Projects:2020s1-1290 Car Hacking
Contents
Abstract
Numerous systems that utilise a shared bus architecture have not been designed with security in mind. Consequently, security is either an afterthought or the system has minimal security features implemented. Three examples of shared bus protocols that were created with minimal security considerations are CAN, FlexRay, and USB. The CAN bus and the FlexRay bus are both vehicle bus standards that enable electronic control units to communicate with each other. Meanwhile, the USB is a standard that allows connection, communication, and power supply between computers, peripherals, and other computers. The security of systems that implement these protocols can be critical for the protection of sensitive data, property, and the safety of individuals.
Introduction
The aim of this project is to investigate shared bus protocols and their vulnerabilities to nondestructive attacks. In order to achieve this, the project will focus on aspects of three different protocols. Adam Watts will focus on how the security of CAN-based communication in vehicles could be improved, Alexis Jennings will create a FlexRay and CAN gateway, and Robbie will investigate an aspect of USB security. It has been shown in several previous studies that CAN-based communication is vulnerable to numerous attacks, thus improving the security of CAN-based communication is vital to improving the security of the vehicle. Similarly, a FlexRay and CAN gateway will be developed to allow an investigation into the vulnerabilities of connecting several bus systems that follow different protocols together. In addition, this project will explore the USB protocol and attempt to demonstrate input injection on behalf of another connected USB device. Although none of these protocols prioritise security, severe consequences could occur if attacked by an adversary.
Background
What is CAN?
CAN (Controller Area Network) is the most widely used communication protocol used in vehicles between ECUs (Electronic Control Units). An ECU can send messages to another ECU over the CAN bus. The data sent over the CAN bus is broadcast to all other ECUs in the network, and the ECU can determine whether it would like to process the message or ignore it. Benefits of the CAN protocol include it is robust, efficient, fully centralised and simple and low cost.
What is FlexRay?
To continue to improve safety, increase performance, reduce environmental impact and increase the comfort of the vehicle, the reliability and volume of data must increase between the vehicle’s ECUs. The FlexRay protocol can meet these requirements. FlexRay can also meet the error tolerance and time-determinism requirements for X-by-wire systems.
What is USB injection?
Motivations
Project Aims and Method
The project can be divided into three aims:
Aim 1
Aim 2
Aim 3
Outcomes
Interoperability and mapping of the CAN and FlexRay protocol
CANflex
USB exploit successful
Conclusion
With widespread reliance on CAN and USB, rolling out effective vulnerability countermeasures to all existing instances is infeasible. However, vulnerabilities and practices explored in our research are worth taking into consideration in the design of critical systems that may need to depend on these technologies.
References
Project Team:
Student Researchers:
Alexis Jennings
Robert Dumitru
Adam Watts
Supervisors:
Dr. Matthew Sorell
Yuval Yarom
Aaron Frishling (DSTG)
Bradley Cooney (DSTG)
Daniel Coscia (DSTG)