Breaking Behavioral-Based Driver Authentication Systems
Paper in progress »
Anonymous Authors
Researchers extensively explored behavior-based driver authentication systems in vehicles. Pushed by advances in Artificial Intelligence (AI), these systems employ powerful models to identify drivers based on unique biometric behaviors. However, existing work prioritizes AI performance metrics, neglecting secure integration with real-world automotive environments and the threat of adversarial attacks that can fool the authentication system.
In this paper, we propose for the first time evasion attacks against behavior-based driver authentication systems, allowing an attacker to impersonate the legitimate driver. Our attacks exploit long-standing CAN bus weaknesses that allow the injection of forged frames without jeopardizing the attacker’s safety while stealing the vehicle. When legitimate data samples are available, we propose SMARTCAN, a safety-aware replay attack. If the attacker can only use the authenticator as an oracle, we propose GANCAN, which trains a Generative Adversarial Network’s generator using reinforcement learning on the authenticator’s responses. Our attacks achieve a success rate up to 100% against all the considered models and, in the worst case, require 22 minutes to steal a vehicle. Acknowledging our identified vulnerabilities, we discuss the requirements for a safe and effective deployment of these systems in real-world scenarios.
The following figures summarize the schema of the SMARTCAN and GANCAN attacks.
To execute the attack or to deploy the behavior-based authentication system, start by cloning the repository:
git clone https://github.com/Mhackiori/WAINE.git
cd WAINEThen, install the required Python packages by running:
pip install -r requirements.txtThe utils directory contains several Python files that are references in all the scripts for baseline evaluation and attacks. In particular, details on the models architectures can be found in the models.py script, and functions for training and evaluation can be found in the helpers.py script. Seed, training details and other parameters can be changed in the params.py file.
The accuracy and F1 scores for each of the models for the baseline evaluation can be computed with the baselineDL.ipynb and baselineML.ipynb notebooks. The notebook automatically handle both identification and authentication, and offer retraining capabilities as long as loading the models from the models directory. The obtained results are the following.
| Model | Accuracy Ident. | F1 Ident. | Accuracy Auth. | F1 Auth. |
|---|---|---|---|---|
| Girma | 0.987 | 0.988 | 0.999 | 0.999 |
| Ravi | 0.995 | 0.996 | 0.999 | 0.999 |
| Zhang | 0.848 | 0.847 | 0.989 | 0.989 |
| Ours (DL) | 0.998 | 0.999 | 0.999 | 0.999 |
| Ours (ML) | 0.998 | 0.998 | 0.999 | 0.999 |
Attacks are divided in different files depending on the level of knowledge that the attacker has of the authentication and identification system.
In this scenario, the attacker can access the authenticated data (i.e., legitimate driving behavior) without knowing the authenticator model implementation. The obtained ASR for this attack on all the tested models are the following.
| Model | ASR Ident. | ASR Auth. |
|---|---|---|
| Girma | 0.985 | 1.000 |
| Ravi | 0.992 | 1.000 |
| Zhang | 0.830 | 1.000 |
| Ours (DL) | 0.998 | 1.000 |
| Ours (ML) | 0.817 | 0.739 |
In this scenario, the attacker can access the authenticator model response without knowing the legitimate driving behavior. The obtained ASR for this attack on all the tested models are the following.
| Model | ASR Ident. | ASR Auth. |
|---|---|---|
| Girma | 0.996 | 1.000 |
| Ravi | 0.963 | 1.000 |
| Zhang | 0.848 | 1.000 |
| Ours (DL) | 0.998 | 0.903 |
| Ours (ML) | 0.590 | 0.818 |

