Shape of the Cloak: Formal Analysis of Clock Skew-Based Intrusion Detection System in Controller Area Networks

This paper presents a new masquerade attack called the cloaking attack and provides formal analyses for clock skew-based Intrusion Detection Systems (IDSs) that detect masquerade attacks in the Controller Area Network (CAN) in automobiles. In the cloaking attack, the adversary manipulates the message inter-transmission times of spoofed messages by adding delays so as to emulate a desired clock skew and avoid detection. In order to predict and characterize the impact of the cloaking attack in terms of the attack success probability on a given CAN bus and IDS, we develop formal models for two clock skew-based IDSs, i.e., the state-of-the-art (SOTA) IDS and its adaptation to the widely used Network Time Protocol (NTP), using parameters of the attacker, the detector, and the hardware platform. To the best of our knowledge, this is the first paper that provides formal analyses of clock skew-based IDSs in automotive CAN. We implement the cloaking attack on two hardware testbeds, a prototype and a real vehicle (the University of Washington (UW) EcoCAR), and demonstrate its effectiveness against both the SOTA and NTP-based IDSs. We validate our formal analyses through extensive experiments for different messages, IDS settings, and vehicles. By comparing each predicted attack success probability curve against its experimental curve, we find that the average prediction error is within 3.0 NTP-based IDS.

READ FULL TEXT VIEW PDF
POST COMMENT

Comments

There are no comments yet.

Authors

page 9

07/25/2019

Mitigating Vulnerabilities of Voltage-based Intrusion Detection Systems in Controller Area Networks

Data for controlling a vehicle is exchanged among Electronic Control Uni...
09/24/2020

Graph-Based Intrusion Detection System for Controller Area Networks

The controller area network (CAN) is the most widely used intra-vehicula...
01/14/2021

Time-Based CAN Intrusion Detection Benchmark

Modern vehicles are complex cyber-physical systems made of hundreds of e...
01/17/2022

Silently Disabling ECUs and Enabling Blind Attacks on the CAN Bus

The CAN Bus is crucial to the efficiency, and safety of modern vehicle i...
03/27/2020

Hardware Fingerprinting for the ARINC 429 Avionic Bus

ARINC 429 is the most common data bus in use today in civil avionics. Ho...
08/28/2018

Exploiting the Shape of CAN Data for In-Vehicle Intrusion Detection

Modern vehicles rely on scores of electronic control units (ECUs) broadc...
05/04/2020

Preventing Time Synchronization in NTP's Broadcast Mode

Network Time Protocol (NTP) is used by millions of hosts in Internet tod...
This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.

I Introduction

Recent studies have identified security vulnerabilities in networked automobiles, in which attackers have compromised in-vehicle Electronic Control Units (ECUs), and disabled brakes [2], remotely controlled steering [3], and disabled vehicles on a highway [4]. Such exploits of ECUs are feasible because in-vehicle network protocols, such as the Controller Area Network (CAN) [5], were designed for closed systems and do not have security mechanisms such as message authentication. Networked automobiles, however, contain externally accessible ECUs that can be compromised by remote adversaries [6, 2, 7]. Since the CAN bus is a broadcast medium and there is no message authentication, a compromised ECU can be used to inject spoofed messages with faked message IDs and masquerade as a targeted ECU (masquerade attack) [2].

Given that CAN has a preset tight bit budget for messages and resource-constrained ECUs have real-time requirements, it has not been a practical option to incorporate cryptographic primitives as in [8, 9, 10] into CAN. As an alternative, Intrusion Detection Systems (IDSs) have been proposed that exploit physical properties such as message periodicity and network entropy without modifying the CAN protocol [11, 12, 13, 14].

One state-of-the-art (SOTA) IDS was proposed in USENIX 2016 [12]

based on two key observations: 1) almost all CAN messages are periodic, and 2) periodically received messages can be used to estimate the

clock skew of the transmitter, a unique physical invariant of each ECU due to variations in the clock’s hardware crystal. Therefore, a change in estimated clock skew at the receiver implies an anomaly in the transmitter’s clock characteristics, which indicates the presence of a masquerade attack with high probability (Fig. 0(a)). The novelty of the SOTA IDS is the use of the clock skew for detecting a masquerade attack without requiring any synchronization and identifying the compromised ECU that mounts the attack.

(a)
(b)
Fig. 1: Clock skew estimated by the IDS at the receiver. (a) An IDS tracks the clock skew of the transmitter and detects deviations due to masquerade attacks. (b) A cloaking adversary adds a delay to the message inter-transmission times to emulate the targeted ECU’s clock skew and bypass the IDS.

In our preliminary work [1], we investigated IDSs that use the clock skew for detecting masquerade attacks. Our key observation is that an adversary, who realizes that the IDS at the receiver ECU computes the clock skew using message inter-arrival times, can manipulate the inter-transmission times by adding delays to emulate the clock skew of the targeted ECU and avoid detection. We refer to masquerade attacks of this kind as the cloaking attack (Fig. 0(b)). We experimentally obtained the attack success probability curves (attack success probability as a function of the added inter-transmission delay) and noticed that they have a consistent bell-shaped structure across different hardware platforms, which may be captured by a formal model. In this paper, we provide such formal models that accurately predict and characterize the attack success probability curves for the SOTA IDS and its adaptation to the Network Time Protocol (NTP), using parameters of the attacker, the detector, and the hardware platform. Moreover, we collect additional 16+ hours of CAN data from the UW EcoCAR testbed for six representation messages with different periods, message ID levels, and transmitting ECUs for experimental evaluation. We further demonstrate the applicability of our formal models for different IDS settings and vehicles. To the best of our knowledge, this is the first paper that provides formal analyses of clock skew-based IDSs in automotive CAN. Throughout this paper, we make the following specific contributions:

  • We propose the cloaking attack, in which an adversary adjusts message inter-transmission times and cloaks its clock to match the targeted ECU’s clock skew and avoid detection.

  • We analyze and formally model the attack success probability of the proposed attack on both the SOTA and NTP-based IDSs.

  • We evaluate the proposed attack on hardware testbeds, including a CAN bus prototype and a real vehicle (the UW EcoCAR). Our results show that while the NTP-based IDS is more effective than the SOTA IDS in detecting masquerade attacks, the cloaking attack is successful against both IDSs during all hardware trials.

  • We validate our formal analyses using the data collected from the UW EcoCAR and the Toyota dataset that was also used in [12]. Our results show that our formal models provide accurate predictions of attack success probability curves for different messages, IDS settings, and vehicles. We define a metric called the Area Deviation Error (ADE) to measure the modeling accuracy, which is the ratio of the absolute difference of the areas under the predicted and experimental attack success probability curves to the area under the experimental curve. Our results show that the average ADEs of the proposed formal models are within for the SOTA IDS and for the NTP-based IDS.

The remainder of this paper is organized as follows. Section II reviews the related work. Sections III presents our system and adversary models. Section IV reviews the SOTA IDS and presents the proposed NTP-based IDS. The cloaking attack is proposed in Section V. Section VI presents formal models for the SOTA and NTP-based IDSs. Section VII presents the experimental evaluation. Section VIII concludes this paper.

Ii Related Work

Recent experimental studies have shown that automobiles are vulnerable to cyber attacks with potentially life-threatening consequences such as disabling brakes or overriding steering [6, 15, 16, 2, 7, 17], most of which are caused by the lack of security protections in CAN [2, 8]. Hence, there is an urgent need for securing CAN buses.

Security solutions for CAN can be broadly classified into schemes that add

cryptographic measures to the CAN bus [10, 9, 8, 18] and anomaly-based IDSs that 1) analyze the traffic on the CAN bus including message contents [19, 20, 21], timing/frequency [15, 22, 23, 24, 25], entropy [26], and survival rates [27], 2) exploit the physical characteristics of ECUs extracted from in-vehicle sensing data [28, 29, 30] or measurements [13, 31, 11, 14, 32], and 3) exploit the characteristics of the CAN protocol, such as the remote frame [33]. Compared to the CAN traffic, it is more difficult for adversaries to imitate the physical characteristics of ECUs, such as the mean squared error of voltage measurements [11]. In [13], Cho and Shin proposed an IDS called Viden that constructs voltage profiles to identify the attacker. In [32], Choi et al. proposed VoltageIDS that leverages the time and frequency domain features of the electrical CAN signals to fingerprint ECUs. In [34], Kneib and Huth proposed Scission that exploits physical characteristics from analog values of CAN frames to determines if whether was transmitted by the legitimate ECU. However, real-time sensing/measurement and processing can be challenging for ECUs with limited resource, which may hinder the deployment of the existing schemes in practice. In addition, it has been shown in [35] that the extra wires required by voltage-based IDSs may introduce new attack surfaces for various voltage-based attacks.

Notation Description
Arrival time of -th message in -th batch
Noise in arrival time of -th message in -th batch
Mean of all inter-arrival times before the attack
Mean of inter-arrival times in -th batch
Standard deviation of all inter-arrival times
Standard deviation of noise in arrival times
Batch size
(Constant) clock offset in each period
Average offset in -th batch
Accumulated offset up to -th batch
Clock skew estimate in -th batch
Elapsed time up to last message in -th batch
(Unnormalized) identification error in -th batch
Mean of reference identification errors
Standard deviation of reference identification errors
Normalized identification error in -th batch
Identification error used as reference in CUSUM
, Upper and lower control limits in -th batch
CUSUM detection threshold
CUSUM update threshold
CUSUM sensitivity parameter
Inter-transmission delay added by adversary that
exactly achieves the targeted ECU’s clock skew
Difference between the total added delay and
Probability of a successful cloaking attack
Rate of decrease of normalized identification error
after an attack occurs (for the SOTA IDS)
Expected value of (for the
NTP-based IDS)
TABLE I: Frequently used notations.

A novel IDS that uses the clock skew to fingerprint ECUs was proposed in [12]. As a physical invariant, the clock skew can be estimated from the timestamps of periodically received CAN messages and used for detecting masquerade attacks. In this paper, we propose the cloaking attack, in which the adversary alters the message inter-transmission times to match the clock skew of the targeted ECU and evade detection with a high probability. We further propose formal models that predict the attack success probability for a given CAN bus and IDS with high accuracy.

Iii System Model

In this section, we provide brief background on the CAN protocol, review clock-related concepts as defined in NTP, and present our timing model for the CAN bus. A list of frequently used notations is provided in Table I.

Iii-a CAN Background

The CAN protocol [36, 37] is one of the most widely used in-vehicle network standards. It allows in-vehicle ECUs to broadcast messages, and almost all CAN messages are periodic. In particular, CAN messages do not have transmit timestamps and do not support encryption or authentication.

Iii-B Clock-Related Concepts in NTP

Let denote the time kept by clock , and be the true time. According to the NTP [38, 39], the clock offset of clock A is given by

(1)

which is the difference between the time reported by and the true time. The frequency of at time , denoted , is the first derivative of , while the clock skew is the first derivative of the clock offset . A positive clock skew means that runs faster than . The unit of clock skew is microseconds per second (s/s) or parts per million (ppm). For example, if is faster by s every ms w.r.t. , then its clock skew relative to is ppm.

In-vehicle ECUs typically have constant clock skews [12]. Suppose that has a constant clock skew . If is the time duration measured by , the amount of time that has passed according to is , and . Similarly, if there is a second non-true clock with a constant clock skew that reports a time duration of , we have . Then the clock skew of relative to , denoted as , is given by

(2)

and the relationship between and is given by

(3)

In the absence of a true clock, the relative clock offset and relative clock skew can be defined with respect to a reference clock. Two clocks are said to be synchronized at time if both the relative clock offset and relative clock skew are zero.

Iii-C Timing Model

We now discuss our timing model in Fig. 2, in which the receiving ECU R timestamps messages that arrive periodically. We consider R’s clock as the reference clock and refer to the relative offset and relative skew of the transmitter’s clock as offset and skew, respectively.

Consider an ECU that transmits a message every seconds as per its local clock. If the two clocks are synchronized, the -th message will be transmitted at in R’s clock. However, due to the transmitter’s clock skew, there exists an accumulated offset between the transmitter’s clock that reports time and R’s clock that reports time since the transmission of message , which means according to Eq. (1). Therefore, the actual transmission time is

in R’s clock. While the clock skew may be slowly varying due to factors like temperature, it is almost constant over short durations. Hence, we model the accumulated offset as a random variable

, where is the clock offset induced in one period given the constant clock skew, and is the offset deviation due to jitters in the transmitter. We assume that the ’s are independent and identically distributed zero-mean random variables. After a network delay of (due to message transmission, propagation, and reception), the message arrives at R’s incoming buffer and has a timestamp

(4)

where is the zero-mean noise introduced by R’s timestamp quantization process [Zander:2008:ICM:1496711.1496726].

Let and thus . Since the data lengths of periodic CAN messages are constant over time, it is reasonable to assume constant-mean network delays, i.e., . Hence, we model the ’s as i.i.d. Gaussian random variables with .

The inter-arrival time between the ()-th message and the -th message is . Hence, the inter-arrival times have a mean

, and a variance

.

Fig. 2: Timing model of message arrivals on CAN bus.

Iii-D Adversary Model

We consider adversaries who gain access to the CAN bus of an automobile by compromising one or more ECUs. We adopt the following two adversary models [17, 12]:

  • Weak adversary – A weak adversary who compromises an ECU is able to eavesdrop on all the CAN traffic and can block outgoing messages from the compromised ECU. The weak adversary, however, cannot send messages from the compromised ECU.

  • Strong adversary – A strong adversary who compromises an ECU has complete control over the compromised ECU, including eavesdropping on all messages, blocking outgoing messages, and transmitting messages with the timing and content of the adversary’s choosing.

We consider adversaries who attempt to mount masquerade attacks. Fig. 3 illustrates a masquerade attack that is mounted by a weak adversary and a strong adversary acting in coordination. The strong adversary has compromised ECU A, while the weak adversary has compromised ECU B. The goal of the attack is to inject false messages from ECU A, so as to degrade the safety, performance, and/or functionality of the vehicle. This attack enables an adversary who compromises a low-priority111On the CAN bus, messages with smaller ID levels (i.e., higher priorities) will be transmitted earlier in the event of collisions through a process called arbitration. A larger ID indicates a lower priority. See [37] for more details. ECU to effectively impersonate a higher-priority ECU, thus maximizing the impact of the attack.

We observe that, if ECU B were compromised by a strong adversary, the attack would be trivial. On the other hand, when ECU B is compromised by a weak adversary, the adversary cannot directly inject messages from ECU B itself. Instead, the weak adversary blocks the targeted messages from ECU B. The strong adversary then uses the compromised ECU A to inject false messages that are claimed to be from ECU B.

Fig. 3: Illustration of a masquerade attack. Without a masquerade attack, ECU A transmits message 0xA1 every 10 ms, and ECU B transmits message 0x10 every 20 ms. During the masquerade attack, ECU B is weakly compromised and its transmission of 0x10 is blocked. Meanwhile, ECU A is strongly compromised and is used to inject the false messages 0x10 every 20 ms in addition to its original message 0xA1.

This attack exploits two vulnerabilities of CAN that have been identified in the related literature [2, 12]. First, all ECUs have access to the same broadcast medium, allowing easily-compromised, low-priority ECUs (ECU A in Fig. 3) to listen to and impersonate higher-priority ECUs. Second, the lack of integrity checks means that spoofed messages from ECU A are not detected as long as the normal formatting and error-correction checks of CAN messages are passed.

Iv Clock Skew-Based IDS

Clock skew-based IDSs leverage the clock skew to uniquely fingerprint each ECU and detect masquerade attacks. Since CAN messages do not have transmit timestamps, approaches that require transmit timestamps for clock skew estimation such as [40, 41, 42] are not applicable. Similar to [43], clock skew-based IDSs on CAN buses instead exploit traffic periodicity [12]. Since almost all messages are transmitted periodically, the receiving IDS can monitor the inter-arrival times of a target message and estimate the clock skew of the transmitting ECU accordingly. We note that this approach is only viable for periodic message traffic. In the rest of this section, we will review the SOTA IDS and propose an NTP-based IDS.

Iv-a Review of SOTA IDS

The SOTA IDS in [12] consists of a clock skew estimator and a CUSUM (Cumulative Sum [44])-based detector. The estimator tracks the clock skew from message inter-arrival times and feeds identification errors to the CUSUM for detection. We now describe the two components in more detail.

Iv-A1 Clock Skew Estimator

Incoming periodic messages are processed in batches of size to mitigate undesired impacts of quantization and other sources of noise in receive timestamps. Let be the arrival time of the -th message in the -th batch. The average offset of the -th batch is given by

(5)

where is the mean inter-arrival time of the previous (-th) batch.

The absolute value of is added to the previous accumulated offset to compute the updated value,

(6)

which is modeled as , where , , and denote the clock skew estimate in batch , the elapsed time until the last message of the -th batch, and the (unnormalized) identification error in batch , respectively.

The estimated clock skew is the output of the Recursive Least Squares (RLS) algorithm. Ideally, the identification error would converge to zero if clock skew is correctly estimated. Hence, a change in the identification error indicates a change in the clock skew. Besides, the rate of convergence is governed by a parameter (e.g., ) that exponentially weighs past samples. More details are available in [12].

Iv-A2 CUSUM-Based Detector

The detector tracks the mean and the standard deviation of identification errors that are used as reference (denoted as ). In batch , is first normalized as

. To mitigate the undesired impact of outliers,

will be considered as a reference error sample for updating and only if is less than the preset update threshold (e.g., ), as noted in [12].

The detector then uses to update the upper control limit and the lower control limit in batch as follows

(7)
(8)

where is a sensitivity parameter that reflects the number of standard deviations to be detected. The detector declares an attack if either the control limit, or , exceeds the preset detection threshold , which implies a sudden positive or negative shift in value, respectively. As the general rule of thumb for CUSUM, is usually set to or [45], and the SOTA IDS chooses .

Iv-B Proposed NTP-based IDS

We now present an adapted IDS that computes clock offset and clock skew as per the NTP specifications, which is referred to as the NTP-based IDS. The motivation for our NTP-based IDS is two-fold. First, we note that the metric in Eq. (5) is not consistent with the NTP definition in Eq. (1), since it does not calculate the time difference between the transmitter’s clock and the reference clock. In addition, it is assumed that is a random variable and . It implies that for , which does not hold in general since offsets accumulate over time (if , ). Our second motivation is the widespread use and acceptance of NTP as a timing mechanism for real-time systems, which raises the question of whether NTP definitions of clocks can be used for intrusion detection as well. While both the SOTA IDS [12] and the proposed NTP-based IDS estimate the clock skew via the RLS and detect an attack via the CUSUM, they update average and accumulated offsets differently, as explained below.

Let be the message period and be the clock offset of the -th period observed by the receiver. According to the NTP clock definitions (Section III-B) and the timing model (Section III-C), is equal to

(9)

where . In batch , the average offset is

(10)

where is the receive timestamp of the last message in the previous (()-th) batch. The accumulated offset of the -th batch is updated as follows

(11)

Eq. (5) and (10) highlight the differences in how the average offset is updated by the SOTA and NTP-based IDSs, respectively. Similarly, Eq. (6) and (11) show how the SOTA and NTP-based IDSs update the accumulated offset, respectively. Compared to the SOTA IDS, the NTP-based IDS provides more consistent clock skew estimates for the same message across different batch sizes and data traces. See Appendix -A for a detailed discussion. As we will show in Section VII, the NTP-based IDS is more effective in detecting masquerade attacks than the SOTA IDS.

V Proposed Cloaking Attack

In this section, we propose a new masquerade attack called the cloaking attack, in which the adversary adjusts the inter-transmission times of the spoofed messages in order to manipulate the estimated clock skew and bypass an IDS.

Consider a message transmitted by the targeted ECU B every seconds in its own clock, which corresponds to every seconds in the receiver R’s clock, where is B’s clock skew. For the ease of discussion, we ignore offset deviations and the noise in arrival timestamps due to network delay and quantization. Then B’s clock skew as estimated by R is given by .

In a masquerade attack, the weak adversary prevents ECU B from transmitting the targeted message, and the strong adversary controlling ECU A transmits the spoofed message every seconds as per A’s local clock . Hence, ECU R receives messages every seconds, as measured by , where is A’s clock skew. The clock skew measured by ECU R will then be . Hence, if , then the IDS will detect a change in the estimated clock skew after the adversary launches the attack.

The insight underlying our attack is that, while clock skew is a physical invariant, clock skew estimation in an IDS is based entirely on message inter-arrival times, which can be easily manipulated by the transmitter (i.e., the strong adversary controlling ECU A) adjusting the message inter-transmission times. Effectively, the adversary cloaks the skew of its hardware clock, thus motivating the term cloaking attack. Under the cloaking attack, instead of transmitting every seconds, the compromised ECU A transmits every seconds, in order to match the clock skew observed at R.

We now discuss the choice of . Under the cloaking attack, the inter-arrival time observed by R is

and the transmitter’s clock skew estimated by R is

(12)

Hence, to bypass the IDS, the adversary needs to choose such that , or equivalently , which means

(13)

where is A’s clock skew relative to B’s clock, and the last two equalities are due to Eq. (2) and Eq. (3), respectively.

Therefore, the message inter-transmission time would be

which is the period of the message from B (weak adversary) measured by the local clock of A (strong adversary).

To summarize, the cloaking attack is performed as follows. After the adversary compromises two ECUs as strong and weak adversaries, the strong adversary estimates the period of the targeted message using its local clock. During the cloaking attack, the strong adversary transmits spoofed messages every seconds. While the preceding analysis ignores the noise in the system, our results in Section VII show that the cloaking attack is effective in a realistic environment.

In practice, however, the adversary may not be able to achieve the exact value of due to hardware limitations and possible measurement inaccuracy. Let the total amount of the actual inter-transmission delay added by the adversary be , where is the amount of deviation from . When is closer to zero, the attack will be successful with a higher probability. Hence, the attack success probability is a function of (an attack parameter), parameters of the detector (e.g., , , and ), and the hardware platform. In order to predict and characterize the impact of the cloaking attack on a CAN bus and IDS without having to solely rely on extensive experiments, we aim to formally model for both the SOTA and NTP-based IDSs, as presented below.

Vi Formal Analysis

Vi-a Formal Analysis of SOTA IDS

In this section, we develop a formal model for the probability of a successful cloaking attack as a function of parameters including the distribution of message inter-arrival times, the message period, the added inter-transmission delay, and the detection parameters of the IDS. We first present our modeling assumptions and observations. We then formulate our formal model and derive for the SOTA IDS.

Vi-A1 Assumptions for SOTA IDS

For the SOTA IDS, the detection parameters including batch size and CUSUM parameters (the detection threshold) and (the sensitivity parameter) are known to the IDS. Since the IDS records all message arrival timestamps, it knows the message period and can measure the mean and standard deviation of the message inter-arrival times.

Our analysis takes as input a “snapshot” of the IDS right before the attack that begins in the -th batch. This means that the following parameters maintained by the IDS are readily available: the mean and standard deviation of the reference identification errors in the CUSUM, the average inter-arrival time , the accumulated offset , the estimated skew , and the elapsed time .

Vi-A2 Observations

Our modeling and analysis of the SOTA IDS are based on the following observations. As shown in Fig. 3(a), the first batch after the attack begins is the only batch that has a large average offset, and all subsequent batches have small offsets. This is because the average offset of the current batch is computed from the mean inter-arrival time of the previous batch (Eq. (5)). The first attack batch has a very different mean inter-arrival time from the last normal batch due to , whereas adjacent batches before and after the attack have close mean inter-arrival time.

(a)
(b)
(c)
Fig. 4: Impact of the cloaking attack on the SOTA IDS. (a) Average offset as a function of batch ID. Only the first attack batch has a large average offset. (b) The attack success rates are roughly the same for , , and attack batches. (c) The normalized identification error suddenly increases when the attack begins, and it then starts decreasing at an almost constant rate. Note that the figures are generated using the data for the ms message 0x185 collected from the UW EcoCAR testbed. We set , , , and . The attack data is obtained by adding ms to the inter-arrival times of the cloaking data collected from the UW EcoCAR testbed, and the attack starts from batch .

As a result, for an attack that begins in the -th batch222We assume that the first attack message appears as the 1st message of the -th batch., the identification error will be larger due to the sudden change in the mean inter-arrival time and will decrease over time due to clock skew update. In fact, we observe that the attack is usually either detected during the first tens of batches following the attack, or is not detected at all (Fig. 3(b)).

If we take a closer look at the first tens of batches after the attack begins, we observe a linear decrease in the normalized identification error (Fig. 3(c)). These observations motivate the following model of the normalized identification error at batch

(14)

where is a constant slope representing the rate of decrease of the normalized identification error.

Vi-A3 Attack Success Probability

Based on the observations of Section VI-A2, we divide our formal analysis into three stages: 1) modeling the distribution of the normalized identification error in the first attack batch , 2) estimating the rate of decrease of the normalized identification error, and 3) computing the attack success probability from estimated distributions of . Each stage is described as follows.

Distribution of the normalized identification error in the first attack batch. We now examine the identification error at the first attack batch , which is

The clock skew value is known, but the parameters and are to be modeled. From the definitions of accumulated offset and elapsed time, we have

(15)

where is the inter-arrival time between the last message of the previous (()-th) batch and the first message of the current (-th) batch. Next, we will compute the mean and standard deviation of .

Based on our timing model (Section III-C), the average offset under an attack with a delay of (i.e., the equivalent total amount of added delay is ) is

where is the mean inter-arrival time before an attack333Strictly speaking, the resulting offset due to the added delay of is . However, is usually much smaller than , and thus we can approximate as . . Although the statistics of after the attack may be different from those before the attack due to different characteristics of transmitting ECUs, such information is not available at batch . Therefore, we assume the same statistics of before and after the attack, namely, for , which yields

(16)

Since (Section III-C), the variance of is also equal to , where is the standard deviation of inter-arrival times. For sufficiently large, the term will dominate , and hence we have

(17)

Next, we can substitute the term in Eq. (VI-A3) with Eq. (17) and compute the mean and standard deviation of , as described in the following lemma.

Lemma 1.

Under the assumption (17), the identification error of the first attack batch is Gaussian with mean

(18)

and variance

A proof can be found in Appendix -B.

The distribution of the normalized identification error in the first attack batch is Gaussian and satisfies

After obtaining the distribution of the normalized identification error in the first attack batch, our next task is to model the rate of decrease of the normalized identification error in Eq. (14), which will give us an approximation of for .

Rate of decrease of the normalized identification error. According to Eq. (VI-A3), the identification error after an attack begins (i.e., ) is given by

where is the inter-arrival time between the last message in the -th batch and the first message of the ()-th batch during the attack.

Since skew updating is slow in the first tens of batches due to the slow convergence of the RLS algorithm, we may assume that is a constant. Then we have

According to Eq. (16), the average offset is Gaussian with mean and variance . Although the value of for is not available at batch , we have , which means can be approximated as zero.

Therefore, we can derive a linear approximation to by taking the expectation of . Since is the absolute value of a Gaussian random variable with mean zero and variance , we have

Since the normalized identification error is computed as , the rate of decrease of can be approximated as

Note that the fixed is used, since is usually larger than and thus will not be updated.

Now that we have distributions of normalized identification errors , we can compute the distribution of the maximum value of control limits and , and derive the attack success probability.

Computation of the attack success probability. In order to derive the attack success probability, let us take a closer look at how the control limits are updated. Without loss of generality, we consider positive and assume that the upper control limit is zero before the attack. From Eq. (7), we can see that if , the attack will be detected immediately in the first batch; if , it will not be detected at all. If lies in and is greater than for some , the attack will still be detected after several batches. Hence, we can first compute the maximum value of , which depends on and , and then relate the attack success probability to the distribution of , as shown in the following theorem.

Theorem 1.

The attack success probability satisfies

(19)

The proof can be found in Appendix -C.

By Theorem 1, we can see that the attack success probability can be computed by evaluating the cumulative density function of a Gaussian random variable.

Vi-B Formal Analysis of NTP-Based IDS

We then formally analyze the probability of a successful cloaking attack for the NTP-based IDS, given the system parameters immediately before the attack.

Vi-B1 Assumptions for NTP-Based IDS

For the NTP-based IDS, the batch size and CUSUM parameters including (the update threshold), (the detection threshold), (the sensitivity parameter) and (the parameter in the RLS), are known to the IDS. Since the IDS records the receive timestamps of the target message, it knows the period and can also measure the mean and standard deviation of inter-arrival times.

As mentioned in Section IV, the NTP-based IDS tracks the accumulated offset and elapsed time in each batch , and maintains the reference identification errors. Hence, it is reasonable to assume that the values of , , and are known to the NTP-based IDS prior to the attack.

(a)
(b)
(c)
Fig. 5: Experimental versus estimated (a) accumulated offset and elapsed time, (b) clock skew, and (c) normalized identification error. The estimated values match closely with the experimental values. Note that figures are generated using data for the ms message 0x185 collected from our testbed with , , , , and .

Vi-B2 Observations

Our modeling and analysis of the NTP-based IDS are based on the following observations. First, if the attack with an added delay of starts in the -th batch, the resulting , , and can be estimated from , , , and . Second, although the IDS keeps track of the slowly changing clock skew via the RLS based on newly obtained and , the output of the RLS converges to that of a non-RLS estimator that minimizes the weighted mean squared error. Third, with the estimated value of , the IDS can further estimate the CUSUM statistics following its updating rule, as well as the mean value and distribution of normalized errors.

Vi-B3 Attack Success Probability

Based on the observations in Section VI-B2, we divide our formal analysis into four stages: 1) estimating the accumulated offset and the elapsed time after the attack begins at batch , 2) approximating the clock skew estimated by the RLS, 3) modeling the distributions of normalized identification errors , and 4) computing the probability of control limits exceeding to obtain the attack success probability.

Accumulated offset and elapsed time. For the NTP-based IDS, the accumulated offset before the attack is

(20)

where is the arrival timestamp of the last message in the initialization batch, and is the average offset in each period . The elapsed time is

(21)

We assume that the attack starts from the first message of batch , and the inter-arrival time between the last normal message and the first attack message is roughly equal to . Then for , we have

(22)

Since , we also have

(23)

Note that in the above equations, the amount of network delay and noise as captured by is given at batch , and thus is the only random variable.

With more attack batches arriving, the estimated clock skew will gradually change over time. Hence, it is important to model the process of clock skew updating, which is our next step of modeling.

Approximation of the estimated clock skew. While the RLS is an online algorithm that recursively updates the clock skew estimate with non-linear equations, it has been shown in [46] that the clock skew estimated via the RLS would converge to the value that minimizes the following quadratic function,

(24)

where is the parameter in the RLS, and the optimal value is given by

(25)

Let the mean of in Eq. (22) and in Eq. (23) be and , respectively. Given and , we can estimate the output of RLS as based on Eq. (25).

As shown in Fig. 4(a) and Fig. 4(b), the estimated values of accumulated offset, elapsed time, and clock skew are closely matched with the experimental values.

Distribution of the normalized identification errors. With the estimated clock skew values , the identification error is given as

where . Since is Gaussian, the identification error is also Gaussian with mean and variance .

In order to estimate the distribution of , we need to model the updating process of CUSUM statistics, i.e., and . Hence, given , we can compute . If , we add to and re-compute and from . Then we increment by and repeat the above steps.

Since , it implies

As shown in Fig. 4(c), the estimated mean values of match closely with the experimental values. Based on the distributions of derived above, we can now compute the attack success probability.

CUSUM analysis.

Let the probability density function of

be , and the number of attack batches used for detection be . We assume that , which is consistent with the NTP-based IDS and our simulations. A detection takes place in the -th attack batch if or . Let , which is the attack batch ID when control limits first exceed the detection threshold. In other words, if , it means that the attack is not detected within batches. Hence, the attack success probability is equal to , and the following lemma shows how to compute

Lemma 2.

The probability of a successful cloaking attack for the CUSUM-based detector satisfies

From Lemma 2, we can take a discrete approximation of as

A proof can be found in Appendix -D.

Therefore, the value of , that is, the probability of a successful cloaking attack within attack batches predicted at the -th attack batch (), can be computed as a linear function of the values of . The attack success probability is equal to .

Vii Evaluation

In this section, we evaluate the proposed cloaking attack on two CAN bus testbeds and demonstrate that the cloaking attack is able to bypass both the SOTA and NTP-based IDSs. We then validate our formal analysis through extensive experiments.

Vii-a Testbeds

We build two CAN bus testbeds: a CAN bus prototype and a CAN testbed on a real vehicle (the UW EcoCAR, a 2016 Chevrolet Camaro [47]). Compared with the prototype that consists of three ECUs, the UW EcoCAR hosts 8 stock ECUs and two experimental ECUs. A total of 2500+ messages with 89 different IDs are being exchanged every second.

Vii-A1 CAN Bus Prototype

As shown in Fig. 5(a), each ECU on the CAN bus prototype consists of an Arduino UNO board and a Sparkfun CAN bus shield that uses a Microchip MCP2515 CAN controller with a MCP2551 CAN transceiver. The bus speed is set to Kbps as in typical CAN buses.

Vii-A2 UW EcoCAR testbed

The CAN bus prototype is connected to the CAN bus of the UW EcoCAR via the On-Board Diagnostics (OBD-II) port to build the UW EcoCar testbed (Fig. 5(b)). During our experiments, the UW EcoCAR was in the park mode in an isolated and controlled environment for safety purposes, but all ECUs were functional and actively exchange CAN messages. We noticed that ECUs in the park mode had very close clock skews as in the drive mode.

(a) CAN bus prototype
(b) UW EcoCAR testbed
Fig. 6: Setup of CAN bus testbeds. (a) The CAN bus prototype consists of three testbed ECUs, each of which consists of an Arduino board and a Sparkfun CAN bus shield. (b) The CAN bus prototype and Raspberry Pi-based ECUs are connected to the CAN bus of the UW EcoCAR via the OBD-II ports to build the UW EcoCAR testbed.

Due to the large CAN traffic and limited computing capability, Arduino-based ECUs are not able to log all CAN messages on the bus or transmit high frequency messages. Therefore, we build additional ECUs that consist of a Raspberry Pi 3 and a PiCAN 2 board and used SocketCAN [48] to enable the interaction between the added ECUs and the UW EcoCAR.

Vii-B Evaluation of Cloaking Attack

We first demonstrate and evaluate the cloaking attack on both the CAN bus prototype and the UW EcoCAR testbed.

Vii-B1 Setup

On the CAN bus prototype, ECU 1 acts as the IDS that logs all messages, ECU 2 is the targeted ECU that transmits message 0x11 every ms ( Hz), and ECU 3 is the strong adversary that impersonates ECU 2. On the UW EcoCAR testbed, a stock ECU that transmits message 0x184 every ms is treated as the targeted ECU and the same ECU 3 acts as the strong adversary that injects spoofed messages.

When launching the cloaking attack, the impersonating ECU 3 transmits every s (s) to spoof message 0x11 on the CAN bus prototype and every s (s444While Arduino’s time resolution is s , we set to s and changed it to s every five messages so that s on average.) to spoof message 0x184 on the UW EcoCAR testbed. During our experiments, we collected 8.5 hours of attack data from the CAN bus prototype and the UW EcoCAR testbed separately.

We set batch size for both the SOTA and the NTP-based IDSs. For the SOTA IDS, the update threshold is and the detection threshold is , which is consistent with [12]. For the NTP-based IDS, we use and . For the data collected from the CAN bus prototype, the sensitivity parameter is set to for both IDSs, while it is set to for the UW EcoCAR data to avoid false alarms.

To simulate the cloaking attack, the IDS is fed with batches of normal data, followed by batches of attack data in each experiment555We assume perfect timing for the cloaking attack, that is, the first attack message is received at the next expected time instant of the targeted message. The impact of mistiming on the cloaking attack is studied in Appendix -E.. An attack is successful if it is undetected by the IDS and fails otherwise. A total of independent experiments are performed to compute the attack success probability .

(a) CAN prototype, SOTA
(b) EcoCAR testbed, SOTA
(c) CAN prototype, NTP-based
(d) EcoCAR testbed, NTP-based
Fig. 7: Attack success probability on the SOTA IDS and the NTP-based IDS on the CAN bus prototype and the UW EcoCAR testbed with message period ms. For the values achieved in our hardware experiments (red dashed line), the cloaking attack was successful in all test cases.

Vii-B2 Results

For the values achieved in our evaluation, is against both the SOTA and NTP-based IDSs (Fig. 7, dashed line). In order to gain additional insight into the performance of each IDS under cloaking attack, we generate additional datasets by adding different values of to the message inter-arrival times and then analyze both IDSs using the new datasets.

In order to quantify the effectiveness of an IDS against the masquerade (cloaking) attack, we define a metric called -Maximum Slackness Index (MSI), which measures the interval of that an adversary can introduce while remaining undetected with a probability of . We first let be the attack success probability when the added delay is . We define the upper and lower limits of for a successful attack as and