Loading…

Real Time Perfect Bit Modification Attack on In-Vehicle CAN

The vulnerabilities of controller area network (CAN) are often targeted by various types of vehicle hacking. To this end, conventional cyber attacks have used a frame injection and a dominant bit injection. However, these two techniques cannot modify data frames sent from an electronic control unit...

Full description

Saved in:
Bibliographic Details
Published in:IEEE transactions on vehicular technology 2023-12, Vol.72 (12), p.1-18
Main Authors: Lee, Yousik, Kim, Yong-Eun, Chung, Jin-Gyun, Woo, Samuel
Format: Article
Language:English
Subjects:
Citations: Items that this one cites
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:The vulnerabilities of controller area network (CAN) are often targeted by various types of vehicle hacking. To this end, conventional cyber attacks have used a frame injection and a dominant bit injection. However, these two techniques cannot modify data frames sent from an electronic control unit (ECU) in real time. Thus, the frame injection cannot perfectly control the target system. The dominant bit injection can only perform denial of service (DoS) attacks, which means that it cannot perfectly control the ECU. In this paper, we propose a new attack technique for modifying either dominant or recessive bits represented in a CAN bus as the attacker intends. This technique is called perfect bit modification (PBM). We introduce two attack models using the PBM technique, the bus possession attack (BPA) and the target ID attack (TIA). The BPA can perform an attack without breaking the communication pattern of the CAN bus, and the TIA can perfectly seize control of a specific ECU. In addition, we produce an attack tool with the PBM functionality using the SN65HVD230 (CAN transceiver) and the FDS8949 (MOSFET). Both SN65HVD230 and FDS8949 are components that are commonly used to build ECUs, which cost less than two dollars. This means that our attack models are likely to be utilized for supply chain attacks. To demonstrate the feasibility of BPA and TIA, we conduct attack experiments using two real vehicles. Finally, we analyze the characteristics of existing attack techniques including PBM and suggest countermeasures to construct a secure CAN environment.
ISSN:0018-9545
1939-9359
DOI:10.1109/TVT.2023.3295695