Biblioteche e Archivi
POLITesi - Archivio digitale delle tesi di laurea e di dottorato

Modern vehicles incorporate tens of electronic control units (ECUs), driven by, according to estimates, as much as 100,000,000 lines of code. They are tightly interconnected via internal networks, mostly based on the CAN bus standard. Past research showed that, by obtaining physical access to the network or by remotely compromising a vulnerable ECU, an attacker could control even safety-critical inputs such as throttle, steering or brakes. In order to secure current CAN networks from cyberattacks, detection and prevention approaches based on the analysis of transmitted frames have been proposed, and are generally considered the most time- and cost-effective solution, to the point that companies have started promoting aftermarket products for existing vehicles. This thesis presents a selective denial-of-service attack against the CAN standard which doesn’t involve the transmission of any frames for its execution, and thus would be undetectable via frame-level analysis. As the attack is based on CAN protocol weaknesses, all CAN bus implementations by all manufacturers are vulnerable, even outside of the automotive world. Moreover, the attack can also be performed completely remotely under easily achievable assumptions. In order to precisely investigate the time, money and expertise needed, an experimental proof-of-concept against a modern, unmodified vehicle is implemented and it is proved that the barrier to entry is extremely low. Finally, this paper presents a discussion of the threat analysis, and proposes possible countermeasures for detecting and preventing such an attack. Unfortunately, since the attack is rooted on design weaknesses, the viable countermeasures are far from a «plug-and-secure» approach. Instead, they imply significant changes in how CAN networks are typically deployed. The hope is that future generation CAN networks will be designed taking into account the possibility of attacks such as the one that it is presented.

A stealth, selective, link-layer denial-of-service attack against automotive networks

PALANCA, ANDREA
2015/2016

Abstract

Modern vehicles incorporate tens of electronic control units (ECUs), driven by, according to estimates, as much as 100,000,000 lines of code. They are tightly interconnected via internal networks, mostly based on the CAN bus standard. Past research showed that, by obtaining physical access to the network or by remotely compromising a vulnerable ECU, an attacker could control even safety-critical inputs such as throttle, steering or brakes. In order to secure current CAN networks from cyberattacks, detection and prevention approaches based on the analysis of transmitted frames have been proposed, and are generally considered the most time- and cost-effective solution, to the point that companies have started promoting aftermarket products for existing vehicles. This thesis presents a selective denial-of-service attack against the CAN standard which doesn’t involve the transmission of any frames for its execution, and thus would be undetectable via frame-level analysis. As the attack is based on CAN protocol weaknesses, all CAN bus implementations by all manufacturers are vulnerable, even outside of the automotive world. Moreover, the attack can also be performed completely remotely under easily achievable assumptions. In order to precisely investigate the time, money and expertise needed, an experimental proof-of-concept against a modern, unmodified vehicle is implemented and it is proved that the barrier to entry is extremely low. Finally, this paper presents a discussion of the threat analysis, and proposes possible countermeasures for detecting and preventing such an attack. Unfortunately, since the attack is rooted on design weaknesses, the viable countermeasures are far from a «plug-and-secure» approach. Instead, they imply significant changes in how CAN networks are typically deployed. The hope is that future generation CAN networks will be designed taking into account the possibility of attacks such as the one that it is presented.
ZANERO, STEFANO
ING - Scuola di Ingegneria Industriale e dell'Informazione
28-set-2016
2015/2016
Tesi di laurea Magistrale
Tesi di laurea Magistrale
File allegati
File Dimensione Formato  
tesi_palanca.pdf

accessibile in internet per tutti

Descrizione: Testo della tesi
Dimensione 4.13 MB
Formato Adobe PDF
Visualizza/Apri
4.13 MB Adobe PDF Visualizza/Apri

I documenti in POLITesi sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/10589/126393