论文信息 - Security Modeling and Analysis on Intra Vehicular Network

Security Modeling and Analysis on Intra Vehicular Network

Controller Area Network (CAN), the de facto standard in-vehicle network protocol, prompts modern automobile an integrated system that achieves real-time interactions with roads, vehicles and people. Yet such connectivity makes it feasible to illegally access, or even attack the CAN, causing not only privacy disclosure, property damage, but also life threat. In this paper, we analyze intrinsic weakness in CAN protocol that is mostly exploited by attackers and comprehensively survey the existing attacks based on CAN interfaces. Furthermore, we propose an attack evaluation system based on attack tree model and Markov chain to assess the probability of compromising CAN and the steady state of CAN system at the presence of these attacks. Finally, we simulate new steady state when altering the difficulty of a certain attack and the results demonstrate that sometimes improving defense of an attack declines the security level of the entire system instead.

[1] Kang G. Shin,et al. Error Handling of In-vehicle Networks Makes Them Vulnerable , 2016, CCS.

[2] Dong Hoon Lee,et al. A Practical Wireless Attack on the Connected Car and Security Protocol for In-Vehicle CAN , 2015, IEEE Transactions on Intelligent Transportation Systems.

[3] Matti Valovirta,et al. Experimental Security Analysis of a Modern Automobile , 2011 .

[4] Tong Liu,et al. Strategy for Ensuring In-Vehicle Infotainment Security , 2014 .

[5] Alexandros Asvestopoulos. Intrusion protection of in-vehicle network: study and recommendations , 2015 .

[6] V. Ramaswami. A stable recursion for the steady state vector in markov chains of m/g/1 type , 1988 .

[7] Wenyuan Xu,et al. Security and Privacy Vulnerabilities of In-Car Wireless Networks: A Tire Pressure Monitoring System Case Study , 2010, USENIX Security Symposium.

[8] Andrea Bittau,et al. BlueSniff: Eve Meets Alice and Bluetooth , 2007, WOOT.

[9] Robert J. Ellison,et al. Attack Trees , 2009, Encyclopedia of Biometrics.

[10] Hovav Shacham,et al. Comprehensive Experimental Analyses of Automotive Attack Surfaces , 2011, USENIX Security Symposium.

[11] Matthias Korn,et al. Hacking as Transgressive Infrastructuring: Mobile Phone Networks and the German Chaos Computer Club , 2016, CSCW.

[12] Mohd Murtadha Mohamad,et al. A Survey of Security and Privacy in Connected Vehicles , 2015 .