Search Icon
Submissions

Security Attacks to the Name Management Protocol in Vehicular Networks (Long)

Sharika Kumar (The Ohio State University), Imtiaz Karim, Elisa Bertino (Purdue University), Anish Arora (Ohio State University)

Trucks play a critical role in today’s transportation system, where minor disruptions can result in a major social impact. Intra Medium and Heavy Duty (MHD) communications broadly adopt SAE-J1939 recommended practices that utilize Name Management Protocol (NMP) to associate and manage source addresses with primary functions of controller applications. This paper exposes 19 vulnerabilities in the NMP, uses them to invent various logical attacks, in some cases leveraging and in all cases validating with formal methods, and discusses their impacts. These attacks can–➀ stealthily deny vehicle start-up by pre-playing recorded claims in monotonically descending order; ➁ successfully restrain critical vehicular device participation and institute a dead beef attack, causing reflash failure by performing a replay attack; ➂ cause stealthy address exhaustion, Thakaavath–exhaustion in Sanskrit, which rejects an address-capable controller application from network engagement by exhausting the usable address space via pre-playing claims in monotonically descending order; ➃ poison the controller application’s internally maintained source address-function association table after bypassing the imposter detection protection and execute a stealthy SA-NAME Table Poisoning Attack thereby disable radar and Anti Brake System (ABS), as well as obtain retarder braking torque dashboard warnings; ➄ cause Denial of Service (DoS) on claim messages by predicting the delay in an address reclaim and prohibiting the associated device from participating in the SAE-J1939 network; ➅ impersonate a working set master to alter the source addresses of controller applications to execute a Bot-Net attack; ➆ execute birthday attack, a brute-force collision attack to command an invalid or existing name, thereby causing undesired vehicle behavior. The impact of these attacks is validated by demonstrations on real trucks in operation in a practical setting and on bench setups with a real engine controller connected to a CAN bus.

Paper

View More Papers

When Cryptography Needs a Hand: Practical Post-Quantum Authentication for...

Geoff Twardokus (Rochester Institute of Technology), Nina Bindel (SandboxAQ), Hanif Rahbari (Rochester Institute of Technology), Sarah McCarthy (University of Waterloo)

Read More

LMSanitator: Defending Prompt-Tuning Against Task-Agnostic Backdoors

Chengkun Wei (Zhejiang University), Wenlong Meng (Zhejiang University), Zhikun Zhang (CISPA Helmholtz Center for Information Security and Stanford University), Min Chen (CISPA Helmholtz Center for Information Security), Minghu Zhao (Zhejiang University), Wenjing Fang (Ant Group), Lei Wang (Ant Group), Zihui Zhang (Zhejiang University), Wenzhi Chen (Zhejiang University)

Read More

Securing Lidar Communication through Watermark-based Tampering Detection (Long)

Michele Marazzi, Stefano Longari, Michele Carminati, Stefano Zanero (Politecnico di Milano)

Read More

Predictive Context-sensitive Fuzzing

Pietro Borrello (Sapienza University of Rome), Andrea Fioraldi (EURECOM), Daniele Cono D'Elia (Sapienza University of Rome), Davide Balzarotti (Eurecom), Leonardo Querzoni (Sapienza University of Rome), Cristiano Giuffrida (Vrije Universiteit Amsterdam)

Read More