CANNON: Reliable and Stealthy Remote Shutdown Attacks via Unaltered Automotive Microcontrollers

Kulandaivel, Sekar; Jain, Shalabh; Guajardo, Jorge; Sekar, Vyas

doi:10.1109/sp40001.2021.00122

Cited by 22 publications

(15 citation statements)

References 23 publications

(3 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Bloom [7] present Weeping-CAN, a refinement of the bus-off attack that is more stealthy and can evade detection. Kulandaivel et al [30] present CANnon, which leverages the peripheral clock gating feature to insert arbitrary bits at any time instance. A future research topic is the detection and mitigation of this type of stealthy attack, which may require secure network architectures [8], physical-layer IDS, and secure transceivers.…”

Section: Discussionmentioning

confidence: 99%

CAN Bus Intrusion Detection Based on Auxiliary Classifier GAN and Out-of-distribution Detection

Zhao

Chen

et al. 2022

ACM Trans. Embed. Comput. Syst.

View full text Add to dashboard Cite

The Controller Area Network (CAN) is a ubiquitous bus protocol present in the Electrical/Electronic (E/E) systems of almost all vehicles. It is vulnerable to a range of attacks once the attacker gains access to the bus through the vehicle’s attack surface. We address the problem of Intrusion Detection on the CAN bus, and present a series of methods based on two classifiers trained with Auxiliary Classifier Generative Adversarial Network (ACGAN) to detect and assign fine-grained labels to Known Attacks, and also detect the Unknown Attack class in a dataset containing a mixture of (Normal + Known Attacks + Unknown Attack) messages. The most effective method is a cascaded two-stage classification architecture, with the multi-class Auxiliary Classifier in the first stage for classification of Normal and Known Attacks, passing Out-of-Distribution (OOD) samples to the binary Real-Fake Classifier in the second stage for detection of the Unknown Attack class. Performance evaluation demonstrate that our method achieves both high classification accuracy and low runtime overhead, making it suitable for deployment in the resource-constrained in-vehicle environment.

show abstract

Section: Discussionmentioning

confidence: 99%

CAN Bus Intrusion Detection Based on Auxiliary Classifier GAN and Out-of-distribution Detection

Zhao

Chen

et al. 2022

ACM Trans. Embed. Comput. Syst.

View full text Add to dashboard Cite

show abstract

“…An address hijack attack claims an existing ECU's network address to prevent it from speaking [25]. Other attacks like the bus-off attack and CANStomper solution produce CAN errors to disable individual messages and eventually stop an ECU from transmitting [8], [15], [22]. This paper improves upon this work by cancelling out messages without producing an error frame, and having the transceiver enter an off state within one message, as described in Section 5.…”

Section: Historical Attacks On Can and J1939mentioning

confidence: 99%

“…The modality-based timing approach is an improvement on existing CAN timing based IDS approaches as it removes the assumption that messages are strictly periodic. An assumption that is known to be false for some subset of messages [22]. While postdetection-analysis can reveal aperiodic false positives [9], it does not provide a security guarantee to those messages.…”

Section: Comparison To Existing Workmentioning

confidence: 99%

Detecting CAN Attacks on J1939 and NMEA 2000 Networks

Rogers,

Weigand,

Happa

et al. 2022

IEEE Trans. Dependable and Secure Comput.

View full text Add to dashboard Cite

J1939 is a networking layer built on top of the widespread CAN bus used for communication between different subsystems within a vehicle. The J1939 and NMEA 2000 protocols standardize data enrichment for these subsystems, and are used for trucks, weapon systems, naval vessels, and other industrial systems. Practical security solutions for existing CAN based communication systems are notoriously difficult because of the lack of cryptographic capabilities of the devices involved. In this paper we propose a novel intrusion detection system (IDS) for J1939 and NMEA 2000 networks. Our IDS (CANDID) combines timing analysis with a packet manipulation detection system and data analysis. This data analysis enables us to capture the state of the vehicle, detect messages with irregular timing intervals, and take advantage of the dependencies between different Electronic Control Units (ECUs) to restrict even the most advanced attacker. Our IDS is deployed and tested on multiple vehicles, and has demonstrated greater accuracy and detection capabilities than previous work.

show abstract

“…Strong adversaries, besides all the described attacks, can also perform more sophisticated masquerade attacks: the attacker may have control of the specific ECU that sends the target packets, or they may implement a drop attack against the transmitting ECU and send malicious packets, in both cases preserving the perceived frequency of the attacked CAN ID. It is important to note that the second implementation of this attack is not trivial and requires a strong adversary with full IDs and packets knowledge (obtained either through CAN DBC files or extensive reverse engineering) and fine-grained packet injection capabilities regarding CAN frame frequency and format, (e.g., the attacks proposed by Tron et al [4] and Kulandaivel et al [32]). In fact, placing a legitimate node into bus-off state, or shutting down the legitimate node, implies that all the IDs sent by that particular node will be missing from the bus.…”

Section: Threat Modelmentioning

confidence: 99%

CANova: A hybrid intrusion detection framework based on automatic signal classification for CAN

Nichelini

Pozzoli

Longari

et al. 2023

Computers & Security

View full text Add to dashboard Cite

CANNON: Reliable and Stealthy Remote Shutdown Attacks via Unaltered Automotive Microcontrollers

Cited by 22 publications

References 23 publications

CAN Bus Intrusion Detection Based on Auxiliary Classifier GAN and Out-of-distribution Detection

CAN Bus Intrusion Detection Based on Auxiliary Classifier GAN and Out-of-distribution Detection

Detecting CAN Attacks on J1939 and NMEA 2000 Networks

CANova: A hybrid intrusion detection framework based on automatic signal classification for CAN

Contact Info

Product

Resources

About