TL;DR
Honey encryption could add a layer of security to a CAN bus, but it’s not a simple fix. It’s best used as part of a broader cybersecurity strategy alongside other methods like message authentication and intrusion detection. It won’t stop determined attackers on its own.
What is Honey Encryption?
Honey encryption involves deliberately introducing errors into some CAN messages, making them look legitimate but contain incorrect data. The idea is to attract attackers to these ‘honey’ messages, allowing you to detect and respond to malicious activity. It’s a form of deception.
Why Consider Honey Encryption for CAN Bus?
- Early Detection: Attackers focusing on honey messages are immediately flagged.
- Low Overhead: Relatively simple to implement compared to full encryption.
- Attacker Profiling: You can learn about attacker techniques by observing which honey messages they target and how.
How to Implement Honey Encryption on a CAN Bus
- Identify Critical vs. Non-Critical Messages: Determine which CAN messages are essential for vehicle operation (steering, braking) and which are less important (e.g., infotainment controls). Never apply honey encryption to critical messages!
- Select Honey Message Candidates: Choose non-critical messages that attackers might find interesting. For example, a message controlling the colour of ambient lighting.
- Introduce Controlled Errors: Modify the selected messages in a predictable way. This could involve:
- Bit Flipping: Randomly change bits within the data payload.
- Value Offset: Add or subtract a constant value from the message data.
- Data Swapping: Exchange the order of bytes in the message.
- Monitor for Anomalous Behaviour: Implement a system to detect when honey messages are being processed or acted upon. This is the core of the detection mechanism.
- Unexpected Acknowledgements: If a node acknowledges a honey message that shouldn’t be valid, it’s suspicious.
- Out-of-Range Values: If the modified data causes an actuator to behave unexpectedly (e.g., lights flicker), raise an alert.
- Log and Analyse: Record all instances of honey message activity, including timestamps, node IDs, and error types. This helps you understand attacker patterns.
Example (Conceptual) – Bit Flipping in Python
This is a simplified example to illustrate the concept; actual implementation will depend on your CAN bus hardware and software.
import random
def flip_bit(message, bit_index):
# Convert message to binary string (example)
binary_message = bin(int.from_bytes(message, 'big'))[2:].zfill(8 * len(message))
# Flip the specified bit
list_message = list(binary_message)
if list_message[bit_index] == '0':
list_message[bit_index] = '1'
else:
list_message[bit_index] = '0'
modified_binary = "".join(list_message)
# Convert back to bytes
return int(modified_binary, 2).to_bytes(len(message), 'big')
# Example usage:
original_message = b'x01x02x03'
bit_to_flip = 5 # Flip the 6th bit
modified_message = flip_bit(original_message, bit_to_flip)
print(f"Original message: {original_message.hex()}")
print(f"Modified message: {modified_message.hex()}")Limitations and Considerations
- Not a Replacement for Encryption: Honey encryption doesn’t prevent attackers from reading or modifying legitimate messages.
- False Positives: Software bugs or network glitches could trigger false alarms. Careful tuning is essential.
- Attacker Awareness: Sophisticated attackers may be able to identify honey messages and ignore them.
- Resource Constraints: Monitoring CAN bus traffic requires processing power, which can be limited in embedded systems.
Combining Honey Encryption with Other Security Measures
- CAN Message Authentication (CMA): Use digital signatures to verify the integrity of messages.
- Intrusion Detection Systems (IDS): Monitor CAN bus traffic for suspicious patterns and anomalies.
- Firewalls: Control which nodes can communicate with each other on the CAN bus.
- Secure Boot: Ensure that only trusted software is loaded onto vehicle ECUs.