Skip to content

spritz-group/WAINE

Repository files navigation


Logo

When Authentication Is Not Enough

Breaking Behavioral-Based Driver Authentication Systems
Paper in progress »

Anonymous Authors

Table of Contents
  1. Abstract
  2. Usage
  3. Models
  4. Baseline
  5. Attacks

🧩 Abstract

Researchers extensively explored behavior-based driver authentication systems in vehicles. Pushed by advances in Artificial Intelligence (AI), these systems employ powerful models to identify drivers based on unique biometric behaviors. However, existing work prioritizes AI performance metrics, neglecting secure integration with real-world automotive environments and the threat of adversarial attacks that can fool the authentication system.

In this paper, we propose for the first time evasion attacks against behavior-based driver authentication systems, allowing an attacker to impersonate the legitimate driver. Our attacks exploit long-standing CAN bus weaknesses that allow the injection of forged frames without jeopardizing the attacker’s safety while stealing the vehicle. When legitimate data samples are available, we propose SMARTCAN, a safety-aware replay attack. If the attacker can only use the authenticator as an oracle, we propose GANCAN, which trains a Generative Adversarial Network’s generator using reinforcement learning on the authenticator’s responses. Our attacks achieve a success rate up to 100% against all the considered models and, in the worst case, require 22 minutes to steal a vehicle. Acknowledging our identified vulnerabilities, we discuss the requirements for a safe and effective deployment of these systems in real-world scenarios.

The following figures summarize the schema of the SMARTCAN and GANCAN attacks.

SMARTCAN attack

SMARTCAN-schema

GANCAN attack

GANCAN-schema

(back to top)

⚙️ Usage

To execute the attack or to deploy the behavior-based authentication system, start by cloning the repository:

git clone https://github.com/Mhackiori/WAINE.git
cd WAINE

Then, install the required Python packages by running:

pip install -r requirements.txt

(back to top)

🤖 Models

The utils directory contains several Python files that are references in all the scripts for baseline evaluation and attacks. In particular, details on the models architectures can be found in the models.py script, and functions for training and evaluation can be found in the helpers.py script. Seed, training details and other parameters can be changed in the params.py file.

(back to top)

📊 Baseline

The accuracy and F1 scores for each of the models for the baseline evaluation can be computed with the baselineDL.ipynb and baselineML.ipynb notebooks. The notebook automatically handle both identification and authentication, and offer retraining capabilities as long as loading the models from the models directory. The obtained results are the following.

Model Accuracy Ident. F1 Ident. Accuracy Auth. F1 Auth.
Girma 0.987 0.988 0.999 0.999
Ravi 0.995 0.996 0.999 0.999
Zhang 0.848 0.847 0.989 0.989
Ours (DL) 0.998 0.999 0.999 0.999
Ours (ML) 0.998 0.998 0.999 0.999

(back to top)

⚔️ Attacks

Attacks are divided in different files depending on the level of knowledge that the attacker has of the authentication and identification system.

(back to top)

📚 SMARTCAN

In this scenario, the attacker can access the authenticated data (i.e., legitimate driving behavior) without knowing the authenticator model implementation. The obtained ASR for this attack on all the tested models are the following.

Model ASR Ident. ASR Auth.
Girma 0.985 1.000
Ravi 0.992 1.000
Zhang 0.830 1.000
Ours (DL) 0.998 1.000
Ours (ML) 0.817 0.739

(back to top)

🔮 GANCAN

In this scenario, the attacker can access the authenticator model response without knowing the legitimate driving behavior. The obtained ASR for this attack on all the tested models are the following.

Model ASR Ident. ASR Auth.
Girma 0.996 1.000
Ravi 0.963 1.000
Zhang 0.848 1.000
Ours (DL) 0.998 0.903
Ours (ML) 0.590 0.818

(back to top)

About

Breaking Behavior-Based Driver Authentication Systems

Topics

Resources

Stars

0 stars

Watchers

1 watching

Forks

Contributors