On the Robustness of Signal Characteristic-Based Sender Identification

Vehicles become more vulnerable to remote attackers in modern days due to their increasing connectivity and range of functionality. Such increased attack vectors enable adversaries to access a vehicle Electronic Control Unit (ECU). As of today in-vehicle access can cause drastic consequences, because the most commonly used in-vehicle bus technology, the Controller Area Network (CAN), lacks sender identification. With low limits on bandwidth and payload, as well as resource constrains on hardware, usage of cryptographic measures is limited. As an alternative, sender identification methods were presented, identifying the sending ECU on the basis of its analog message signal. While prior works showed promising results on the security and feasibility for those approaches, the potential changes in signals over a vehicle's lifetime have only been partly addressed. This paper closes this gap. We conduct a 4~months measurement campaign containing more than 80,000 frames from a real vehicle. The data reflects different driving situations, different seasons and weather conditions, a 19-week break, and a car repair altering the physical CAN properties. We demonstrate the impact of temperature dependencies, analyze the signal changes and define strategies for their handling. In the evaluation, the identification rate can be increased from 91.23% to 99.98% by a targeted updating of the system parameters. At the same time, the detection of intrusions can be improved from 76.83% to 99.74%, while no false positives occured during evaluation. Lastly, we show how to increase the overall performance of such systems by double monitoring the bus at different positions.