StateoftheArt Survey on In Vehicle Network Communication CANBus
State-of-the-Art Survey on In. Vehicle Network Communication “CAN-Bus” Security and Vulnerabilities AVATEFIPOUR, O. , & MALIK, H. (2018). STATE-OF-THE-ART SURVEY ON IN-VEHICLE NETWORK COMMUNICATION (CAN-BUS) SECURITY AND VULNERABILITIES. CORR, ABS/1802. 01725. Presentation by Jared Clark
Objective • Describe CAN communication protocol • Survey CAN security limitations • Survey research to improve CAN security
CAN Overview
CAN Overview • Controller Area Network (CAN) developed by Bosch • Used in almost all automobiles • Messages have no destination or origin addresses • Messages are broadcast through the entire network • Messages have priority values to resolve conflicts (arbitration) • CRC fields are used to validate message data
Versions of CAN [1] • CAN 2. 0 A uses 11 -bit identifiers, published in 1991 by Bosch • CAN 2. 0 B uses 29 -bit identifiers, published in 1991 by Bosch • CAN FD supports flexible messages and bit rates, published in 2012 by Bosch • Various ISO standards exist for CAN
CAN Limitations
Authentication • No message authentication • Means an ECU can impersonate a different ECU • Leaves the possibility for a replay attack
Encryption • Nothing is encrypted on CAN • Not used because of overhead cost • Result: Everyone can read everything
Bonus Slide: Grammar “This problem makes surface straightforward for adversaries to sniff the traffic by simply buying a low-price hardware which can be connected to the CAN-Bus and passively sniff data and obviously without some forms of encryptions, message authenticity and integrity would not guarantee and then be able to perform malicious activities. ” [2]
Denial-of-Service Attack • Possible due to the following factors: • Message arbitration • Messages are broadcast to all ECUs • No encryption
Related Research Work
Clock Based Intrusion Detection System • ECUs are fingerprinted by calculating clock skew from frequently sent messages • Replay attack would be detected because of different clock skews • Tested on 3 cars of different manufacturers with a false-positive rate of 0. 055% • Proposed by Cho and Shin [3]
Authentication Solution • Categorize ECUs as low or high trust based upon external interfaces • High trust ECUs share a secret key to authenticate messages • Low trust ECUs cannot send messages to high trust ECUs without the key • Cryptographic hash is precomputed to save resources • 2000 additional clock cycles needed (50 µs on a 40 MHz processor) • Proposed by Wang et al. [4]
Threat Surfaces • Various ways to gain unwanted access to a CAN-Bus from Koscher et al. [5] • Malware can be injected from a laptop connected to the OBD-II port • WMA audio CD that secretly sends CAN messages • RFID vulnerabilities exploited from Paar et al. [6] • Keyless remote entry compromised from a distance of 100 meters using Side-Channel Attack • Keeloq RFID cipher was being used
Threat Surfaces Continued • Research from Hoppe et al. [7] • Window attack using spoofing and Denial of Service • Warning lights/Alarm disabled using spoofing and Denial of Service • Disabled air bag system using compromised powertrain subnetwork ECU or OBD-II • Researchers believed that CAN needed an Intrusion Detection System (IDS)
Questions for the Group 1. What can be done to prevent malware injection via OBD-II laptop connection? 2. What do you believe is the most significant issue with the current CAN-Bus protocol? 3. What CAN-Bus solution/enhancement do you believe is most beneficial? 4. What do you believe can be done to push automakers towards upgrading their CAN-Bus implementations/protocols?
References 1. Wikipedia contributors. (2019, January 24). CAN bus. In Wikipedia, The Free Encyclopedia. Retrieved 04: 17, January 28, 2019, from https: //en. wikipedia. org/w/index. php? title=CAN_bus&oldid=879904083 2. Avatefipour, O. , & Malik, H. (2018). State-of-the-Art Survey on In-Vehicle Network Communication (CAN -Bus) Security and Vulnerabilities. Co. RR, abs/1802. 01725. 3. Cho, Kyong-Tak, and Kang G. Shin. "Fingerprinting electronic control units for vehicle intrusion detection. " 25 th USENIX Security Symposium (USENIX Security 16). USENIX Association, 2016. 4. Q. Wang and S. Sawhney, "Ve. Cure: A practical security framework to protect the CAN bus of vehicles, " 2014 International Conference on the Internet of Things (IOT), Cambridge, MA, 2014, pp. 13 -18. doi: 10. 1109/IOT. 2014. 7030108 5. Experimental security analysis of a modern automobile K Koscher, A Czeskis, F Roesner, S Patel, T Kohno - 2010 IEEE Symposium on Security and Privacy, 2010
References Continued 6. Eisenbarth, T. Kasper, A. Moradi, C. Paar, M. Salmasizadeh and M. Manzuri Shalmani. On the power of power analysis in the real world: A complete break of the Kee. Loq code hopping scheme. In D. Wagner, editor, Proceedings of Crypto 2008, volume 5157 of LNCS, pages 203– 20. Springer-Verlag, Aug. 2008. 7. Hoppe, T. , Kiltz, S. , & Dittmann, J. (2008). Security threats to automotive CAN networks– practical examples and selected short-term countermeasure
- Slides: 18