Protecting Vehicles from Remote Attackers with Firewalls and Switched Networks

Allen, Evan Nathaniel

16 May 2024

Remote attacks on vehicles have become alarmingly more common over the past decade. Attackers often can compromise a single Electronic Control Unit (ECU) in the In-Vehicle Network (IVN) and then use it to send malicious messages that can cause a vehicle to stop, turn, or even crash. It is critical that we find a way to block or discard these messages. However, current IVNs contain few measures to prevent such threats. Most research in this area focuses on cryptography-based approaches that are too slow or too expensive for vehicle applications. In this thesis, we explore how we can stop many of these remote attacks without cryptography. We define a `security policy' that describes what messages are allowed in an IVN and then create a system of distributed firewalls to enforce it, blocking many remote attacks. Using newer, switched IVN topologies, we can authenticate messages with nearly zero additional overhead and implement our system with minimal changes to each ECU. This places the security responsibility on a few centralized network devices that automakers can more easily control and update, even after a vehicle is sold. We evaluate our firewall design using a network simulator and find that our approach is significantly faster than state-of-the-art cryptographic approaches. / Master of Science / Over the past decade, hackers and security researchers have found many ways to remotely take control of a vehicle. Most modern vehicles contain numerous Electronic Control Units (ECUs) that each control some aspect of the vehicle, such as the brakes or engine. It is difficult to design all ECUs perfectly, however, and attackers are often able to remotely hack into one of them. From there, attackers can send malicious messages throughout the In-Vehicle Network (IVN) that connects ECUs. These messages can cause the car to stop, turn, or even crash. Thus, we must find a way to block or discard these messages. Most current research uses cryptography to accomplish this, which is a computationally expensive technique that uses math to determine if messages are legitimate. In this thesis, we examine how we can stop these malicious messages without cryptography. We introduce an approach based on firewalls, which are devices in the network that inspect messages and block them if they do not pass a set of rules. Our approach, which leverages new trends in IVN architectures, allows us to stop many of these malicious messages in the network with nearly zero additional overhead. In addition, our system of firewalls is much easier for an automaker to manage and update than previous approaches. We simulate our idea and find that it is significantly faster than previous state-of-the-art techniques.

automotive security

TCAM firewalls

in-vehicle networks