Projects:2020s1-1290 Car Hacking
Abstract
Numerous systems that utilise a shared bus architecture have not been designed with security in mind. Consequently, security is either an afterthought or the system has minimal security features implemented. Three examples of shared bus protocols that were created with minimal security considerations are CAN, FlexRay, and USB. The CAN bus and the FlexRay bus are both vehicle bus standards that enable electronic control units to communicate with each other. Meanwhile, the USB is a standard that allows connection, communication, and power supply between computers, peripherals, and other computers. The security of systems that implement these protocols can be critical for the protection of sensitive data, property, and the safety of individuals.
Introduction
The aim of this project is to investigate shared bus protocols and their vulnerabilities to nondestructive attacks. In order to achieve this, the project will focus on aspects of three different protocols. Adam Watts will focus on how the security of CAN-based communication in vehicles could be improved, Alexis Jennings will create a FlexRay and CAN gateway, and Robbie will investigate an aspect of USB security. It has been shown in several previous studies that CAN-based communication is vulnerable to numerous attacks, thus improving the security of CAN-based communication is vital to improving the security of the vehicle. Similarly, a FlexRay and CAN gateway will be developed to allow investigation into the vulnerabilities of connecting several bus systems that follow different protocols together. In addition, this project will explore the USB protocol and attempt to demonstrate input injection on behalf of another connected USB device. Although none of these protocols prioritise security, severe consequences could occur if attacked by an adversary.
Project Team:
Student Researchers:
Alexis Jennings
Robert Dumitru
Adam Watts
Supervisors:
Dr. Matthew Sorell
Yuval Yarom
Aaron Frishling (DSTG)
Bradley Cooney (DSTG)
Daniel Coscia (DSTG)