论文信息 - Parrot , a software-only anti-spoofing defense system for the CAN bus

Parrot , a software-only anti-spoofing defense system for the CAN bus

This paper describes a novel anti-spoofing system for in-car CAN bus networks. If an attacker compromises one of the car’s electronic control units (ECUs), and from there tries to attack another, more critical, ECU, the Parrot system blocks this lateral movement. Unlike previous firewall-based solutions or cryptography-based solutions, the attack messages are identified and destroyed by the legitimate message ID’s owner. Our method does not merely drop messages that are non-conforming with policy: the Parrot defense typically disconnects the compromised ECU from the bus. And unlike previous solutions, that require a modified controller (since they violate the CAN bus protocol), our method is able to shut down the attacker while obeying the protocol rules. Hence, the Parrot defense can be added as a software-only patch to any standard ECU. We implemented the Parrot system and tested its behavior in detailed experiments. With CAN controllers that are able to transmit fast enough we were able to disable the attacking ECU in 100% of experiments. For slower controllers, we showed a successful alternative.

T. Dagan

[1] Jürgen Teich,et al. CAN+: A new backward-compatible Controller Area Network (CAN) protocol with up to 16× higher data rates. , 2009, 2009 Design, Automation & Test in Europe Conference & Exhibition.

[2] Ingrid Verbauwhede,et al. CANAuth - A Simple, Backward Compatible Broadcast Authentication Protocol for CAN bus , 2011 .

[3] Matti Valovirta,et al. Experimental Security Analysis of a Modern Automobile , 2011 .

[4] Hovav Shacham,et al. Comprehensive Experimental Analyses of Automotive Attack Surfaces , 2011, USENIX Security Symposium.

[5] Kazuomi Oishi,et al. A Method of Preventing Unauthorized Data Transmission in Controller Area Network , 2012, 2012 IEEE 75th Vehicular Technology Conference (VTC Spring).

[6] Robert Bosch,et al. Plug-and-Secure Communication for CAN , 2015 .

[7] Jonas Berg,et al. Secure Gateway – A concept for an in-vehicle IP network bridging the infotainment and the safety critical domains , 2015 .

[8] Karl Koscher,et al. Exploring Controller Area Networks , 2015, login Usenix Mag..

[9] Jonathan-Christofer Demay,et al. CANSPY: a Platform for Auditing CAN Devices , 2016 .

[10] Hiroaki Takada,et al. CaCAN: Centralized Authentication System in CAN (Controller Area Network) , 2016 .

[11] Avishai Wool,et al. Field classification, modeling and anomaly detection in unknown CAN bus networks , 2017, Veh. Commun..