ZBCAN: A Zero-Byte CAN Defense System


Controller Area Network (CAN) is one of the most widely used network protocols. In addition to being the main communication medium for vehicles, it is also used in factories, medical equipment, elevators, as well as avionics. Unfortunately, CAN was not designed with any security features. Consequently, it has come under scrutiny by the research community, showing its security weakness. Recent works have shown that a single compromised ECU on a CAN bus can launch a multitude of attacks ranging from message injection, to bus flooding, to attacks specifically exploiting CAN’s error handling mechanism. Although several works have attempted to address CAN security, we argue that none of their defense approaches could be widely adopted for reasons inherent in their design. In this work, we introduce ZBCAN, a defense system that uses zero bytes of the CAN frame to secure against the most common CAN attacks, including message injection, replay, fuzzing, impersonation, flooding, collision injection, bus-off, and network mapping attacks, without using encryption or MACs, while taking into consideration performance metrics such as delay, busload, and data-rate.

USENIX Security Symposium