Sunday, March 31, 2019
Analysis of CAN Architecture
Analysis of canful ArchitectureIn 2016 thither were 261.8 one million million million cars registered as they are a pivotal part of the economy and peoples daily lives. Cars were once all mechanically made with carburetors exclusively after study of technologies cars are now running off of provide injection. The difference between the two is that a carburetor controls fuel flow with mechanical bits that appropriate a certain amount of fuel to mix with air to go to the cylinders and fuel injectors use a pressurized rail system controlled by a computer with carious camshaft and crankshaft sensors.In the 1980s cars started using computers called the Engine defend Unit( ECUs), which control basic main engine functions such as airflow, fuel and spark. There are ECUs in either car on the road today because with a computer and a set of sensors, the ECU can dynamically tune the car live, increase performance and lowering emissions. Cars do this with several(a) sensors including M ass Airflow Sensors, temperature sensors, O2 sensors pre and post catalytic converter. The problematic issue arises from the accompaniment that we went from computerizing basic components to computerizing e realthing. To understand the issue, look at the diagram below to go over some of the things that a typical ECU has control over.Further increasing risk, cars now come with embedded GPS and cellular chipsets connecting the car to the outside world. With everything inter connected, it would non be hard for a hacker to absorb get to to the unscathed system through one point in in the system.The right smart these components communicate is through the outhouse bus. The rout out bus is a actually bad system when it comes to protection because everything is course of studyed on the elicit, postulateed or not. This is so when a component needs information from anformer(a), it doesnt not need to request it, it is al guidances broadcasting so its efficient. Can you guess why thats a certification issue?I leave now analyze the potentiometer architecture explaining its design reproachs. The CAN protocol was developed because before it was released, every computer component had to be connected with wires to each other, but with CAN bus, everything connected to that central bus and it reduced the wiring complexity deliver weight and money. Another reason for its development was for emissions control, and because information is always broadcasted on the CAN bus, the car can dynamically adjust fuel/air ratios to get the cleanest burn with the least emissions. The CAN bus is really hot at what it is designed for, but it was never designed for security. The main security flaws that need to be addressed first are unencrypted traffic on the bus, lack of decoupling and segmentation and no authentication of devices. The major security flaw is the lack of encryption, but it was designed purposely like this. It was meant to be lightweight and encrypting data would go a pee-peest that, especially in the 80s when computing power was very slow. Today this is a critical flaw because the data can be sniffed. This would allow the hacker to sniff data packets, modify the CAN meaning and inject it back into the system. Another major flaw is the lack of decoupling and segmenting the CAN network. Since everything in the bus os connected to each other, it is likely to foregather access to the whole system through something like the docudrama system. This could be devastating because new cars have electronic driven steering and ECU controlled brakes. The digest main flaw is that the CAN interface has no authentication mode for attached devices, meaning that a hacker can spoof messages and other parts of the ECU will react. For instance, if a hacker can spoof and broadcast a brake signal on the CAN bus, the brakes will activate without the drivers knowledge.These are just some of the concerns I came across during my analysis, but has anyone e xploited the CAN bus yet? The answer is yes and its been done sevenfold sentences by various research groups.In 2010 researchers from the Center for automotive Embedded Systems Security published a paper entitled observational Security Analysis of a Modern Automobile. They exploited vulnerabilities and discovered that it was possible to deviate a vehicles functions by injecting spoofed commands onto the CAN bus. They showed that an attacker could disable the brakes, the engine, and change the speedometer values (Koscher et al., 2010).This research was dismissed by many because its very unlikely that someone would have a wired connection to the CAN bus. The team responded with a follow up analysis in 2011 with the diagram below. The electric bolts represent possible points of entry into the CAN bus system. accordingly put emphasis on Telematics as those are ways to gain access wirelessly, dismissing the media and automakers claims that a connection isnt possible to a car withou t a wire.more recently in 2015, Charlie Miller successfully exploited a Jeep Cherokee remotely and injected spoofed CAN commands, without making any physical stir with the car. This was groundbreaking as it showed cars could be hacked from anywhere with an internet connection. This was the first time an automaker had to take action, as the Fiat Chrysler Automotive group had to anamnesis more than 1.3 million vehicles. Essentially what Miller did was that he exploited the vehicles infotainment system which governs media and cellular functions of the car. The cellular functions is what caught Millers attention because it gave him a remote way into the car. From there he discovered that the communications system had a microcontroller connected to the CAN bus This was his point of entry, using this door he got access to everything connected to the CAN bus, which we now know controls the entire car since everything in computerized. To access the car though, Miller had to exploit the ve hicles cellular microcontroller, which was supplied by style. all(a) he had to do was port scan and find an open profit port. According to sprint shortly after they patched this bug, any sprint device capable of 3g had access to this service port. Normally this port is in all internal, but sprint did not make its scope private. Because of this bug, he utilize a 3G sprint device connected to his laptop to remotely gain access to the microcontroller and then the CAN bus. Just as we discussed in class, there is no perfect system and there is no single security solution. The recommended solution, although it might take a while to implement, would have to be encrypted data transmission, hardware backed or not Device authorization protocols so outside devices cant spoof CAN bus commands And decoupling/segmentation of the CAN bus network. As professor Kathleen Fisher said, the CAN bus is hopelessly insecure. it was developed decades before cars were connected to the Internet and lacks features to block malware programs or winnow out commands from unauthorized intruders.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment