Abstract
This paper reports spoofing attacks that exploit a vulnerability of the controller area network (CAN) protocol, which is often used in in-vehicle networks. However, authorized electronic control units (ECU) should be able to detect anomalous CAN message traffic. We focused on ECU states used for error handing. Bus-off attacks against the ECU have been proposed to induce transmission errors, and then transit the state of the target ECU to the bus-off state, in which the ECU cannot access the CAN bus. The attack combining the bus-off attack with the spoofing attack could not be detected by the authorized ECUs, and would consequently be a potential threat for the vehicle. In this paper, we propose a spoofing attack method that uses a bus-off attack and is not detected by the authorized ECUs. Based on the proposal, we implemented an attacker prototype using a field-programmable gate array. In a laboratory setting, we verified the attack in a simulated environment consisting of the attack hardware and ECU, and evaluated the effect of spoofing and the behavior of an actual car. The results showed that the transmission of regular messages was completely prevented, and the percentage of spoofing messages could be made 100%; that is, no error was detected in the ECUs of the car. We have verified the feasibility of the proposed method and the potential threat for actual cars. In the future, we will conduct studies to prevent vehicles from such attacks.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Similar Papers
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.