Mitigating voltage fingerprint spoofing attacks on the controller area network bus

The Controller Area Network (CAN) bus suffers security vulnerabilities that allow message spoofing and masquerading Electronic Control Units (ECUs). A popular provision for mitigating these vulnerabilities is through the use of machine learning (ML) to derive ECU fingerprints based on the physical properties of bus signals. Particularly, voltage-based intrusion detection systems associate the message transmitter with its voltage fingerprint to detect conflicting logical ECU identifiers in the presence of cyberattacks. However, the signal characteristics depend on the operating conditions and hence the fingerprints need to be adapted overtime by online training of the underlying ML model. An adversary may exploit such a shortcoming to superimpose training data based on its own transmissions and thus bypass the protection mechanism. Such an attack not only allows device impersonation but also leads to rejecting transmissions of a legitimate ECU. This paper proposes an effective approach to thwart these attack scenarios. Our approach introduces unpredictably-scheduled transmissions involving one or multiple ECUs to confuse the adversary and ensure the generation of a legitimate fingerprinting dataset for online training. We validate the robustness of our approach using data collected from a real vehicle and show that it outperforms a prominent competing scheme by over 30% in terms of identifying malicious ECUs when the attacker could overwrite 50% of the retraining transmissions.