CANTO – Covert AutheNtication with Timing channels over Optimized traffic flows for CAN
Previous research works have endorsed the use of delays and clock skews for detecting intrusions or fingerprinting ECUs on the CAN bus. Similar techniques have been also proposed for establishing a time-covert cryptographic authentication channel, in this way cleverly removing the need for cryptographic material inside the limited payload of CAN frames. The main shortcoming of such works is the limited security level that can be achieved under normal CAN-bus traffic. In this work we endeavour to test the limits of the achievable security level by relying on optimization algorithms for scheduling CAN frames. Under practical bus allocations that are based on real-world scenarios, we are able to extract around 4–5 bits of authentication data from each frame which leads to an efficient intrusion detection and authentication mechanism. By accumulating covert channel data over several consecutive frames, we can achieve higher security levels that are in line with current security demands. To prove the correctness of our approach, we present experiments on state-of-the-art automotive-grade controllers (Infineon Aurix) and bus measurements with the use of industry standard tools, i.e., CANoe.
READ FULL TEXT