Assessing the Security of Internal Automotive Networks

Abstract: Context In order to address the growing need for connectivity in today’s cars, the in-vehicle network has increased in complexity, now consisting of over 100 electrical control units. Balancing the level of security with high performance is non-trivial, and current networks have shown to sacrifice security measures for performance, therefore leaving the networks sensitive to both manipulation and information re trieval. Objective The first objective of this thesis was to assess the security of in-vehicle networks and identify potential security threats that may be exercised with commodity hardware and without expert knowledge in vehicular networking. Secondly, propose solutions to identified security vulnerabilities that act as a defence against the exercised attacks. Method The project was executed with the Design Science Research methodology, where an artefact is developed and evaluated through iterations. The artefact consists of commodity hardware and open software as well as our approach to simulate an attack of an uninitiated tamperer. The applying artefact was evaluated by testing it on vehicle test beds. The evaluation was also the basis for the assessment and in extension the proposed solutions. Results The in-vehicle network was susceptible to multiple attacks such as Man in-the-middle and Replay attacks. For instance, multiple components in the network were successfully manipulated through replay attacks on the network. The replay attacks were conducted in combination with a minimization algorithm which enabled reverse engineering of specific functions with high precision. This made it possible to not only take full control but to block user input. Moreover, Man-in-the-middle attacks on the Ethernet traffic yielded raw data indicating a lack of encryption and also enabled us to map the network topology. To resolve the aforementioned issues, this thesis proposes solutions at varying security levels that would have prevented our attacks; such as CAN bus message counters, MACsec for low-level protection against sniffing and TLS encryption for the confidentiality of raw data. Conclusions The project has shown that it is indeed possible to extract and manipulate data even with the limitations enforced in this project. In addition, it showed that the tested in-vehicle networks lack resilience against unauthorized access and manipulation. The proposed solutions protect against exercised attacks but are subject to future research in terms of implementation and overhead measurements.