The following project has been created to perform attacks on a CAN bus, typical of those present in a vehicle. These attacks include:
- Impersonation,
- Fuzzing,
- Replay,
- Denial-of-Service (DOS), and
- Frame-Drop attacks.
Inspiration to format the outputted messages is taken from HCRL's work on their CAN Dataset for intrusion detection (OTIDS). It is formatted in the following way:
[If the message was Sent/Received]: Timestamp: [Time since initialised in milliseconds] ID: [Arbitration or CAN ID] DLC: [Length of the data package sent] [The data package sent]
The code in this project was developed to run on the Arduino Uno Rev3 and the CAN-BUS Shield V2.0 (which runs on the MCP2515 Chip), but any Arduino and CAN-BUS shield that supports the required libraries should work too.
The libraries used in this project include:
- Seeed Arduino CAN Version 2.3.3
To run on your Arduino, make sure you have set the:
- baud,
- SPI_CS pin, and
- CAN_INT pin.
To perform the different functionality of the program, five different operational modes have been created. These modes are named after the attacks they perform, and can be switched between via setting the op parameter to the different names.
- Impersonation creates a CAN message crafted around an Electronic Control Unit (ECU) to send periodically (This CAN message needs to be hard coded in the impersonation() function)
- Fuzzing generates a random CAN message to send periodically
- Replay periodically listens to the CAN bus until a message is received, then resends that message a set number of times (Determined by the numRepeat variable located in the replay() function)
- DoS periodically sends an empty CAN message with a high arbitration value (low CAN ID number)
- FrameDrop injects a message simultaneously with another ECU, exploiting a vulnerability in the arbitration phase of the CAN protocol
Note that the DoS and FrameDrop modes are partially implemented as of now. More information can be found in the ITU-T's Guidelines for an intrusion detection system for in-vehicle networks.
The IDE CLion was used with the plugins PlatformIO for CLion and Serial Port Monitor.