Security Evaluation for Lightweight CAN Authentication Protocol /
Pakinam Noureldeen
Security Evaluation for Lightweight CAN Authentication Protocol / Pakinam Noureldeen - 2018 - 89 p. ill. 21 cm.
Supervisor: Mahmoud Allam, Marianne Azer
Thesis (M.A.)—Nile University, Egypt, 2018 .
"Includes bibliographical references"
Contents:
Chapter 1 Introduction ................................ ................................ ........................... 1
1.2 Scope ................................ ................................ ................................ .................... 3
1.3 Objectives ................................ ................................ ................................ ............ 3
1.4 Limitations ................................ ................................ ................................ ........... 3
1.5 Methodology ................................ ................................ ................................ ........ 3
1.6 Thesis Structure ................................ ................................ ................................ ... 4
Chapter 2 Automotive Internal Networks ................................ ............................. 5
2.1 Types of Automotive Internal Networks ................................ ............................. 5
2.2 Types of ECUs and their Applications ................................ ................................ 8
2.3 Controller Area Network (CAN) in details ................................ ........................ 10
2.3.1 CAN History ................................ ................................ ................................ ................... 10
2.3.2 Communication structure of CAN Bus ................................ ................................ ........... 10
2.3.3 CAN in the OSI Layers ................................ ................................ ................................ ... 11
2.5 CAN Features and Benefits ................................ ................................ ............... 14
2.6 In-Vehicle Interfaces ................................ ................................ .......................... 17
2.7 Security Concerns ................................ ................................ .............................. 18
2.7.1 Security Assets ................................ ................................ ................................ ................ 19
2.7.2 Automotive Network challenges ................................ ................................ ..................... 19
2.8 Automobiles incidents classification ................................ ................................ . 22
2.8.1 Logical attack scenarios ................................ ................................ ................................ .. 22
2.8.2 Possible Examined Attacks ................................ ................................ ............................. 29
Chapter 3 Related work ................................ ................................ ........................ 33
3.1 EVITA project ................................ ................................ ................................ ... 33
3.1.1 Committed security module ................................ ................................ ............................ 34
3.1.2 Key distribution protocol over CAN ................................ ................................ ............... 34
3.1.3 EVITA conclusion ................................ ................................ ................................ ........... 34
3.2 Message/frame authentication protocol ................................ ............................. 35
3.3 Multi-MAC Per receiver ................................ ................................ .................... 38
3.4 Tesla security protocol and its evaluation ................................ .......................... 38
Chapter 4 ................................ ................................ ................................ ................ 40
Light Weight CAN Authentication Protocol ................................ ....................... 40
4.1 Threat Model and Security Requirements ................................ ......................... 40
4.2 The CAN Authentication Protocol................................ ................................ ..... 41
4.3 Protocol Details ................................ ................................ ................................ .. 42
4.4 Protocol Phases ................................ ................................ ................................ .. 43
4.5. Cryptography ................................ ................................ ................................ .... 47
4.6 Disadvantage of LCAP ................................ ................................ ...................... 47
Chapter 5 LCAP Security Evaluation ................................ ................................ . 49
5.1 CANoe Simulation Setup ................................ ................................ ................... 49
5.2 Overview of a CANoe Application ................................ ................................ ... 50
5.3 LCAP Penetration Testing ................................ ................................ ................. 54
5.3.1 Attacks on CAN bus related to CIA ................................ ................................ ................ 54
5.4 LCAP deployment over the CANoe ................................ ................................ .. 58
5.4.1 Attacks after implementing LCAP ................................ ................................ .................. 61
5.4 Successful critical attack over LCAP ................................ ................................ 63
5.4.1 Replay Attack scenario: ................................ ................................ ................................ .. 64
5.4.2 Attack implementation in CANoe tool ................................ ................................ ............ 66
5.4.2.1 Proposed replays attack simulation setup ................................ ................................ ..... 67
5.5 Proposed Solution for Replay attack over LCAP ................................ .............. 70
5.5.1 Control messages re-formatting: ................................ ................................ ..................... 70
5.5.2 Node History configuration ................................ ................................ ............................. 70
5.5.3 Receiver Challenge-Response procedure ................................ ................................ ........ 71
Chapter 6 Conclusion and Future Work ................................ ............................. 74
6.1 Conclusion ................................ ................................ ................................ ......... 74
6.2 Future work ................................ ................................ ................................ ........ 75
References ................................
Abstract:
Nowadays, leading automotive companies are trying to push the market towards customer satisfaction and to control their industry remotely. This approach helps automotive companies solve some of the software bugs as soon as the happen, also it helps in updating or adding new software features without requiring the customer to go to the car service station to receive the new software updates or the newly added feature. This approach offers several advantages to both the manufacturing companies and the customer.
Remote diagnosis and firmware updated over the air (FOTA) is the solution that automotive companies found to decrease software bugs, to update and to add new features in order to decrease the number of customer visits to car service stations.
As a result, the security of automotive applications using Controller Area Network (CAN) has become one of the most important concerns for maintaining safety and quality of the driving experience.
In order to practice (FOTA) approach, we need to take into consideration the security of the vehicle networks. To use this approach, we must connect automotive networks to external networksthus exposing them to severe and dangerous cyber crimes and attacks.
Vehicles have different types of networks, each network controls a different mechanism of the vehicle. Automotive networks are (MOST), (CAN), (LIN), and (FlexRay). Several ECUs are connected to each network and work differently. For example, LIN (Local Interconnected Network) is responsible for windows opening and closing, it also controls the door locking mechanism. CAN (Controller Area Network) is used in serious automotive functions such as engine control. For multimedia the MOST (Media Oriented System Transport) is typically used. FlexRay is fault-tolerant and high-speed bus system used in High-Performance Powertrain Safety (Drive-by-wire, active suspension, adaptive cruise control)
The purpose of this thesis is to improve the CAN resistance against attacks. Also, the thesis focuses on the lightweight CAN authentication protocol, examines the protocol immunity against denial of service attacks, and suggests a solution for such attacks. Consequently, a security protocol that is appropriate for all security characteristics is accomplished.
Text in English, abstracts in English.
Information Security
Dissertation, Academic
658
Security Evaluation for Lightweight CAN Authentication Protocol / Pakinam Noureldeen - 2018 - 89 p. ill. 21 cm.
Supervisor: Mahmoud Allam, Marianne Azer
Thesis (M.A.)—Nile University, Egypt, 2018 .
"Includes bibliographical references"
Contents:
Chapter 1 Introduction ................................ ................................ ........................... 1
1.2 Scope ................................ ................................ ................................ .................... 3
1.3 Objectives ................................ ................................ ................................ ............ 3
1.4 Limitations ................................ ................................ ................................ ........... 3
1.5 Methodology ................................ ................................ ................................ ........ 3
1.6 Thesis Structure ................................ ................................ ................................ ... 4
Chapter 2 Automotive Internal Networks ................................ ............................. 5
2.1 Types of Automotive Internal Networks ................................ ............................. 5
2.2 Types of ECUs and their Applications ................................ ................................ 8
2.3 Controller Area Network (CAN) in details ................................ ........................ 10
2.3.1 CAN History ................................ ................................ ................................ ................... 10
2.3.2 Communication structure of CAN Bus ................................ ................................ ........... 10
2.3.3 CAN in the OSI Layers ................................ ................................ ................................ ... 11
2.5 CAN Features and Benefits ................................ ................................ ............... 14
2.6 In-Vehicle Interfaces ................................ ................................ .......................... 17
2.7 Security Concerns ................................ ................................ .............................. 18
2.7.1 Security Assets ................................ ................................ ................................ ................ 19
2.7.2 Automotive Network challenges ................................ ................................ ..................... 19
2.8 Automobiles incidents classification ................................ ................................ . 22
2.8.1 Logical attack scenarios ................................ ................................ ................................ .. 22
2.8.2 Possible Examined Attacks ................................ ................................ ............................. 29
Chapter 3 Related work ................................ ................................ ........................ 33
3.1 EVITA project ................................ ................................ ................................ ... 33
3.1.1 Committed security module ................................ ................................ ............................ 34
3.1.2 Key distribution protocol over CAN ................................ ................................ ............... 34
3.1.3 EVITA conclusion ................................ ................................ ................................ ........... 34
3.2 Message/frame authentication protocol ................................ ............................. 35
3.3 Multi-MAC Per receiver ................................ ................................ .................... 38
3.4 Tesla security protocol and its evaluation ................................ .......................... 38
Chapter 4 ................................ ................................ ................................ ................ 40
Light Weight CAN Authentication Protocol ................................ ....................... 40
4.1 Threat Model and Security Requirements ................................ ......................... 40
4.2 The CAN Authentication Protocol................................ ................................ ..... 41
4.3 Protocol Details ................................ ................................ ................................ .. 42
4.4 Protocol Phases ................................ ................................ ................................ .. 43
4.5. Cryptography ................................ ................................ ................................ .... 47
4.6 Disadvantage of LCAP ................................ ................................ ...................... 47
Chapter 5 LCAP Security Evaluation ................................ ................................ . 49
5.1 CANoe Simulation Setup ................................ ................................ ................... 49
5.2 Overview of a CANoe Application ................................ ................................ ... 50
5.3 LCAP Penetration Testing ................................ ................................ ................. 54
5.3.1 Attacks on CAN bus related to CIA ................................ ................................ ................ 54
5.4 LCAP deployment over the CANoe ................................ ................................ .. 58
5.4.1 Attacks after implementing LCAP ................................ ................................ .................. 61
5.4 Successful critical attack over LCAP ................................ ................................ 63
5.4.1 Replay Attack scenario: ................................ ................................ ................................ .. 64
5.4.2 Attack implementation in CANoe tool ................................ ................................ ............ 66
5.4.2.1 Proposed replays attack simulation setup ................................ ................................ ..... 67
5.5 Proposed Solution for Replay attack over LCAP ................................ .............. 70
5.5.1 Control messages re-formatting: ................................ ................................ ..................... 70
5.5.2 Node History configuration ................................ ................................ ............................. 70
5.5.3 Receiver Challenge-Response procedure ................................ ................................ ........ 71
Chapter 6 Conclusion and Future Work ................................ ............................. 74
6.1 Conclusion ................................ ................................ ................................ ......... 74
6.2 Future work ................................ ................................ ................................ ........ 75
References ................................
Abstract:
Nowadays, leading automotive companies are trying to push the market towards customer satisfaction and to control their industry remotely. This approach helps automotive companies solve some of the software bugs as soon as the happen, also it helps in updating or adding new software features without requiring the customer to go to the car service station to receive the new software updates or the newly added feature. This approach offers several advantages to both the manufacturing companies and the customer.
Remote diagnosis and firmware updated over the air (FOTA) is the solution that automotive companies found to decrease software bugs, to update and to add new features in order to decrease the number of customer visits to car service stations.
As a result, the security of automotive applications using Controller Area Network (CAN) has become one of the most important concerns for maintaining safety and quality of the driving experience.
In order to practice (FOTA) approach, we need to take into consideration the security of the vehicle networks. To use this approach, we must connect automotive networks to external networksthus exposing them to severe and dangerous cyber crimes and attacks.
Vehicles have different types of networks, each network controls a different mechanism of the vehicle. Automotive networks are (MOST), (CAN), (LIN), and (FlexRay). Several ECUs are connected to each network and work differently. For example, LIN (Local Interconnected Network) is responsible for windows opening and closing, it also controls the door locking mechanism. CAN (Controller Area Network) is used in serious automotive functions such as engine control. For multimedia the MOST (Media Oriented System Transport) is typically used. FlexRay is fault-tolerant and high-speed bus system used in High-Performance Powertrain Safety (Drive-by-wire, active suspension, adaptive cruise control)
The purpose of this thesis is to improve the CAN resistance against attacks. Also, the thesis focuses on the lightweight CAN authentication protocol, examines the protocol immunity against denial of service attacks, and suggests a solution for such attacks. Consequently, a security protocol that is appropriate for all security characteristics is accomplished.
Text in English, abstracts in English.
Information Security
Dissertation, Academic
658