Protocol-Compliant DoS Attacks on CAN: Demonstration and Mitigation

The Controller Area Network (CAN) is a shared medium, priority-based communication protocol, widely used in the automotive industry for interconnecting electrical components. Although allowing messages to take priority over others in accessing the shared medium is naturally desirable for vehicular applications, it also provides a vulnerability for Denial-of-Service (DoS) attacks. This paper studies the impact of such priority-based DoS attacks and proposes a mitigating scheme. We find that implementation details have a significant impact on the efficiency of priority-based DoS attacks. Nevertheless, with a proper configuration, a single attacker can block an entire CAN network and deem it unusable. To mitigate this problem, we propose integrating a wireless interface and design a hybrid wired/wireless protocol that schedules packet transmissions on the wired and wireless links. Our testbed results show that the hybrid wired/wireless protocol improves the throughput under a two-node DoS attack by a factor of four. Additional experimental results demonstrate that our hybrid wired/wireless protocol is robust to jamming attacks on the wireless link.