Abstract

Most of the advanced features in today’s automobiles are performed by Electronic Control Units (ECUs) and an intra-vehicle communication network that allows these ECUs to exchange data. The most dominant intra-vehicle communication protocol is the Controller Area Network (CAN) protocol. The broadcast nature of CAN and the ability to access it through multiple interfaces in a vehicle, introduce an array of attack vectors that make vehicles vulnerable to cyber threats. CAN messages are proprietary to manufacturers, and their IDs and contents are guarded closely for intellectual property and security reasons. In this paper, an Automated Current-Based Fuzzing System (ACFS) is introduced. ACFS is a lightweight reverse engineering system that identifies CAN messages related to a specific user-vehicle interaction. It monitors and synchronizes variations in the data of CAN messages with current readings drawn from the vehicle’s battery. Then, it passes the current signal through frequency analysis and filtering stage and associate changes in the output signal with the CAN bus traffic. As a result, a small group of candidate messages, related to a specific user-vehicle interaction, e.g., turning headlights on, are identified. The candidate messages are then played back on the vehicle CAN bus to identify the correct and desired message ID and data. This process allows the user to control specific actions in the vehicle without deep knowledge of its internal setup and functionality, simply by accessing the CAN bus. The ACFS system was tested on a 2017 production prototype BreadBoard Vehicle (BBV) and was able to automatically extract many of the messages that control headlights, turn signals, and information cluster.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.