skip to main content


Title: Fingerprinting ECUs to Implement Vehicular Security for Passenger Safety Using Machine Learning Techniques
The Controller Area Network (CAN) protocol used in vehicles today was designed to be fast, reliable, and robust. However, it is inherently insecure due to its lack of any kind of message authentication. Despite this, CAN is still used extensively in the automotive industry for various electronic control units (ECUs) and sensors which perform critical functions such as engine control. This paper presents a novel methodology for in-vehicle security through fingerprinting of ECUs. The proposed research uses the fingerprints injected in the signal due to material imperfections and semiconductor impurities. By extracting features from the physical CAN signal and using them as inputs for a machine learning algorithm, it is possible to determine the sender ECU of a packet. A high classification accuracy of up to 100.0% is possible when every node on the bus has a sufficiently different channel length.  more » « less
Award ID(s):
2035770
PAR ID:
10396097
Author(s) / Creator(s):
; ; ; ;
Date Published:
Journal Name:
IntelliSys 2022: Intelligent Systems and Applications
Page Range / eLocation ID:
16–32
Format(s):
Medium: X
Sponsoring Org:
National Science Foundation
More Like this
  1. The Controller Area Network (CAN) protocol used in vehicles today was designed to be fast, reliable, and robust. However, it is inherently insecure due to its lack of any kind of message authentication. Despite this, CAN is still used extensively in the automotive industry for various electronic control units (ECUs) and sensors which perform critical functions such as engine control. This paper presents a novel methodology for in-vehicle security through fingerprinting of ECUs. The proposed research uses the fingerprints injected in the signal due to material imperfections and semiconductor impurities. By extracting features from the physical CAN signal and using them as inputs for a machine learning algorithm, it is possible to determine the sender ECU of a packet. A high classification accuracy of up to 100.0% is possible when every node on the bus has a sufficiently different channel length. 
    more » « less
  2. The automotive Controller Area Network (CAN) allows Electronic Control Units (ECUs) to communicate with each other and control various vehicular functions such as engine and braking control. Consequently CAN and ECUs are high priority targets for hackers. As CAN implementation details are held as proprietary information by vehicle manufacturers, it can be challenging to decode and correlate CAN messages to specific vehicle operations. To understand the precise meanings of CAN messages, reverse engineering techniques that are time-consuming, manually intensive, and require a physical vehicle are typically used. This work aims to address the process of reverse engineering CAN messages for their functionality by creating a machine learning classifier that analyzes messages and determines their relationship to other messages and vehicular functions. Our work examines CAN traffic of different vehicles and standards to show that it can be applied to a wide arrangement of vehicles. The results show that the function of CAN messages can be determined without the need to manually reverse engineer a physical vehicle. 
    more » « less
  3. Controller Area Network (CAN) is the de-facto standard in-vehicle network system. Despite its wide adoption by automobile manufacturers, the lack of security design makes it vulnerable to attacks. For instance, broadcasting packets without authentication allows the impersonation of electronic control units (ECUs). Prior mitigations, such as message authentication or intrusion detection systems, fail to address the compatibility requirement with legacy ECUs, stealthy and sporadic malicious messaging, or guaranteed attack detection. We propose a novel authentication system called ShadowAuth that overcomes the aforementioned challenges by offering backward-compatible packet authentication to ECUs without requiring ECU firmware source code. Specifically, our authentication scheme provides transparent CAN packet authentication without modifying existing CAN packet definitions (e.g., J1939) via automatic ECU firmware instrumentation technique to locate CAN packet transmission code, and instrument authentication code based on the CAN packet behavioral transmission patterns. ShadowAuth enables vehicles to detect state-of-the-art CAN attacks, such as bus-off and packet injection, responsively within 60ms without false positives. ShadowAuth provides a sound and deployable solution for real-world ECUs. 
    more » « less
  4. The smart city landscape is rife with opportunities for mobility and economic optimization, but also presents many security concerns spanning the range of components and systems in the smart ecosystem. One key enabler for this ecosystem is smart transportation and transit, which is foundationally built upon connected vehicles. Ensuring vehicular security, while necessary to guarantee passenger and pedestrian safety, is itself challenging due to the broad attack surfaces of modern automotive systems. A single car contains dozens to hundreds of small embedded computing devices known as electronic control units (ECUs) executing 100s of millions of lines of code; the inherent complexity of this tightly-integrated cyber-physical system (CPS) is one of the key problems that frustrates effective security. We describe an approach to help reduce the complexity of security analyses by leveraging unsupervised machine learning to learn clusters of messages passed between ECUs that correlate with changes in the CPS state of a vehicle as it moves through the world. Our approach can help to improve the security of vehicles in a smart city, and can leverage smart city infrastructure to further enrich and refine the quality of the machine learning output. 
    more » « less
  5. Controller design and their software implementations are usually done in isolated design spaces using respective COTS design tools. However, this separation of concerns can lead to long debugging and integration phases. This is because assumptions made about the implementation platform during the design phase—e.g., related to timing—might not hold in practice, thereby leading to unacceptable control performance. In order to address this, several control/architecture co-design techniques have been proposed in the literature. However, their adoption in practice has been hampered by the lack of design flows using commercial tools. To the best of our knowledge, this is the first article that implements such a co-design method using commercially available design tools in an automotive setting, with the aim of minimally disrupting existing design flows practiced in the industry. The goal of such co-design is to jointly determine controller and platform parameters in order to avoid any design-implementation gap , thereby minimizing implementation time testing and debugging. Our setting involves distributed implementations of control algorithms on automotive electronic control units ( ECUs ) communicating via a FlexRay bus. The co-design and the associated toolchain Co-Flex jointly determines controller and FlexRay parameters (that impact signal delays) in order to optimize specified design metrics. Co-Flex seamlessly integrates the modeling and analysis of control systems in MATLAB/Simulink with platform modeling and configuration in SIMTOOLS/SIMTARGET that is used for configuring FlexRay bus parameters. It automates the generation of multiple Pareto-optimal design options with respect to the quality of control and the resource usage, that an engineer can choose from. In this article, we outline a step-by-step software development process based on Co-Flex tools for distributed control applications. While our exposition is automotive specific, this design flow can easily be extended to other domains. 
    more » « less