Backup Database Approach for Prevention of Denial of Service (DOS) and Bus-Off attack on CAN bus
2022-01-0127
03/29/2022
- Event
- Content
- Controller Area Network (CAN) is very popular data transportation mechanism in all modern vehicles. CAN bus by design is not security oriented. It is an open communication with transparent messaging. Messages transmitted on bus can be easily read and decoded by intruder. Most severe attack from hacker comes in the form of Denial Of Service (DOS) attack. This attack will put important ECU out of CAN bus communication. In this paper new method is presented which will be used to overcome DOS attack and ensure that data delivery of critical messages is successful. This paper presents new method which is based on having a secret or back up database for the important Can messages which are usually the favorite target of hackers due to more value of system malfunction. This paper explains the method, design, flowchart, benefits for this new approach CAN DOS/Bus-Off/attack Every CAN ECU maintains 2 count internally to count number of times error frame is received. When error is received when ECU is trying to transmit a message it’s counted under Transmit error count. Hacker ECU identifies message from a specific targeted ECU. Whenever target ECU sends the message on bus, hacker ECU sends error frame. After receiving multiple error messages (>255), victim ECU will move to Error Passive mode and then eventually to Bus OFF state. In Bus-Off state victim ECU is cut-off from the CAN communication Solution to overcome BUS-Off attack All ECU’s in system will have backup DB. This set of backup messages will be used when important message transmission failed. Decision to switch to backup message set will be done by every ECU based on importance of message and if error is received for the normal transmission attempt. Since Hacker ECU is not aware of this secret database, will not send error frame and hence important message delivery is achieved and victim ECU is not put into Bus-Off state Technology Benefits (1) More secured communication since difficult to reverse engineer secret message ID’s which will show up on CAN bus only in special situations (2) More secured communication with the vehicle and increased difficulty to reverse engineer changing messages on CAN bus (3) In case of attack from the hacker, Important messages delivery on CAN bus is ensured
- Citation
- Kulkarni, A., "Backup Database Approach for Prevention of Denial of Service (DOS) and Bus-Off attack on CAN bus," SAE Technical Paper 2022-01-0127, 2022, .