nach oben

Erschienen in:

2017 | OriginalPaper | Buchkapitel

A Stealth, Selective, Link-Layer Denial-of-Service Attack Against Automotive Networks

verfasst von : Andrea Palanca, Eric Evenchick, Federico Maggi, Stefano Zanero

Erschienen in: Detection of Intrusions and Malware, and Vulnerability Assessment

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Modern vehicles incorporate tens of electronic control units (ECUs), driven by as much as 100,000,000 lines of code. They are tightly interconnected via internal networks, mostly based on the CAN bus standard. Past research showed that, by obtaining physical access to the network or by remotely compromising a vulnerable ECU, an attacker could control even safety-critical inputs such as throttle, steering or brakes. In order to secure current CAN networks from cyberattacks, detection and prevention approaches based on the analysis of transmitted frames have been proposed, and are generally considered the most time- and cost-effective solution, to the point that companies have started promoting aftermarket products for existing vehicles.

In this paper, we present a selective denial-of-service attack against the CAN standard which does not involve the transmission of any complete frames for its execution, and thus would be undetectable via frame-level analysis. As the attack is based on CAN protocol weaknesses, all CAN bus implementations by all manufacturers are vulnerable. In order to precisely investigate the time, money and expertise needed, we implement an experimental proof-of-concept against a modern, unmodified vehicle and prove that the barrier to entry is extremely low. Finally, we present a discussion of our threat analysis, and propose possible countermeasures for detecting and preventing such an attack.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel LED-it-GO: Leaking (A Lot of) Data from Air-Gapped Computers via the (Small) Hard Drive LED

Nächstes Kapitel Quincy: Detecting Host-Based Code Injection Attacks in Memory Dumps

The reason is that spoofed frames will be sent at the same time as legitimate frames. Thus, in order to trick the receiving ECU into considering only the maliciously crafted messages, these must be sent at a much faster rate with respect to the rightful ones.

With the exception of the Arbitration Field and the ACK Field, in which a bus value different than the transmitted one is an expected condition in regular CAN protocol operations.

All bill information (except text) for s.1806 - SPY car act of 2015. https://www.congress.gov/bill/114th-congress/senate-bill/1806/all-info

Argussec: ARGUSidps. https://argus-sec.com/solutions/

Barranco, M., Rodriguez-Navas, G., Proenza, J., Almeida, L.: CANcentrate: an active star topology for CAN networks, pp. 219–228, September 2004. http://iestcfa.org/bestpaper/wfcs04/WFCS04_Barranco.pdf

Checkoway, S., et al.: Comprehensive experimental analyses of automotive attack surfaces. http://www.autosec.org/pubs/cars-usenixsec2011.pdf

Cho, K.T., Shin, K.G.: Error handling of in-vehicle networks makes them vulnerable. In: CCS 2016, USA, pp. 1044–1055 (2016). http://doi.acm.org/10.1145/2976749.2978302

Cho, K.T., Shin, K.G.: Fingerprinting electronic control units for vehicle intrusion detection, pp. 911–927. USENIX Association, Austin. https://www.usenix.org/conference/usenixsecurity16/technical-sessions/presentation/cho

Gessner, D., Barranco, M., Ballesteros, A., Proenza, J.: Designing sfiCAN: a star-based physical fault injector for CAN (2011). https://www.researchgate.net/profile/Julian_Proenza/publication/232259902_Designing_sfiCAN_A_star-based_physical_fault_injector_for_CAN/links/00b7d532161b659ee8000000.pdf

Hoppe, T., Kiltz, S., Dittmann, J.: Security threats to automotive CAN networks – practical examples and selected short-term countermeasures. In: Harrison, M.D., Sujan, M.-A. (eds.) SAFECOMP 2008. LNCS, vol. 5219, pp. 235–248. Springer, Heidelberg (2008). doi:10.1007/978-3-540-87698-4_21 CrossRef

Kammerer, R., Frömel, B., Wasicek, A.: Enhancing security in CAN systems using a star coupling router, pp. 237–246, June 2012. http://www.vmars.tuwien.ac.at/documents/extern/3116/canrouter_security.pdf

10.

Koscher, K., et al.: Experimental security analysis of a modern automobile, May 2010. http://www.autosec.org/pubs/cars-oakland2010.pdf

11.

Kvaser: Microcontrollers with CAN (2016). https://www.kvaser.com/about-can/can-education/can-controllers-transceivers/microcontrollers-with-can/

12.

Larson, U.E., Nilsson, D.K., Jonsson, E.: An approach to specification-based attack detection for in-vehicle networks, June 2008. http://ieeexplore.ieee.org/document/4621263/

13.

Miller, C., Valasek, C.: A survey of remote automotive attack surfaces, August 2014. http://illmatics.com/remote%20attack%20surfaces.pdf

14.

Miller, C., Valasek, C.: Remote exploitation of an unaltered passenger vehicle, August 2015. http://illmatics.com/Remote%20Car%20Hacking.pdf

15.

National Instruments: Controller area network (CAN) overview. http://www.ni.com/white-paper/2732/en/

16.

National Instruments: Introduction to the local interconnect network (LIN) bus. http://www.ni.com/white-paper/9733/en/

17.

NNG: Arilou cyber security. https://www.nng.com/arilou-cyber-security/

18.

ON Semiconductor: Basics of in-vehicle networking (IVN) protocols. http://www.onsemi.com/pub/Collateral/TND6015-D.PDF

19.

SAE International: Global OBD legislation update (worldwide requirements). http://www.sae.org/events/training/symposia/obd/presentations/2009/d1daveferris.pdf

20.

Song, H.M., Kim, H.R., Kim, H.K.: Intrusion detection system based on the analysis of time intervals of CAN messages for in-vehicle network, January 2016. http://ieeexplore.ieee.org/document/7427089/

21.

Taylor, A., Japkowicz, N., Leblanc, S.: Frequency-based anomaly detection for the automotive CAN bus, December 2015. http://ieeexplore.ieee.org/document/7420322/

22.

The Verge: Tesla driver killed in crash with autopilot active, NHTSA investigating, June 2016. http://www.theverge.com/2016/6/30/12072408/tesla-autopilot-car-crash-death-autonomous-model-s

23.

Towersec: ECUShield. http://tower-sec.com/ecushield/

24.

United States Environmental Protection Agency: Control of air pollution from new motor vehicles and new motor vehicle engines. http://www.epa.gov/fedrgstr/EPA-AIR/2005/December/Day-20/a23669.htm

25.

United States Government Accountability Office: VEHICLE CYBERSECURITY - DOT and industry have efforts under way, but DOT needs to define its role in responding to a realworld attack, March 2016. http://www.gao.gov/assets/680/676064.pdf

26.

Valasek, C., Miller, C.: Adventures in automotive networks and control units, August 2013. http://www.ioactive.com/pdfs/IOActive_Adventures_in_Automotive_Networks_and_Control_Units.pdf

27.

Valdes, A., Cheung, S.: Communication pattern anomaly detection in process control systems, May 2009. http://ieeexplore.ieee.org/document/5168010/

28.

Waibel, A.: The art of bit-banging: Gaining full control of (nearly) any bus protocol, June 2016. https://www.youtube.com/watch?v=sMmc0hSi5rs

29.

Wolf, M., Weimerskirch, A., Paar, C.: Security in automotive bus systems (2004). http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.92.728&rep=rep.1&type=pdf

Titel: A Stealth, Selective, Link-Layer Denial-of-Service Attack Against Automotive Networks
verfasst von: Andrea Palanca
Eric Evenchick
Federico Maggi
Stefano Zanero
Verlag: Springer International Publishing
Buch: Detection of Intrusions and Malware, and Vulnerability Assessment
Print ISBN: 978-3-319-60875-4

Electronic ISBN: 978-3-319-60876-1

Copyright-Jahr: 2017
DOI: https://doi.org/10.1007/978-3-319-60876-1_9

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"