TY - GEN
T1 - ZBCAN
T2 - 32nd USENIX Security Symposium, USENIX Security 2023
AU - Serag, Khaled
AU - Bhatia, Rohit
AU - Faqih, Akram
AU - Ozmen, Muslum Ozgur
AU - Kumar, Vireshwar
AU - Celik, Z. Berkay
AU - Xu, Dongyan
N1 - Publisher Copyright:
© 32nd USENIX Security Symposium, USENIX Security 2023. All rights reserved
PY - 2023
Y1 - 2023
N2 - Controller Area Network (CAN) is a widely used network protocol. In addition to being the main communication medium for vehicles, it is also used in factories, medical equipment, elevators, and avionics. Unfortunately, CAN was designed without any security features. Consequently, it has come under scrutiny by the research community, showing its security weakness. Recent works have shown that a single compromised ECU on a CAN bus can launch a multitude of attacks ranging from message injection, to bus flooding, to attacks exploiting CAN’s error handling mechanism. Although several works have attempted to secure CAN, we argue that none of their approaches could be widely adopted for reasons inherent in their design. In this work, we introduce ZBCAN, a defense system that uses zero bytes of the CAN frame to secure against the most common CAN attacks, including message injection, impersonation, flooding, and error handling, without using encryption or MACs, while taking into consideration performance metrics such as delay, busload, and data-rate.
AB - Controller Area Network (CAN) is a widely used network protocol. In addition to being the main communication medium for vehicles, it is also used in factories, medical equipment, elevators, and avionics. Unfortunately, CAN was designed without any security features. Consequently, it has come under scrutiny by the research community, showing its security weakness. Recent works have shown that a single compromised ECU on a CAN bus can launch a multitude of attacks ranging from message injection, to bus flooding, to attacks exploiting CAN’s error handling mechanism. Although several works have attempted to secure CAN, we argue that none of their approaches could be widely adopted for reasons inherent in their design. In this work, we introduce ZBCAN, a defense system that uses zero bytes of the CAN frame to secure against the most common CAN attacks, including message injection, impersonation, flooding, and error handling, without using encryption or MACs, while taking into consideration performance metrics such as delay, busload, and data-rate.
UR - http://www.scopus.com/inward/record.url?scp=85168809113&partnerID=8YFLogxK
M3 - Conference contribution
AN - SCOPUS:85168809113
T3 - 32nd USENIX Security Symposium, USENIX Security 2023
SP - 6893
EP - 6910
BT - 32nd USENIX Security Symposium, USENIX Security 2023
PB - USENIX Association
Y2 - 9 August 2023 through 11 August 2023
ER -