Many research papers have recently focused on behavioral-based driver authentication systems in vehicles. Pushed by Artificial Intelligence (AI) advancements, these works propose powerful models to identify drivers through their unique biometric behavior. However, these models have never been scrutinized from a security point of view, rather focusing on the performance of the AI algorithms. Several limitations and oversights make implementing the state-of-the-art impractical, such as their secure connection to the vehicle's network and the management of security alerts. Furthermore, due to the extensive use of AI, these systems may be vulnerable to adversarial attacks. However, there is currently no discussion on the feasibility and impact of such attacks in this scenario. Driven by the significant gap between research and practical application, this paper seeks to connect these two domains. We propose the first security-aware system model for behavioral-based driver authentication. We develop two lightweight driver authentication systems based on Random Forest and Recurrent Neural Network architectures designed for our constrained environments. We formalize a realistic system and threat model reflecting a real-world vehicle's network for their implementation. When evaluated on real driving data, our models outclass the state-of-the-art with an accuracy of up to 0.999 in identification and authentication. Moreover, we are the first to propose attacks against these systems by developing two novel evasion attacks, SMARTCAN and GANCAN. We show how attackers can still exploit these systems with a perfect attack success rate (up to 1.000). Finally, we discuss requirements for deploying driver authentication systems securely. Through our contributions, we aid practitioners in safely adopting these systems, help reduce car thefts, and enhance driver security.

翻译：近年来，许多研究论文聚焦于车辆中基于行为的驾驶员身份验证系统。在人工智能（AI）进步的推动下，这些工作提出了强大的模型，通过驾驶员独特的生物特征行为来识别身份。然而，这些模型从未从安全角度进行严格审视，而是侧重于AI算法的性能。若干局限性和疏忽使得最先进技术的实施变得不切实际，例如它们与车辆网络的安全连接以及安全警报的管理。此外，由于AI的广泛使用，这些系统可能容易受到对抗性攻击。然而，目前尚未有关于此类攻击在此场景中的可行性和影响的讨论。受研究与实际应用之间显著差距的驱动，本文旨在连接这两个领域。我们提出了首个具备安全意识的基于行为的驾驶员身份验证系统模型。我们基于随机森林和循环神经网络架构开发了两种轻量级驾驶员身份验证系统，专为我们受限的环境设计。我们形式化了一个现实的系统和威胁模型，以反映真实世界车辆网络的实际实施条件。在真实驾驶数据上的评估显示，我们的模型在识别和验证方面的准确率高达0.999，超越了现有最先进技术。此外，我们首次提出针对这些系统的攻击，通过开发两种新颖的规避攻击——SMARTCAN和GANCAN。我们展示了攻击者如何仍能以完美的攻击成功率（高达1.000）利用这些系统。最后，我们讨论了安全部署驾驶员身份验证系统的要求。通过我们的贡献，我们帮助从业者安全地采用这些系统，有助于减少汽车盗窃，并增强驾驶员的安全性。