Sensors (Oct 2023)
CANAttack: Assessing Vulnerabilities within Controller Area Network
Abstract
Current vehicles include electronic features that provide ease and convenience to drivers. These electronic features or nodes rely on in-vehicle communication protocols to ensure functionality. One of the most-widely adopted in-vehicle protocols on the market today is the Controller Area Network, popularly referred to as the CAN bus. The CAN bus is utilized in various modern, sophisticated vehicles. However, as the sophistication levels of vehicles continue to increase, we now see a high rise in attacks against them. These attacks range from simple to more-complex variants, which could have detrimental effects when carried out successfully. Therefore, there is a need to carry out an assessment of the security vulnerabilities that could be exploited within the CAN bus. In this research, we conducted a security vulnerability analysis on the CAN bus protocol by proposing an attack scenario on a CAN bus simulation that exploits the arbitration feature extensively. This feature determines which message is sent via the bus in the event that two or more nodes attempt to send a message at the same time. It achieves this by prioritizing messages with lower identifiers. Our analysis revealed that an attacker can spoof a message ID to gain high priority, continuously injecting messages with the spoofed ID. As a result, this prevents the transmission of legitimate messages, impacting the vehicle’s operations. We identified significant risks in the CAN protocol, including spoofing, injection, and Denial of Service. Furthermore, we examined the latency of the CAN-enabled system under attack, finding that the compromised node (the attacker’s device) consistently achieved the lowest latency due to message arbitration. This demonstrates the potential for an attacker to take control of the bus, injecting messages without contention, thereby disrupting the normal operations of the vehicle, which could potentially compromise safety.
Keywords