CanSafe: An MTD based approach for providing resiliency against DoS attack within in-vehicle networks

Trending towards autonomous transportation systems, modern vehicles are equipped with hundreds of sensors and actuators that increase the intelligence of the vehicles with a higher level of autonomy, as well as facilitate increased communication with entities outside the in-vehicle network. However, increase in a contact point with the outside world has exposed the controller area network (CAN) of a vehicle to remote security vulnerabilities. In particular, an attacker can inject fake high priority messages within the CAN through the contact points, while preventing legitimate messages from controlling the CAN (Denial-of-Service (DoS) attack). In this paper, we propose a Moving Target Defense (MTD) based mechanism to provide resiliency against DoS attack, where we shuffle the message priorities at different communication cycles, opposed to the state-of-the-art message priority setup, to nullify the attacker's knowledge of message priorities for a given time. The performance and efficacy of the proposed shuffling algorithm has been analyzed under different configuration, and compared against the state-of-the-art solutions. It is observed that the proposed mechanism is successful in denying DoS attack when the attacker is able to bypass preemptive strategies and inject messages within the in-vehicle network.