22) 
Since , we also have
(23) 
Note that in the above equations, the amount of network delay and noise as captured by is given at batch , and thus is the only random variable.
With more attack batches arriving, the estimated clock skew will gradually change over time. Hence, it is important to model the process of clock skew updating, which is our next step of modeling.
Approximation of the estimated clock skew. While the RLS is an online algorithm that recursively updates the clock skew estimate with nonlinear equations, it has been shown in [46] that the clock skew estimated via the RLS would converge to the value that minimizes the following quadratic function,
(24) 
where is the parameter in the RLS, and the optimal value is given by
(25) 
Let the mean of in Eq. (22) and in Eq. (23) be and , respectively. Given and , we can estimate the output of RLS as based on Eq. (25).
As shown in Fig. 4(a) and Fig. 4(b), the estimated values of accumulated offset, elapsed time, and clock skew are closely matched with the experimental values.
Distribution of the normalized identification errors. With the estimated clock skew values , the identification error is given as
where . Since is Gaussian, the identification error is also Gaussian with mean and variance .
In order to estimate the distribution of , we need to model the updating process of CUSUM statistics, i.e., and . Hence, given , we can compute . If , we add to and recompute and from . Then we increment by and repeat the above steps.
Since , it implies
As shown in Fig. 4(c), the estimated mean values of match closely with the experimental values. Based on the distributions of derived above, we can now compute the attack success probability.
CUSUM analysis.
Let the probability density function of
be , and the number of attack batches used for detection be . We assume that , which is consistent with the NTPbased IDS and our simulations. A detection takes place in the th attack batch if or . Let , which is the attack batch ID when control limits first exceed the detection threshold. In other words, if , it means that the attack is not detected within batches. Hence, the attack success probability is equal to , and the following lemma shows how to computeLemma 2.
The probability of a successful cloaking attack for the CUSUMbased detector satisfies
Therefore, the value of , that is, the probability of a successful cloaking attack within attack batches predicted at the th attack batch (), can be computed as a linear function of the values of . The attack success probability is equal to .
Vii Evaluation
In this section, we evaluate the proposed cloaking attack on two CAN bus testbeds and demonstrate that the cloaking attack is able to bypass both the SOTA and NTPbased IDSs. We then validate our formal analysis through extensive experiments.
Viia Testbeds
We build two CAN bus testbeds: a CAN bus prototype and a CAN testbed on a real vehicle (the UW EcoCAR, a 2016 Chevrolet Camaro [47]). Compared with the prototype that consists of three ECUs, the UW EcoCAR hosts 8 stock ECUs and two experimental ECUs. A total of 2500+ messages with 89 different IDs are being exchanged every second.
ViiA1 CAN Bus Prototype
As shown in Fig. 5(a), each ECU on the CAN bus prototype consists of an Arduino UNO board and a Sparkfun CAN bus shield that uses a Microchip MCP2515 CAN controller with a MCP2551 CAN transceiver. The bus speed is set to Kbps as in typical CAN buses.
ViiA2 UW EcoCAR testbed
The CAN bus prototype is connected to the CAN bus of the UW EcoCAR via the OnBoard Diagnostics (OBDII) port to build the UW EcoCar testbed (Fig. 5(b)). During our experiments, the UW EcoCAR was in the park mode in an isolated and controlled environment for safety purposes, but all ECUs were functional and actively exchange CAN messages. We noticed that ECUs in the park mode had very close clock skews as in the drive mode.
Due to the large CAN traffic and limited computing capability, Arduinobased ECUs are not able to log all CAN messages on the bus or transmit high frequency messages. Therefore, we build additional ECUs that consist of a Raspberry Pi 3 and a PiCAN 2 board and used SocketCAN [48] to enable the interaction between the added ECUs and the UW EcoCAR.
ViiB Evaluation of Cloaking Attack
We first demonstrate and evaluate the cloaking attack on both the CAN bus prototype and the UW EcoCAR testbed.
ViiB1 Setup
On the CAN bus prototype, ECU 1 acts as the IDS that logs all messages, ECU 2 is the targeted ECU that transmits message 0x11 every ms ( Hz), and ECU 3 is the strong adversary that impersonates ECU 2. On the UW EcoCAR testbed, a stock ECU that transmits message 0x184 every ms is treated as the targeted ECU and the same ECU 3 acts as the strong adversary that injects spoofed messages.
When launching the cloaking attack, the impersonating ECU 3 transmits every s (s) to spoof message 0x11 on the CAN bus prototype and every s (s^{4}^{4}4While Arduino’s time resolution is s , we set to s and changed it to s every five messages so that s on average.) to spoof message 0x184 on the UW EcoCAR testbed. During our experiments, we collected 8.5 hours of attack data from the CAN bus prototype and the UW EcoCAR testbed separately.
We set batch size for both the SOTA and the NTPbased IDSs. For the SOTA IDS, the update threshold is and the detection threshold is , which is consistent with [12]. For the NTPbased IDS, we use and . For the data collected from the CAN bus prototype, the sensitivity parameter is set to for both IDSs, while it is set to for the UW EcoCAR data to avoid false alarms.
To simulate the cloaking attack, the IDS is fed with batches of normal data, followed by batches of attack data in each experiment^{5}^{5}5We assume perfect timing for the cloaking attack, that is, the first attack message is received at the next expected time instant of the targeted message. The impact of mistiming on the cloaking attack is studied in Appendix E.. An attack is successful if it is undetected by the IDS and fails otherwise. A total of independent experiments are performed to compute the attack success probability .
ViiB2 Results
For the values achieved in our evaluation, is against both the SOTA and NTPbased IDSs (Fig. 7, dashed line). In order to gain additional insight into the performance of each IDS under cloaking attack, we generate additional datasets by adding different values of to the message interarrival times and then analyze both IDSs using the new datasets.
In order to quantify the effectiveness of an IDS against the masquerade (cloaking) attack, we define a metric called Maximum Slackness Index (MSI), which measures the interval of that an adversary can introduce while remaining undetected with a probability of . We first let be the attack success probability when the added delay is . We define the upper and lower limits of for a successful attack as and
Comments
There are no comments yet.