Change Your Car's Filters: Efficient Concurrent and Multi-Stage Firewall for OBD-II Network Traffic

Abstract

Modern cars offer one common interface to the outside, the OBD. Among the multitude of protocols that could exchange messages with the car's internal devices over OBD the CAN-BUS protocol is the most well-known; several commercial devices (so-called dongles) would allow to send and receive messages without any user-controlled restrictions. In order to enable fine-grained filtering on the CAN - BUS we exploit a security weakness called man-in-the-middle: the car or dongle does not apply any origin authentication as neither digital signatures nor message authentication codes (MACs) are used. We are the first to present this approach and offer measurements for our concurrent and multi-stage design that enables a fine-grained and extensible filtering approach for all protocols within the OBD.