CAN-LOC: Spoofing Detection and Physical Intrusion Localization on an In-Vehicle CAN Bus Based on Deep Features of Voltage Signals

The Controller Area Network (CAN), which is used for communication between in-vehicle devices, has been shown to be vulnerable to spoofing attacks. Voltage-based spoofing detection (VBS-D) mechanisms are considered state-of-the-art solutions, complementing cryptography-based authentication whose security is limited due to the CAN protocol's limited message size. Unfortunately, VBS-D mechanisms are vulnerable to poisoning performed by a malicious device connected to the CAN bus, specifically designed to poison the deployed VBS-D mechanism as it adapts to environmental changes that take place when the vehicle is moving. In this paper, we harden VBS-D mechanisms using a deep learning-based mechanism which runs immediately, when the vehicle starts; this mechanism utilizes physical side-channels to detect and locate physical intrusions, even when the malicious devices connected to the CAN bus are silent. We demonstrate the mechanism's effectiveness (100% intrusion detection accuracy and error rates of close to 0%) in various physical intrusion scenarios and varying temperatures on a CAN bus prototype. In addition, we present a deep learning-based VBS-D mechanism that securely adapts to environmental changes. This mechanism's robustness (99.8% device identification accuracy) is demonstrated on a real moving vehicle.