{"title":"Enhancing security in CAN systems using a star coupling router","authors":"R. Kammerer, Bernhard Frömel, Armin Wasicek","doi":"10.1109/SIES.2012.6356590","DOIUrl":null,"url":null,"abstract":"Controller Area Network (CAN) is the most widely used protocol in the automotive domain. Bus-based CAN does not provide any security mechanisms to counter manipulations like eavesdropping, fabrication of messages, or denial-of-service attacks. The vulnerabilities in bus-based CAN are alarming, because safety-critical subsystems (e.g., the power train) often deploy a CAN bus, and hence a failure propagation from the security domain to the safety domain can take place. In this paper we propose a star coupling router and a trust model for this router to overcome some of the security deficiencies present in bus-based CAN systems. The CAN router establishes a partitioning of a CAN bus into separate CAN segments and allows to rigorously check the traffic within the CAN system, including the value and time domains. We evaluate the introduced trust model on a prototype implementation of the CAN router by performing attacks that would be successful on classic bus-based CAN, but are detected and contained on router-based CAN. The router can consequently increase the security in automotive applications and render some of the attacks described in the literature (e.g., fuzzying attack) on a car useless. Since the CAN router offers ports that are compatible to standard CAN, the router can be used to increase the security of legacy CAN based systems.","PeriodicalId":219258,"journal":{"name":"7th IEEE International Symposium on Industrial Embedded Systems (SIES'12)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2012-06-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"12","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"7th IEEE International Symposium on Industrial Embedded Systems (SIES'12)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SIES.2012.6356590","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 12
Abstract
Controller Area Network (CAN) is the most widely used protocol in the automotive domain. Bus-based CAN does not provide any security mechanisms to counter manipulations like eavesdropping, fabrication of messages, or denial-of-service attacks. The vulnerabilities in bus-based CAN are alarming, because safety-critical subsystems (e.g., the power train) often deploy a CAN bus, and hence a failure propagation from the security domain to the safety domain can take place. In this paper we propose a star coupling router and a trust model for this router to overcome some of the security deficiencies present in bus-based CAN systems. The CAN router establishes a partitioning of a CAN bus into separate CAN segments and allows to rigorously check the traffic within the CAN system, including the value and time domains. We evaluate the introduced trust model on a prototype implementation of the CAN router by performing attacks that would be successful on classic bus-based CAN, but are detected and contained on router-based CAN. The router can consequently increase the security in automotive applications and render some of the attacks described in the literature (e.g., fuzzying attack) on a car useless. Since the CAN router offers ports that are compatible to standard CAN, the router can be used to increase the security of legacy CAN based systems.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
