CAN Intrusion Detection and Response System on FPGA Platform

Abstract

The in-vehicle network (IVN) in an automobile consists of the interconnection of various units such as actuators, detectors, and sensors along with electronic control units to support various degrees of driver assistance or self-driving capabilities [1]. Although modern IVNs are critical for better performance of automobiles, they face challenges like the requirement of higher bandwidth support for modern in vehicle networking technology and latency to implement strict delay requirements for main and safety-related modules for the sake of the reliable functioning guarantee. Moreover, the cost of the multiple standards of wiring in vehicles and the various wired/ wireless cabling is substantial. Although the prevailing vehicular ad hoc network (VANET) technologies, such as dedicated short-range communications (DSRC), long-term evolutionary vehicle (LTE-V), and worldwide interoperability for microwave access (WiMAX), present unprecedented challenges to the security and privacy of in-vehicle networking, the wireless network connection in vehicles lead to further intrusion along with the interference by various surrounding noises [2]. Ad dressing these issues involves addressing bandwidth and latency requirements [3], ensuring real-time performance [4] and compliance with standards and regulations [5]. One of the IVNs, controller area network (CAN), is preferred for many in-vehicle network applications due to its reliability, efficiency, scalability, cost-effectiveness, and ability to integrate with other networks. Developed by Bosch, CAN is essential for real-time, reliable data exchange between vehicle microcontrollers, enabling efficient data coordination, prioritized message delivery, robust error handling, reduced wiring costs, and support for future technologies [6, 7]. However, CAN has vulnerabilities such as broadcasting nature of messages, fragility to Denial-of-Service attacks, lack of authenticator fields, weak access control comprising of reflashing and memory protection with tester capabilities [8]. To mitigate these risks, some of the solutions include implementing message authentication [9], using encryption [9], deploying intrusion detection systems (IDS) [10, 11], performing ID filtering [12], having secure boot and firmware updates [13], and implementing vehicle-level risk management [14]. Among these techniques, IDS is particularly effective due to its real-time monitoring [15], anomaly detection [16], low false positive rate [10], lightweight and efficient operation [17] and integration with other security measures [18].Hence, in this paper, a field programmable gate array (FPGA) is used to prototype CAN to improve reconfigurability and provide real-time processing and scalability for a novel IDS. This paper further presents the development of a reconfigurable CAN communication protocol to secure CAN with a hardware prototype for rapid prototyping of attacks, intrusion detection systems, and response systems, focusing on attack detection and response, especially for bus-off attacks. Two main modules are introduced: the Multiple Generic Errors Module with the Error State Machine (MGEESM) and the Bus-Off Attack Detection (BOAD) module for a frame size of 111 bits (BOAD111). The MGEESM module detects bus-off attack for form, CRC, and bit errors in 3.610 ms, 3.550 ms, and 3.280 ms, respectively, when errors are introduced in consecutive frames for the transmit error counter (TEC) value of 127 for switching between the error-passive and bus-off states. The BOAD111 module detects bus-off attacks in 3.247 ms under the same conditions.