Physical Layer Data Manipulation Attacks on the CAN Bus

Proceedings Fourth International Workshop on Automotive and Autonomous Vehicle Security Pub Date : 1900-01-01 DOI:10.14722/autosec.2022.23047

A. Mohammed, Yanmao Man, Ryan M. Gerdes, Ming Li, Z. Berkay Celik

{"title":"Physical Layer Data Manipulation Attacks on the CAN Bus","authors":"A. Mohammed, Yanmao Man, Ryan M. Gerdes, Ming Li, Z. Berkay Celik","doi":"10.14722/autosec.2022.23047","DOIUrl":null,"url":null,"abstract":"—The Controller Area Network (CAN) bus standard is the most common in-vehicle network that provides communication between Electronic Control Units (ECUs). CAN messages lack authentication and data integrity protection mechanisms and hence are vulnerable to attacks, such as impersonation and data injection, at the digital level. The physical layer of the bus allows for a one-way change of a given bit to accommodate prioritization; viz . a recessive bit ( 1 ) may be changed to a dominant one ( 0 ). In this paper, we propose a physical-layer data manipulation attack wherein multiple compromised ECUs collude to cause 0 → 1 (i.e., dominant to recessive) bit-flips, allowing for arbitrary bit-flips in transmitted messages. The attack is carried out by inducing transient voltages in the CAN bus that are heightened due to the parasitic reactance of the bus and non-ideal properties of the line drivers. Simulation results indicate that, with more than eight compromised ECUs, an attacker can induce a sufficient voltage drop to cause dominant bits to be flipped to recessive ones.","PeriodicalId":399600,"journal":{"name":"Proceedings Fourth International Workshop on Automotive and Autonomous Vehicle Security","volume":"367 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings Fourth International Workshop on Automotive and Autonomous Vehicle Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.14722/autosec.2022.23047","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 5

Abstract

—The Controller Area Network (CAN) bus standard is the most common in-vehicle network that provides communication between Electronic Control Units (ECUs). CAN messages lack authentication and data integrity protection mechanisms and hence are vulnerable to attacks, such as impersonation and data injection, at the digital level. The physical layer of the bus allows for a one-way change of a given bit to accommodate prioritization; viz . a recessive bit ( 1 ) may be changed to a dominant one ( 0 ). In this paper, we propose a physical-layer data manipulation attack wherein multiple compromised ECUs collude to cause 0 → 1 (i.e., dominant to recessive) bit-flips, allowing for arbitrary bit-flips in transmitted messages. The attack is carried out by inducing transient voltages in the CAN bus that are heightened due to the parasitic reactance of the bus and non-ideal properties of the line drivers. Simulation results indicate that, with more than eight compromised ECUs, an attacker can induce a sufficient voltage drop to cause dominant bits to be flipped to recessive ones.

查看原文本刊更多论文

CAN总线的物理层数据操作攻击

控制器局域网(CAN)总线标准是最常见的车载网络，提供电子控制单元(ecu)之间的通信。CAN消息缺乏身份验证和数据完整性保护机制，因此容易受到数字级别的攻击，例如模拟和数据注入。总线的物理层允许给定位的单向改变以适应优先级;即。隐性位(1)可以变为显性位(0)。在本文中，我们提出了一种物理层数据操作攻击，其中多个受损的ecu串通造成0→1(即显性到隐性)位翻转，允许在传输的消息中任意位翻转。攻击是通过在CAN总线中感应瞬态电压来实现的，该电压由于总线的寄生电抗和线路驱动器的非理想特性而升高。仿真结果表明，在超过8个ecu受损的情况下，攻击者可以诱导足够的电压降，导致显性位翻转为隐性位。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Proceedings Fourth International Workshop on Automotive and Autonomous Vehicle Security

自引率

0.00%

发文量