A Security Evaluation and Internal Penetration Testing Of the CAN-bus

Date

Type

Examensarbete för masterexamen
Master Thesis

Programme

Model builders

Journal Title

Journal ISSN

Volume Title

Publisher

Abstract

From the early ages of civilization, people have always fought to have safety and comfort in all the aspects of their lives. Contemporary vehicles are not an exception. Nowadays, vehicles contain a number of electronic control units (ECUs) which form networks and provide many different functions. In order to let the driver benefit from the new technology, the automotive manufacturers have created a strong relationship between the vehicle and the fleet management. Remote diagnosis and firmware updates over the air (FOTA) are some examples of services brought by the new technology in order to involve a minimum of customer inconvenience. This approach brings a considerable number of advantages: the vehicle needs no longer to be brought in a service station, the update of a firmware is made as soon as it is released, and the time between discovering an error and identifying its causes is reduced. But, in order to assure these functions, in-vehicle networks are connected to external networks, a fact that exposes them to dangerous threats such as cyber attacks. The in-vehicle network consists of a number of networks where each of them has different impact on the vehicle’s mechanism. These networks are formed by a number of ECUs and are used differently. For instance, MOST (media oriented system transport) is used in to transmit voice, audio, and video content. LIN (local interconnected network) is responsible for controlling door locking mechanisms, windows and mirrors. For critical applications, such as engine control and anti-lock braking system (ABS), CAN (controller area network) is used. This master thesis evaluates the security in in-vehicle networks by focusing on the CAN-bus protocol, since the most critical applications use this protocol for communications. In order to perform this evaluation, the development of a framework for conduction a penetration test is done.

Description

Keywords

Informations- och kommunikationsteknik, Data- och informationsvetenskap, Information & Communication Technology, Computer and Information Science

Citation

Architect

Location

Type of building

Build Year

Model type

Scale

Material / technology

Index

Collections

Endorsement

Review

Supplemented By

Referenced By