CANOA: CAN Origin Authentication Through Power Side-Channel Monitoring

TL;DR

This paper introduces CANOA, a novel method for authenticating CAN bus message senders by analyzing ECU power consumption patterns, enhancing security against impersonation attacks in vehicles.

Contribution

It presents a new power-based sender authentication technique for CAN networks, validated in lab and real vehicle environments, with robust performance under various conditions.

Findings

Effective in distinguishing legitimate from impersonated messages

Works reliably across different operating conditions

Requires reasonable computational resources

Abstract

The lack of any sender authentication mechanism in place makes CAN (Controller Area Network) vulnerable to security threats. For instance, an attacker can impersonate an ECU (Electronic Control Unit) on the bus and send spoofed messages unobtrusively with the identifier of the impersonated ECU. To address this problem, we propose a novel sender authentication technique that uses power consumption measurements of the ECU to authenticate the sender of a message. When an ECU is transmitting, its power requirement is affected, and a characteristic pattern appears in its power consumption. Our technique exploits the power consumption of each ECU during the transmission of a message to determine whether the message actually originated from the purported sender. We evaluate our approach in both a lab setup and a real vehicle. We also evaluate our approach against factors that can impact the power consumption measurement of the ECU. The results of the evaluation show that the proposed technique is applicable in a broad range of operating conditions with reasonable computational power requirements and attaining good accuracy.