| Title | DoS Attacks on Controller Area Networks by Fault Injections from the Software Layer |
| Publication Type | Conference Paper |
| Year of Publication | 2017 |
| Authors | Murvay, Pal-Stefan, Groza, Bogdan |
| Conference Name | Proceedings of the 12th International Conference on Availability, Reliability and Security |
| Publisher | ACM |
| Conference Location | New York, NY, USA |
| ISBN Number | 978-1-4503-5257-4 |
| Keywords | bit banging, controller area network, controller area network security, DoS, fault injection, pubcrawl, resilience, Resiliency |
| Abstract | The Controller Area Network (CAN) is still the most widely employed bus in the automotive sector. Its lack of security mechanisms led to a high number of attacks and consequently several security countermeasures were proposed, i.e., authentication protocols or intrusion detection mechanisms. We discuss vulnerabilities of the CAN data link layer that can be triggered from the application level with the use of an off the shelf CAN transceiver. Namely, due to the wired-AND design of the CAN bus, dominant bits will always overwrite recessive ones, a functionality normally used to assure priority for frames with low value identifiers. We exploit this characteristic and show Denial of Service attacks both on senders and receivers based on bit injections by using bit banging to maliciously control the CAN transceiver. We demonstrate the effects and limitations of such attacks through experimental analysis and discuss possible countermeasures. In particular, these attacks may have high impact on centralized authentication mechanisms that were frequently proposed in the literature since these attacks can place monitoring nodes in a bus-off state for certain periods of time. |
| URL | http://doi.acm.org/10.1145/3098954.3103174 |
| DOI | 10.1145/3098954.3103174 |
| Citation Key | murvay_dos_2017 |
DoS Attacks on Controller Area Networks by Fault Injections from the Software Layer