Difference between revisions of "Projects:2019s1-105 Hacking CAN Bus"
(→Utilising a testbed environment to develop and demonstrate man-in-the-middle deception attacks on the internal communication networks of modern vehicles) |
(Inserted titles and headings for the various sections. Inserted intro, people involved in the project and research questions.) |
||
Line 1: | Line 1: | ||
− | + | '''Utilising a testbed environment to develop and demonstrate man-in-the-middle deception attacks on the internal communication networks of modern vehicles''' | |
Modern cars have multiple dedicated computers that control all of the car’s operations, such as the engine, braking, steering and entertainment. These computers are called electronic control units (ECUs) and communicate primarily by a highly vulnerable serial network, the CAN bus protocol. | Modern cars have multiple dedicated computers that control all of the car’s operations, such as the engine, braking, steering and entertainment. These computers are called electronic control units (ECUs) and communicate primarily by a highly vulnerable serial network, the CAN bus protocol. | ||
Line 7: | Line 7: | ||
The research presented in this paper discusses this type of security threat and the mistrust it can cause. The intent of the research is to assert the usefulness of a testbed environment in exploiting the vulnerabilities of the CAN bus protocol by developing and weaponizing a deceptive man-in-the-middle type attack. | The research presented in this paper discusses this type of security threat and the mistrust it can cause. The intent of the research is to assert the usefulness of a testbed environment in exploiting the vulnerabilities of the CAN bus protocol by developing and weaponizing a deceptive man-in-the-middle type attack. | ||
+ | |||
+ | |||
+ | = Project Team = | ||
+ | Stefan Smiljanic | ||
+ | |||
+ | Charlie Tran | ||
+ | |||
+ | |||
+ | === Project Supervisors === | ||
+ | Dr. Matthew Sorell | ||
+ | |||
+ | Aaron Frishling (DSTG) | ||
+ | |||
+ | Bradley Cooney (DSTG) | ||
+ | |||
+ | Daniel Coscia (DSTG) | ||
+ | |||
+ | |||
+ | ==== Definitions and Abbreviations ==== | ||
+ | * CAN = Controller Area | ||
+ | * OBD = On Board Diagnostics | ||
+ | * ECU = Electronic Control Unit (also interchangeably referred to in this document as 'embedded system') | ||
+ | * ICR = Interdisciplinary Cyber Research workshop | ||
+ | * PCM = Powertrain Control module | ||
+ | * Dongle = Small hardware device or adapter | ||
+ | * MITM = Man-in-the-Middle | ||
+ | |||
+ | |||
+ | = Research Questions = | ||
+ | * How can a testbed environment be utilised for safe and effective research in automotive security? | ||
+ | * Using a testbed environment, how can the vulnerabilities of the CAN bus be exploited to perform a deceptive MITM type attack? | ||
+ | |||
+ | |||
+ | = Related Work and Motivation = | ||
+ | To be filled... | ||
+ | |||
+ | = Objectives = | ||
+ | To be filled... | ||
+ | |||
+ | = Method = | ||
+ | To be filled... | ||
+ | |||
+ | = Results = | ||
+ | To be filled... | ||
+ | |||
+ | = References = | ||
+ | To be filled... |
Revision as of 23:58, 6 April 2019
Utilising a testbed environment to develop and demonstrate man-in-the-middle deception attacks on the internal communication networks of modern vehicles
Modern cars have multiple dedicated computers that control all of the car’s operations, such as the engine, braking, steering and entertainment. These computers are called electronic control units (ECUs) and communicate primarily by a highly vulnerable serial network, the CAN bus protocol.
Cyber security concerns surrounding these vehicles are increasing, particularly with the introduction of Wi-Fi and other wireless vehicle services. Using these wireless services, adversaries can find their way on the CAN bus and gain control of the vehicle. In a different scenario, infiltrating a vehicle and connecting a device to subtly alter a vehicle’s display information, without any overt consequences, may result in an unaware user who, at best, might have a slight suspicion.
The research presented in this paper discusses this type of security threat and the mistrust it can cause. The intent of the research is to assert the usefulness of a testbed environment in exploiting the vulnerabilities of the CAN bus protocol by developing and weaponizing a deceptive man-in-the-middle type attack.
Contents
Project Team
Stefan Smiljanic
Charlie Tran
Project Supervisors
Dr. Matthew Sorell
Aaron Frishling (DSTG)
Bradley Cooney (DSTG)
Daniel Coscia (DSTG)
Definitions and Abbreviations
- CAN = Controller Area
- OBD = On Board Diagnostics
- ECU = Electronic Control Unit (also interchangeably referred to in this document as 'embedded system')
- ICR = Interdisciplinary Cyber Research workshop
- PCM = Powertrain Control module
- Dongle = Small hardware device or adapter
- MITM = Man-in-the-Middle
Research Questions
- How can a testbed environment be utilised for safe and effective research in automotive security?
- Using a testbed environment, how can the vulnerabilities of the CAN bus be exploited to perform a deceptive MITM type attack?
Related Work and Motivation
To be filled...
Objectives
To be filled...
Method
To be filled...
Results
To be filled...
References
To be filled...