Two-Point Voltage Fingerprinting: Increasing Detectability of ECU Masquerading Attacks

Automotive systems continuously increase their dependency on Electronic Control Units (ECUs) and become more interconnected to improve safety, comfort and Advanced Driving Assistance Systems (ADAS) functions to passengers and drivers. As a consequence of that trend, there is an expanding attack surface which may potentially expose vehicle's critical functions to cyberattacks. It is possible for an adversary to reach the underlying Control Area Network (CAN) through a compromised node or external-facing network interface, and launch masquerading attacks that can compromise road and passenger safety. Due to lack of native authentication in the CAN protocol, an approach to detect masquerading attacks is to use ECU voltage fingerprinting schemes to verify that the messages are sent by authentic ECUs. Though effective against simple masquerading attacks, prior work is unable to detect attackers such as hardware Trojans, which can mimic ECU voltages in addition to spoofing messages. We introduce a novel Two-point ECU Fingerprinting scheme and demonstrate efficacy in a controlled lab setting and on a moving vehicle. Our results show that our proposed two-point fingerprinting scheme is capable of an overall F1-score over 99.4%. The proposed approach raises the bar for attackers trying to compromise automotive security both remotely and physically, therefore improving security and safety of autonomous vehicles.