東華大學圖書館 |

語系: 繁體中文

說明(常見問題)

回圖書館首頁

手機版館藏查詢

登入

回首頁

切換: 標籤 | MARC模式 | ISBD

FindBook

Google Book

Amazon

博客來

Revisiting Remote Attack Kill-Chains on Modern In-Vehicle Networks.

紀錄類型:	書目-電子資源 : Monograph/item
正題名/作者:	Revisiting Remote Attack Kill-Chains on Modern In-Vehicle Networks./
作者:	Kulandaivel, Sekar.
出版者:	Ann Arbor : ProQuest Dissertations & Theses, : 2021,
面頁冊數:	150 p.
附註:	Source: Dissertations Abstracts International, Volume: 83-05, Section: B.
Contained By:	Dissertations Abstracts International83-05B.
標題:	Automotive engineering. -
電子資源:	http://pqdd.sinica.edu.tw/twdaoapp/servlet/advanced?query=28770662
ISBN:	9798460482740

Revisiting Remote Attack Kill-Chains on Modern In-Vehicle Networks.
Kulandaivel, Sekar.

Revisiting Remote Attack Kill-Chains on Modern In-Vehicle Networks. - Ann Arbor : ProQuest Dissertations & Theses, 2021 - 150 p.

Source: Dissertations Abstracts International, Volume: 83-05, Section: B.

Thesis (Ph.D.)--Carnegie Mellon University, 2021.

This item must not be sold to any third party vendors.

In-vehicle networks contain an increasing number of electronic control units (ECUs) with advanced electronics and wireless capabilities. Due to their critical role in vehicles, these ECUs are a prime target for remote adversaries as ECUs often communicate via the reliable but insecure Controller Area Network (CAN) protocol. By compromising just a single in-vehicle ECU, a remote adversary could manipulate safety-critical systems by simply injecting CAN messages. Prior work had demonstrated the feasibility and severity of real-world remote exploitation of in-vehicle ECUs, which brought this threat to the attention of automotive manufacturers/suppliers and global regulatory bodies. In response, the automotive industry has since developed defenses to secure the CAN bus against remote adversaries, and these defenses do well to detect and prevent known message injection attacks.In this thesis, we argue that there remain unaddressed disconnects in the security design of modern in-vehicle networks. We develop an end-to-end attack "kill-chain" that demonstrates a series of exploited vulnerabilities in modern vehicles. Here, we envision an adversary that remotely compromises a non-safety-critical and wirelessly-connected ECU (e.g., infotainment) with the goal of controlling a safety-critical ECU (e.g., engine, transmission) while evading detection by modern network defenses. However, these defenses can still prevent our attacker from simply using the compromised ECU to inject critical CAN messages that disrupt the safety-critical ECU's functionality. Therefore, we aim to construct a kill-chain that can ultimately enable a remote adversary to gain control of a safety-critical ECU's software, opening the door to more advanced safety-critical attacks. By identifying disconnects that an adversary can exploit to build this kill-chain, we can inform defenses for next-generation vehicles with proposals of countermeasures that target these disconnects.Our key contributions consist of building new attack classes, demonstrating attack feasibility on real vehicles, and proposing countermeasures for each stage of our kill-chain. First, to gauge an understanding of a victim network of ECUs and their transmission characteristics, our CANvas network mapper accurately identifies the source and destination ECU of a given CAN message and permits us to characterize ECU transmissions. Using this network knowledge, the CANnon disruption technique demonstrates how an adversary can target a victim ECU in the network and disrupt its CAN transmissions to the adversary's advantage. Finally, the CANdid authentication bypass leverages both CANvas and CANnon to successfully authenticate with a safety-critical victim ECU without access to its secret keys. To complete the kill-chain, we demonstrate how our three stages enable a remote adversary to download code to a victim ECU. Drawing from the vulnerabilities that enable our kill-chain, we propose practical countermeasures to detect and prevent our methods and discuss the lessons we learned to help identify potential vulnerabilities in a future automotive network design.

ISBN: 9798460482740Subjects--Topical Terms:

2181195
Automotive engineering.
Subjects--Index Terms:

Electronic control units

Revisiting Remote Attack Kill-Chains on Modern In-Vehicle Networks.
LDR:04300nmm a2200373 4500 001 2349101
005 20220920135739.5
008 241004s2021 ||||||||||||||||| ||eng d
020 $a 9798460482740
035 $a (MiAaPQ)AAI28770662
035 $a AAI28770662
040 $a MiAaPQ $c MiAaPQ
100 1 $a Kulandaivel, Sekar. $3 3688498
245 1 0 $a Revisiting Remote Attack Kill-Chains on Modern In-Vehicle Networks.
260 1 $a Ann Arbor : $b ProQuest Dissertations & Theses, $c 2021
300 $a 150 p.
500 $a Source: Dissertations Abstracts International, Volume: 83-05, Section: B.
500 $a Advisor: Sekar, Vyas.
502 $a Thesis (Ph.D.)--Carnegie Mellon University, 2021.
506 $a This item must not be sold to any third party vendors.
520 $a In-vehicle networks contain an increasing number of electronic control units (ECUs) with advanced electronics and wireless capabilities. Due to their critical role in vehicles, these ECUs are a prime target for remote adversaries as ECUs often communicate via the reliable but insecure Controller Area Network (CAN) protocol. By compromising just a single in-vehicle ECU, a remote adversary could manipulate safety-critical systems by simply injecting CAN messages. Prior work had demonstrated the feasibility and severity of real-world remote exploitation of in-vehicle ECUs, which brought this threat to the attention of automotive manufacturers/suppliers and global regulatory bodies. In response, the automotive industry has since developed defenses to secure the CAN bus against remote adversaries, and these defenses do well to detect and prevent known message injection attacks.In this thesis, we argue that there remain unaddressed disconnects in the security design of modern in-vehicle networks. We develop an end-to-end attack "kill-chain" that demonstrates a series of exploited vulnerabilities in modern vehicles. Here, we envision an adversary that remotely compromises a non-safety-critical and wirelessly-connected ECU (e.g., infotainment) with the goal of controlling a safety-critical ECU (e.g., engine, transmission) while evading detection by modern network defenses. However, these defenses can still prevent our attacker from simply using the compromised ECU to inject critical CAN messages that disrupt the safety-critical ECU's functionality. Therefore, we aim to construct a kill-chain that can ultimately enable a remote adversary to gain control of a safety-critical ECU's software, opening the door to more advanced safety-critical attacks. By identifying disconnects that an adversary can exploit to build this kill-chain, we can inform defenses for next-generation vehicles with proposals of countermeasures that target these disconnects.Our key contributions consist of building new attack classes, demonstrating attack feasibility on real vehicles, and proposing countermeasures for each stage of our kill-chain. First, to gauge an understanding of a victim network of ECUs and their transmission characteristics, our CANvas network mapper accurately identifies the source and destination ECU of a given CAN message and permits us to characterize ECU transmissions. Using this network knowledge, the CANnon disruption technique demonstrates how an adversary can target a victim ECU in the network and disrupt its CAN transmissions to the adversary's advantage. Finally, the CANdid authentication bypass leverages both CANvas and CANnon to successfully authenticate with a safety-critical victim ECU without access to its secret keys. To complete the kill-chain, we demonstrate how our three stages enable a remote adversary to download code to a victim ECU. Drawing from the vulnerabilities that enable our kill-chain, we propose practical countermeasures to detect and prevent our methods and discuss the lessons we learned to help identify potential vulnerabilities in a future automotive network design.
590 $a School code: 0041.
650 4 $a Automotive engineering. $3 2181195
650 4 $a Computer engineering. $3 621879
650 4 $a Computer science. $3 523869
650 4 $a Electrical engineering. $3 649834
653 $a Electronic control units
653 $a Safety-critical systems
653 $a Attack feasibility
653 $a Remote adversaries
690 $a 0540
690 $a 0464
690 $a 0984
690 $a 0544
710 2 $a Carnegie Mellon University. $b Electrical and Computer Engineering. $3 2094139
773 0 $t Dissertations Abstracts International $g 83-05B.
790 $a 0041
791 $a Ph.D.
792 $a 2021
793 $a English
856 4 0 $u http://pqdd.sinica.edu.tw/twdaoapp/servlet/advanced?query=28770662