Vulnerability of Controller Area Network to Schedule-Based Attacks

Sena Hounsinou; Mark Stidd; Uchenna Ezeobi; Habeeb Olufowobi; Mitra Nasri; Gedare Bloom

doi:10.1109/RTSS52674.2021.00051

Vulnerability of Controller Area Network to Schedule-Based Attacks

Sena Hounsinou, Mark Stidd, Uchenna Ezeobi, Habeeb Olufowobi, Mitra Nasri, Gedare Bloom

Onderzoeksoutput: Hoofdstuk in Boek/Rapport/Congresprocedure › Conferentiebijdrage › Academic › peer review

9 Citaten (Scopus)

Samenvatting

The secure functioning of automotive systems is vital to the safety of their passengers and other roadway users. One of the critical functions for safety is the controller area network (CAN), which interconnects the safety-critical electronic control units (ECUs) in the majority of ground vehicles. Unfortunately CAN is known to be vulnerable to several attacks. One such attack is the bus-off attack, which can be used to cause a victim ECU to disconnect itself from the CAN bus and, subsequently, for an attacker to masquerade as that ECU. A limitation of the bus-off attack is that it requires the attacker to achieve tight synchronization between the transmission of the victim and the attacker’s injected message. In this paper, we introduce a schedule-based attack framework for the CAN bus-off attack that uses the real-time schedule of the CAN bus to predict more attack opportunities than previously known. We describe a ranking method for an attacker to select and optimize its attack injections with respect to criteria such as attack success rate, bus perturbation, or attack latency. The results show that vulnerabilities of the CAN bus can be enhanced by schedule-based attacks.

Originele taal-2	Engels
Titel	Proceedings - 2021 IEEE 42nd Real-Time Systems Symposium, RTSS 2021
Uitgeverij	Institute of Electrical and Electronics Engineers
Pagina's	495-507
Aantal pagina's	13
ISBN van elektronische versie	9781665428026
ISBN van geprinte versie	978-1-6654-2802-6
DOI's	https://doi.org/10.1109/RTSS52674.2021.00051
Status	Gepubliceerd - 7 dec. 2021
Evenement	42nd IEEE Real-Time Systems Symposium, RTSS 2021 - Dortmund, Duitsland Duur: 7 dec. 2021 → 10 dec. 2021 Congresnummer: 42 http://2021.rtss.org/

Congres

Congres	42nd IEEE Real-Time Systems Symposium, RTSS 2021
Verkorte titel	RTSS 2021
Land/Regio	Duitsland
Stad	Dortmund
Periode	7/12/21 → 10/12/21
Internet adres	http://2021.rtss.org/

Bibliografische nota

Funding Information:
This work is partially supported by NSF CNS-2046705, NSF CNS-2011620, NSF OAC-2001789, and Colorado State Bill 18-086.

Financiering

This work is partially supported by NSF CNS-2046705, NSF CNS-2011620, NSF OAC-2001789, and Colorado State Bill 18-086.

Toegang tot document

10.1109/RTSS52674.2021.00051

Andere bestanden en links

Link naar publicatie in Scopus

Invited talk at UvA: "The past, present, and future trends in real-time systems design"
Nasri, M. (Spreker)
6 sep. 2023
Activiteit: Types gesprekken of presentaties › Genodigd spreker › Wetenschappelijk
Keynote at CompSys 2023: "The right action at the right time: past, present, and future trends in real-time systems design"
Nasri, M. (Spreker)
28 jun. 2023
Activiteit: Types gesprekken of presentaties › Genodigd spreker › Wetenschappelijk

Citeer dit

@inproceedings{f35e3bc46c0d4084be24e6d2801988a6,

title = "Vulnerability of Controller Area Network to Schedule-Based Attacks",

abstract = "The secure functioning of automotive systems is vital to the safety of their passengers and other roadway users. One of the critical functions for safety is the controller area network (CAN), which interconnects the safety-critical electronic control units (ECUs) in the majority of ground vehicles. Unfortunately CAN is known to be vulnerable to several attacks. One such attack is the bus-off attack, which can be used to cause a victim ECU to disconnect itself from the CAN bus and, subsequently, for an attacker to masquerade as that ECU. A limitation of the bus-off attack is that it requires the attacker to achieve tight synchronization between the transmission of the victim and the attacker{\textquoteright}s injected message. In this paper, we introduce a schedule-based attack framework for the CAN bus-off attack that uses the real-time schedule of the CAN bus to predict more attack opportunities than previously known. We describe a ranking method for an attacker to select and optimize its attack injections with respect to criteria such as attack success rate, bus perturbation, or attack latency. The results show that vulnerabilities of the CAN bus can be enhanced by schedule-based attacks.",

keywords = "Bus-off Attack, Controller Area Network, Schedule-Based Attack",

author = "Sena Hounsinou and Mark Stidd and Uchenna Ezeobi and Habeeb Olufowobi and Mitra Nasri and Gedare Bloom",

note = "Funding Information: This work is partially supported by NSF CNS-2046705, NSF CNS-2011620, NSF OAC-2001789, and Colorado State Bill 18-086. ; 42nd IEEE Real-Time Systems Symposium, RTSS 2021, RTSS 2021 ; Conference date: 07-12-2021 Through 10-12-2021",

year = "2021",

month = dec,

day = "7",

doi = "10.1109/RTSS52674.2021.00051",

language = "English",

isbn = "978-1-6654-2802-6",

pages = "495--507",

booktitle = "Proceedings - 2021 IEEE 42nd Real-Time Systems Symposium, RTSS 2021",

publisher = "Institute of Electrical and Electronics Engineers",

address = "United States",

url = "http://2021.rtss.org/",

}

Hounsinou, S, Stidd, M, Ezeobi, U, Olufowobi, H, Nasri, M & Bloom, G 2021, Vulnerability of Controller Area Network to Schedule-Based Attacks. in Proceedings - 2021 IEEE 42nd Real-Time Systems Symposium, RTSS 2021., 9622408, Institute of Electrical and Electronics Engineers, blz. 495-507, 42nd IEEE Real-Time Systems Symposium, RTSS 2021, Dortmund, Noordrijn-Westfalen, Duitsland, 7/12/21. https://doi.org/10.1109/RTSS52674.2021.00051

Vulnerability of Controller Area Network to Schedule-Based Attacks. / Hounsinou, Sena; Stidd, Mark; Ezeobi, Uchenna et al.
Proceedings - 2021 IEEE 42nd Real-Time Systems Symposium, RTSS 2021. Institute of Electrical and Electronics Engineers, 2021. blz. 495-507 9622408.

Onderzoeksoutput: Hoofdstuk in Boek/Rapport/Congresprocedure › Conferentiebijdrage › Academic › peer review

TY - GEN

T1 - Vulnerability of Controller Area Network to Schedule-Based Attacks

AU - Hounsinou, Sena

AU - Stidd, Mark

AU - Ezeobi, Uchenna

AU - Olufowobi, Habeeb

AU - Nasri, Mitra

AU - Bloom, Gedare

N1 - Conference code: 42

PY - 2021/12/7

Y1 - 2021/12/7

N2 - The secure functioning of automotive systems is vital to the safety of their passengers and other roadway users. One of the critical functions for safety is the controller area network (CAN), which interconnects the safety-critical electronic control units (ECUs) in the majority of ground vehicles. Unfortunately CAN is known to be vulnerable to several attacks. One such attack is the bus-off attack, which can be used to cause a victim ECU to disconnect itself from the CAN bus and, subsequently, for an attacker to masquerade as that ECU. A limitation of the bus-off attack is that it requires the attacker to achieve tight synchronization between the transmission of the victim and the attacker’s injected message. In this paper, we introduce a schedule-based attack framework for the CAN bus-off attack that uses the real-time schedule of the CAN bus to predict more attack opportunities than previously known. We describe a ranking method for an attacker to select and optimize its attack injections with respect to criteria such as attack success rate, bus perturbation, or attack latency. The results show that vulnerabilities of the CAN bus can be enhanced by schedule-based attacks.

AB - The secure functioning of automotive systems is vital to the safety of their passengers and other roadway users. One of the critical functions for safety is the controller area network (CAN), which interconnects the safety-critical electronic control units (ECUs) in the majority of ground vehicles. Unfortunately CAN is known to be vulnerable to several attacks. One such attack is the bus-off attack, which can be used to cause a victim ECU to disconnect itself from the CAN bus and, subsequently, for an attacker to masquerade as that ECU. A limitation of the bus-off attack is that it requires the attacker to achieve tight synchronization between the transmission of the victim and the attacker’s injected message. In this paper, we introduce a schedule-based attack framework for the CAN bus-off attack that uses the real-time schedule of the CAN bus to predict more attack opportunities than previously known. We describe a ranking method for an attacker to select and optimize its attack injections with respect to criteria such as attack success rate, bus perturbation, or attack latency. The results show that vulnerabilities of the CAN bus can be enhanced by schedule-based attacks.

KW - Bus-off Attack

KW - Controller Area Network

KW - Schedule-Based Attack

UR - http://www.scopus.com/inward/record.url?scp=85124563233&partnerID=8YFLogxK

U2 - 10.1109/RTSS52674.2021.00051

DO - 10.1109/RTSS52674.2021.00051

M3 - Conference contribution

SN - 978-1-6654-2802-6

SP - 495

EP - 507

BT - Proceedings - 2021 IEEE 42nd Real-Time Systems Symposium, RTSS 2021

PB - Institute of Electrical and Electronics Engineers

T2 - 42nd IEEE Real-Time Systems Symposium, RTSS 2021

Y2 - 7 December 2021 through 10 December 2021

ER -

Vulnerability of Controller Area Network to Schedule-Based Attacks

Samenvatting

Congres

Bibliografische nota

Financiering

Toegang tot document

Andere bestanden en links

Vingerafdruk

Activiteiten

Invited talk at UvA: "The past, present, and future trends in real-time systems design"

Keynote at CompSys 2023: "The right action at the right time: past, present, and future trends in real-time systems design"

Citeer dit