Project Overview
Our project focuses on the Controller Area Network (CAN) bus protocol, which is a widely used communication standard in automotives. Its purpose is to facilitate real-time traffic exchange between various electronic control devices (ECUs). With our goal of deploying an IDS that works with CAN traffic, we would need ways to test both attacks and detection on actual CAN networks, so we designed two different testbeds that could send accurate traffic among ECUs, inject custom signals into the environment, and deploy the IDS for traffic capture.
Design Overview
- For our first testbed, we utilized a Raspberry Pi, PiCAN Hat 2, and an ECUsim 2000 in order to create a CAN bus channel. The CAN bus protocol is widely accepted and used in almost all vehicles and many machines, so industry standards were fulfilled with this testbed. We used an Arduino UNO with 4 potentiometers in order to create multiple nodes to adeptly simulate ECUs and the message format being followed in CAN networks. The design of this testbed involved researching which pieces of hardware could fulfill the jobs of both creating a CAN network as well as generating CAN signals. With the diverse set of hardware required, the task required the use of engineering processes to write code enabling the various hardware to emulate the protocol vital for automotive functionality.
- For our second testbed, we purchased parts of a 2007 Pontiac G6 from a local junkyard. This testbed includes the fuse box, body control module, transmission control module, engine control module and many different components. All of these modules and components are taken out of the vehicle. To power this testbed we use a power supply with a 13.5 voltage. To monitor traffic we used a usb2can from Innomaker connecting to the network through the OBDII port. The USB side of the usb2can device connects into our computer where the traffic is being read and ported into the IDS. Attacks can also be carried out through the usb2can device which has the capability to send and receive CAN messages.
- The main process for our Intrusion Detection System was utilizing Snort, an open source IDS. We wrote code that could send every CAN message, either in real time or from a log file, over TCP in order for Snort to view the message. Rules were then written using Snort’s language and syntax that could detect several different types of attacks that we could successfully inject into our CAN environments. The rules were all created using our knowledge of CAN message format and purpose to detect both our generated attacks to a testbed where we have control over the ECUs and messages, as well as another where the information comes from other sources that can be seen in real world use.
Team Members
Trace Haage
Client Liaison and Pi Testbed Lead
Computer Engineer entering into the Cyber Security world
Alec Cose
Testbed Design and IDS Rule Development
Cyber Security Engineer with a growing interest in automotive security
Tiffanie Fix
Vulnerability Research and Development Lead
A Cyber Security Engineer living up to my last name in researching solutions to resolve security threats within the modern day
Cole Burkle
Lead Vulnerability Tester and Car Testbed Design
Cyber Security Engineer and a big car guy
Weekly Reports
Report 1Report 2
Report 3
Report 4
Report 5
Bi-weekly Report 1
Bi-weekly Report 2
Bi-weekly Report 3
Bi-weekly Report 4
Design Documents
Design Document Revision 1Final Design Document
Final Deliverables
Demo VideoPresentation Slides
Poster