Previous research works have endorsed the use of delays and clock skews for detecting intrusions or fingerprinting controllers that communicate on the CAN bus. Recently, timing characteristics of CAN frames have been also used for establishing a covert channel for cryptographic authentication, in this way cleverly removing the need for cryptographic material inside the short payload of data frames. However, the main drawback of this approach is the limited security level that can be achieved over existing CAN bus traffic. In this work we significantly improve on this by relying on optimization algorithms for scheduling CAN frames and deploy the covert channel on optimized CAN traffic. Under practical bus allocations, we are able to extract 3–5 bits of authentication data from each frame which leads to an efficient intrusion detection and authentication mechanism. By accumulating covert channel data over several consecutive frames, we can achieve higher security levels that are in line with current real-world demands. To prove the correctness of our approach, we present experiments on automotive-grade controllers, i.e., Infineon Aurix, and bus measurements with the use of industry standard tools, i.e., CANoe.

中文翻译：

---

CANTO-通过优化的CAN流量实现定时通道的隐蔽认证

先前的研究工作已认可使用延迟和时钟偏斜来检测入侵或在CAN总线上通信的指纹控制器。最近，CAN帧的定时特性也已用于建立用于密码认证的隐蔽通道，以这种方式巧妙地消除了在数据帧的短有效载荷内对加密材料的需求。但是，这种方法的主要缺点是可以通过现有的CAN总线流量实现有限的安全级别。在这项工作中，我们依靠优化算法来调度CAN帧并在优化的CAN流量上部署隐蔽通道，从而显着改善了这一点。根据实际的公交车分配，我们能够从每个帧中提取3–5位身份验证数据，从而实现有效的入侵检测和身份验证机制。通过在几个连续帧上累积隐蔽通道数据，我们可以获得与当前实际需求相符的更高的安全级别。为了证明我们方法的正确性，我们在汽车级控制器（即Infineon Aurix）上进行了实验，并通过使用行业标准工具（如CANoe）进行了总线测量。