Enhancing security in CAN systems using a star coupling router

Kammerer, Roland; Frömel, Bernhard; Wasicek, Armin

doi:10.1109/sies.2012.6356590

Cited by 9 publications

(5 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…If the gateway ECU is programmed to pass relevant IDs to the subnetwork, it can be fooled by sending malicious CAN frame with an ID of a node which belongs to subnetwork [4]. Kammerer et al [15] implemented star coupling router topology. The router not only separate single-bus based CAN system to multiple CAN segments but also bring new security features like unidirectional channels, traffic shaping, traffic partitioning, message integrity, and intrusion detection.…”

Section: Proposed Solutionsmentioning

confidence: 99%

“…The router not only separate single-bus based CAN system to multiple CAN segments but also bring new security features like unidirectional channels, traffic shaping, traffic partitioning, message integrity, and intrusion detection. In the paper [15], CAN segment security was taken out of the scope but replay or masquerade attacks in a CAN segment may pass the router's security checks and attack the other CAN segments. The safest solution will a node in a segment but it is not feasible for cost and timing perspective.…”

Section: Proposed Solutionsmentioning

confidence: 99%

See 1 more Smart Citation

A Survey on CAN Bus Protocol: Attacks, Challenges, and Potential Solutions

Bozdal

Samie

Jennions

2018

2018 International Conference on Computing, Electronics &Amp; Communications Engineering (iCCECE)

View full text Add to dashboard Cite

The vehicles are equipped with electronic control units that control their functions. These units communicate with each other via in-vehicle communication protocols like CAN bus. Although CAN is the most common in-vehicle communication protocol, the lack of encryption and authentication causes series security shortcomings. There are many attacks reported and the number is estimated to increase with the rising connectivity of the cars. In this paper, we present CAN protocol and analyze its security vulnerabilities. Then we survey the implemented attacks and proposed solutions in the literature.

show abstract

Section: Proposed Solutionsmentioning

confidence: 99%

Section: Proposed Solutionsmentioning

confidence: 99%

A Survey on CAN Bus Protocol: Attacks, Challenges, and Potential Solutions

Bozdal

Samie

Jennions

2018

2018 International Conference on Computing, Electronics &Amp; Communications Engineering (iCCECE)

View full text Add to dashboard Cite

show abstract

“…The method is simple to implement, but it is not effective if the gateway ECU is compromised or manipulated like the hacking exhibited in [12]. Kammerer et al [36] addressed this issue and proposed a star coupling router with security features. The paper ignored the security inside a subnetwork, but it is possible to implement a replay attack in a subnetwork and attack the other subnetworks bypassing the security check of the router.…”

Section: Network Segmentationmentioning

confidence: 99%

Evaluation of CAN Bus Security Challenges

Bozdal

Samie

Aslam

et al. 2020

Sensors

127

View full text Add to dashboard Cite

The automobile industry no longer relies on pure mechanical systems; instead, it benefits from many smart features based on advanced embedded electronics. Although the rise in electronics and connectivity has improved comfort, functionality, and safe driving, it has also created new attack surfaces to penetrate the in-vehicle communication network, which was initially designed as a close loop system. For such applications, the Controller Area Network (CAN) is the most-widely used communication protocol, which still suffers from various security issues because of the lack of encryption and authentication. As a result, any malicious/hijacked node can cause catastrophic accidents and financial loss. This paper analyses the CAN bus comprehensively to provide an outlook on security concerns. It also presents the security vulnerabilities of the CAN and a state-of-the-art attack surface with cases of implemented attack scenarios and goes through different solutions that assist in attack prevention, mainly based on an intrusion detection system (IDS).

show abstract

“…For instance, in [29] the authors explore the feasibility of performing frame-less DoS attacks by sending well-directed error flags into the CAN network, forcing other nodes to reject a message. In [9] the authors briefly mention that similar situations could occur if a corrupted node started to upset CAN traffic bits. In [28] many bus networks (including CAN) are described as being vulnerable to "bit banging" attacks.…”

Section: Related Workmentioning

confidence: 99%

“…Network Topology Alteration. A more radical segmentation approach consists in changing the network topology from the current bus topology to a star topology, with a trusted network dispatcher in the middle, as proposed in a few prior studies [3,9]. Unfortunately, this solution would dramatically increase the wiring harness and limit the flexibility of the network, which was one of the core reasons which favored CAN bus adoption in the past.…”

Section: Detectability and Countermeasuresmentioning

confidence: 99%

A Stealth, Selective, Link-Layer Denial-of-Service Attack Against Automotive Networks

Palanca

Evenchick²,

Maggi³

et al. 2017

Lecture Notes in Computer Science

104

View full text Add to dashboard Cite

Modern vehicles incorporate tens of electronic control units (ECUs), driven by as much as 100,000,000 lines of code. They are tightly interconnected via internal networks, mostly based on the CAN bus standard. Past research showed that, by obtaining physical access to the network or by remotely compromising a vulnerable ECU, an attacker could control even safety-critical inputs such as throttle, steering or brakes. In order to secure current CAN networks from cyberattacks, detection and prevention approaches based on the analysis of transmitted frames have been proposed, and are generally considered the most time-and costeffective solution, to the point that companies have started promoting aftermarket products for existing vehicles. In this paper, we present a selective denial-of-service attack against the CAN standard which does not involve the transmission of any complete frames for its execution, and thus would be undetectable via frame-level analysis. As the attack is based on CAN protocol weaknesses, all CAN bus implementations by all manufacturers are vulnerable. In order to precisely investigate the time, money and expertise needed, we implement an experimental proof-of-concept against a modern, unmodified vehicle and prove that the barrier to entry is extremely low. Finally, we present a discussion of our threat analysis, and propose possible countermeasures for detecting and preventing such an attack.

show abstract

Enhancing security in CAN systems using a star coupling router

Cited by 9 publications

References 13 publications

A Survey on CAN Bus Protocol: Attacks, Challenges, and Potential Solutions

A Survey on CAN Bus Protocol: Attacks, Challenges, and Potential Solutions

Evaluation of CAN Bus Security Challenges

A Stealth, Selective, Link-Layer Denial-of-Service Attack Against Automotive Networks

Contact Info

Product

Resources

About