Automotive Cyber Security – CAN Protocol Analysis

Question 1

CAN protocol is the backbone of automotive networks. Considering CAN as an asset, complete composite threat modelling following the bullet points below, noting the mark distribution provided.

• Creating interconnecting drawing (5 Marks);
• Flow diagram (5 Marks);
• Creating and populating threat matrix with following fields (20 Marks) i.e.:
  • 1) List of vulnerabilities that could be exploited,
  • 2) difficulty level to protect against vulnerabilities,
  • 3) resource required to do the attack,
  • 4) consequences of attacks;
• Attack scenario (10 Marks).

Question 2

Controller Area Network or CAN protocol is a method of communication between various electronic devices like engine management systems, active suspension, ABS, gear control, lighting control, air conditioning, airbags, central locking etc. embedded in an automobile.

CAN messages are un-encrypted. What encryption technique is the best suitable for CAN messages (Give general description (5 Marks) give statistical evidences of comparisons (5 Marks) and give high-level implementation details e.g., sudo code, algorithm, state diagram (10 Marks).

Question 3:  

Attack trees are conceptual diagrams showing how an asset, or target, might be attacked. Use the J3061 attack tree notation to construct an attack tree to get remote access e.g., exploiting telematics unit vulnerabilities, where the attack goal is to access door lock ecu. Feel free to have assumptions e.g., open access of port, availability of scanning tools.

Create an attack tree using J3061 attack tree notation (5 Marks). Your attack tree should consider all possible ways (10 Marks). Once constructed, rate the different paths to achieving your attack goal with relative levels of difficulty, labelling 1 to 10 (where 10 being the most difficult and 1 is the least difficult) (5 Marks).

Question 4: 

What is the key legislation (current) that applies to automotive cyber security? (Feel free to quote EU,UK,USA,<Country of Relevance>) (10 Marks). Share your suggestions for new legislations (10 Marks).

Want Help Structuring Your Answers!!

Expert Writers Singapore

All Subjects Covered

Professional Guidance

Explore Cyber Security Assignment Answers

Experts Answer on Above Cyber Security Questions

CAN protocol threat modelling

Interconnecting drawing

Telematics Unit
|
v
CAN Bus
/ | \
ECU ABS BCM
| | |
Engine Airbag Door Lock

Flow diagram

Attacker → Telematics Unit → CAN Bus Access
→ Inject CAN Messages
→ Compromise ECU
→ Control Vehicle Functions

Threat matrix

The vulnerabilities are mainly in the form of unencrypted CAN messages which have high protection difficulty, and require laptop and CAN tools for all effective management. Another threat is lack of authentication which needs a message injection device for its management, as it would lead to unauthorised commands. The ECU firmware vulnerabilities have medium level of difficulty in ensuring their protection, and the resources it needs are OBD II scanners. Finally, the threat in the form of open diagnostic ports and weak access control requires resources like Network Scanner, as it leads to privilege escalation.

Attacks scenario

An attacker targets a vulnerable telematics unit that is connected to the internet by way of injecting malicious CAN messages onto the vehicle network. They send door unlock commands and gain unauthorised access to the vehicle.

Encryption for CAN messages

The best encryption technique that is available is AES-128 advanced encryption standards. It is a type of symmetric encryption algorithm that provides strong security especially in resource constrained automotive ECUs.

Statistical evidence

AES-128 requires 128 bit and offers high security with faster speeds. RSA-2048 needs 2049 bits and offers high security but it is slow. This indicates that AES needs less processing power which makes it ideal for real time CAN communication.

High level Pseudocode

The sender sends a message that is encrypted using AES in a CAN frame, and the receiver receives a CAN frame, decrypts the key and reads the original message.

State Diagram

Idle – Encrypt – Transmit – Receive – Decrypt – Idle.

Attack tree

The main goal has been to access door lock ECU which requires exploitation of:
Telematics units – by way of opening port and weak authentication.
Physical access – OBD II port and ECU connection,
Wireless attack – bluetooth vulnerability and Wi-Fi vulnerability.

Difficulty rating – From a difficulty point of view, the most difficult one is Wi-Fi exploitation and direct ECU firmware attack, while the lowest difficulty one are OBD II access and through weak authentication.

Automotive cyber security legislation

The current placed relation are UNECEWP.29R155 which is a hyper security management system, UNECEWP.29R156 for secure software update, ISO21434 for automotive cyber security engineering standard, USNHTSA for cyber security best practices. With respect to new legislation, it is recommended for mandatory encryption for all CAN communication, minimum cyber security standard for suppliers, secure by design requirements for ECUs, and mandatory intrusion detection systems.

Want a Full Worked Out Answer with References?

The above discussion on CAN protocol threat modelling, attack trees, automatics cyber security laws, encryption techniques and ECU security Analysis revealed significant findings, and if you need similar kind of analysis on automotive cyber security threats, get in touch with our professional assignment helpers in Singapore to provide you with complete support and guidance.

Submit Your Request Here