13. The principle of CAN-bus
• Carrier Sense Multiple Access/Collision Detection
– Carrier sense
– Multiple access
– Collision detection
13
Extended ID
I
D
E
S
R
R
S
O
F
EOF
I
T
M
D
E
L
A
C
K
D
E
L
CRCData FieldDLC
r
0
r
1
R
T
R
IDBus Idle Bus Idle
16. Weakness of CAU-bus network
• Attacker model
– Credible gateway
– Send illegal message
• Vulnerability analysis
– Tapping
– Spoofing
– Replay
– Brute force
16
Powertrain Control
Body Control
Dash
board
Door
Control
Airbag
Air
Condition
Seat
Control Power
Locks
Light
Control
Engine
Control
Active
Suspension
ABS/ASR
Transmission
Control
高速CAN 低速CAN
34. UDS services
• 0x2F - I/O control By Identifier
– DID (Data ID) Control Record Control Mask
– DID (Data ID)
• Two byte ID for the output
– Control Record
• what you want the output to do (On/Off, Up/Down, etc.)
– Control Mask
• a bitwise mask of one or more parameters that will be modified
34
02 2F 03 04 07 01 00 00 0x7E0
41. Security design
• Omission ratios
– Randomness
• Delay
– No waste in send and authorize
• Store space L*T
• Low hardware complexity
41
0 10 20 30 40 50 60 70 80 90 100
0
0.1
0.2
0.3
0.4
0.5
0.6
0.7
0.8
0.9
1
连 续 帧 数 量 n
漏检率Pn
Pa
=0.1
Pa
=0.3
Pa
=0.5
Pa
=0.7
Pa
=0.9
100 120 140 160 180 200 220 240 260 280 300
3
4
5
6
7
8
9
10
11
广 播 周 期 T
广播时间Tc
/ms
42. Security design
• Advantages
– In theory it can defense all kind of attacking and faking message
– Unnecessary to change hardware architecture and protocol
• Disadvantages
– A little modify in ECU
– Guarantee communication effectiveness
• Solution
– ECU firmware
42