Abdullah Zubair Mohammed (Virginia Tech), Yanmao Man (University of Arizona), Ryan Gerdes (Virginia Tech), Ming Li (University of Arizona) and Z. Berkay Celik (Purdue University)

The Controller Area Network (CAN) bus standard is the most common in-vehicle network that provides communication between Electronic Control Units (ECUs). CAN messages lack authentication and data integrity protection mechanisms and hence are vulnerable to attacks, such as impersonation and data injection, at the digital level. The physical layer of the bus allows for a one-way change of a given bit to accommodate prioritization; viz. a recessive bit (1) may be changed to a dominant one (0). In this paper, we propose a physical-layer data manipulation attack wherein multiple compromised ECUs collude to cause 0→1 (i.e., dominant to recessive) bit-flips, allowing for arbitrary bit-flips in transmitted messages. The attack is carried out by inducing transient voltages in the CAN bus that are heightened due to the parasitic reactance of the bus and non-ideal properties of the line drivers. Simulation results indicate that, with more than eight compromised ECUs, an attacker can induce a sufficient voltage drop to cause dominant bits to be flipped to recessive ones.

View More Papers

Preventing Kernel Hacks with HAKCs

Derrick McKee (Purdue University), Yianni Giannaris (MIT CSAIL), Carolina Ortega (MIT CSAIL), Howard Shrobe (MIT CSAIL), Mathias Payer (EPFL), Hamed Okhravi (MIT Lincoln Laboratory), Nathan Burow (MIT Lincoln Laboratory)

Read More

Demo #10: Hijacking Connected Vehicle Alexa Skills

Wenbo Ding (University at Buffalo), Long Cheng (Clemson University), Xianghang Mi (University of Science and Technology of China), Ziming Zhao (University at Buffalo) and Hongxin Hu (University at Buffalo)

Read More

COOPER: Testing the Binding Code of Scripting Languages with...

Peng Xu (TCA/SKLCS, Institute of Software, Chinese Academy of Sciences; University of Chinese Academy of Sciences), Yanhao Wang (QI-ANXIN Technology Research Institute), Hong Hu (Pennsylvania State University), Purui Su (TCA/SKLCS, Institute of Software, Chinese Academy of Sciences; School of Cyber Security, University of Chinese Academy of Sciences)

Read More

Demo #7: Automated Tracking System For LiDAR Spoofing Attacks...

Yulong Cao, Jiaxiang Ma, Kevin Fu (University of Michigan), Sara Rampazzi (University of Florida), and Z. Morley Mao (University of Michigan) Best Demo Award Runner-up ($200 cash prize)!

Read More