PanoptiCANs-Adversary-Resilient Architectures for Controller Area Networks

Bogdan Groza, Lucian Popa, Tudor Andreica, Pal-Stefan Murvay, Asaf Shabtai, Yuval Elovici

European Symposium on Research in Computer Security, 658-679, 2022

Inspired by Jeremy Bentham’s panopticon, i.e., an institutional building design in which a single security guard is able to monitor all detainees while they are unable to tell if they are being watched, we design the PanoptiCANs—a series of adversary-resilient CAN bus architectures. While DoS attacks are impossible to prevent on a regular bus topology, the PanoptiCANs are able to actively respond to them, as well as to generic attacks, by air gapping the network. The proposed modifications allow a bus guardian to monitor and isolate intruders on the bus while all traffic is redirected so that legitimate nodes carry on their tasks without significant disturbances. A decentralized version delegates these abilities to regular nodes, reducing costs and wire lengths, while also being able to localize and isolate the intruders much faster. We prove the effectiveness of the proposed topologies on an experimental setup with …