隨著科技的快速發展,控制區域網路(Controller Area Network, CAN)中的安全漏洞日益浮現。作為車內網路系統中使用已久的主要通訊協定,CAN 過去未被設計以防範現代資安威脅。近年來,學術界與產業界已提出若干方法,試圖透過電子控制單元(Electronic Control Units, ECUs)在實體層的特徵進行指紋識別。其中,以「時鐘偏移(clock offset)」為基礎的技術,為目前應用最廣泛的車內入侵偵測方法之一。 本研究提出一種新的實體層特徵:「Response offset」,其為時鐘偏斜的源頭。此現象於攻擊者試圖發動碰撞行為(Collision Behavior)時會顯著出現。為有效應用此發現,我們設計並實作了一套軟體開發工具包(Software Development Kit, SDK),並開發相應模組以整合至 Saleae 數位邏輯分析工具中,實現即時數位訊號擷取與分析。 本系統具備即時性與高精度的優勢,若能實際部署於車載網路中,將有助於主動防範潛在的Collision Behavior,進而避免可能造成的嚴重損害,提升智慧車輛系統的整體資安防護能力。 ;With the advancement of technology, security vulnerabilities have increasingly emerged in the Controller Area Network (CAN). CAN has been used for decades as the main protocol in the automotive system. There are few methods to fingerprint electronic control units (ECUs) based on their physical-layer characteristics. Among the various established methods, clock skew is currently one of the most commonly adopted techniques to detect in-vehicle intrusion. In our research, we utilize a physical characteristic, clock offset, which is the source from which clock offset is derived. We discovered a novel phenomenon called "Response Offset (RO)", which occurs when an attacker attempts to launch a collision behavior. Therefore, we developed a software development kit (SDK) and an extension to integrate our discovered phenomenon with Saleae′s program, enabling real-time digital signal captures. So, by installing our system in vehicle, we may be able to prevent catastrophic damage caused by the malicious collision behavior.
