Controller Area Network (CAN) bus systems are increasingly becoming more sophisticated to give fleet managers and heavy truck drivers better control of their vehicles. As transport vehicles continue to increase electronic capabilities, hackers gain new avenues to tamper with and disable vehicles transporting radioactive material and other high-consequence cargo. Vehicles can be physically tampered with during maintenance, refueling, mandatory driver breaks, and other times when the driver is not with the truck. Wireless intrusions through remote network connections such as telematics systems or infotainment head units offer a way to reprogram the CAN with no physical evidence of tampering, leaving the driver unable to safely deliver the cargo.
Oak Ridge National Laboratory has devised a monitoring system to detect and possibly prevent intrusion into the CAN to keep the vehicle running as designed. In support of securing radiological material during the vulnerable transport stage, this system combines a suite of detection approaches performed across all categories of attacks:
- Signature-based detection: find specific known attacks, such as reprogramming a system
- Timing-based detection: detect message injection and denial-of service attacks
- Content-aware detection: inspect decoded message contents to detect when systems are behaving abnormally or when code contains abnormal contents.
BENEFITS
- Prevent vehicle systems from being reprogrammed to introduce malicious attacks, emissions tampering, performance tuning, etc.
- Understand normal CAN/J1939 code and monitor code between vehicle electronic control units to detect abnormal patterns.
- Customizable notifications alert the driver, company dispatch, or law enforcement if an attack is detected.
- Easily integrated into ORNL’s C-STAR and T-STAR monitoring systems for full vehicle protection