Loading…
Real Time Perfect Bit Modification Attack on In-Vehicle CAN
The vulnerabilities of controller area network (CAN) are often targeted by various types of vehicle hacking. To this end, conventional cyber attacks have used a frame injection and a dominant bit injection. However, these two techniques cannot modify data frames sent from an electronic control unit...
Saved in:
Published in: | IEEE transactions on vehicular technology 2023-12, Vol.72 (12), p.1-18 |
---|---|
Main Authors: | , , , |
Format: | Article |
Language: | English |
Subjects: | |
Citations: | Items that this one cites |
Online Access: | Get full text |
Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
Summary: | The vulnerabilities of controller area network (CAN) are often targeted by various types of vehicle hacking. To this end, conventional cyber attacks have used a frame injection and a dominant bit injection. However, these two techniques cannot modify data frames sent from an electronic control unit (ECU) in real time. Thus, the frame injection cannot perfectly control the target system. The dominant bit injection can only perform denial of service (DoS) attacks, which means that it cannot perfectly control the ECU. In this paper, we propose a new attack technique for modifying either dominant or recessive bits represented in a CAN bus as the attacker intends. This technique is called perfect bit modification (PBM). We introduce two attack models using the PBM technique, the bus possession attack (BPA) and the target ID attack (TIA). The BPA can perform an attack without breaking the communication pattern of the CAN bus, and the TIA can perfectly seize control of a specific ECU. In addition, we produce an attack tool with the PBM functionality using the SN65HVD230 (CAN transceiver) and the FDS8949 (MOSFET). Both SN65HVD230 and FDS8949 are components that are commonly used to build ECUs, which cost less than two dollars. This means that our attack models are likely to be utilized for supply chain attacks. To demonstrate the feasibility of BPA and TIA, we conduct attack experiments using two real vehicles. Finally, we analyze the characteristics of existing attack techniques including PBM and suggest countermeasures to construct a secure CAN environment. |
---|---|
ISSN: | 0018-9545 1939-9359 |
DOI: | 10.1109/TVT.2023.3295695 |