CAN Bit-Stomping attack Prevention – Garrett Motion at DefCamp 2019
CAN Bit-Stomping attack Prevention
Preventing a potential attack on an automotive internal communication network (example: CAN – Controller Area Network) can be a challenging and a time sensitive task. Below description provides a summary of a technique, CAN Bit-stomping which helps neutralizes the malicious commands sent over CAN, if detected by an Intrusion Detection System (IDS).
CAN bus follows a basis principle of not transferring the data to the destination if the integrity of the data is compromised. CAN Bit stomping method uses this same principle to violate the CRC and there by stopping the information to be transfer. Below paragraph explains the detailed methodology to violate the CRC.
CAN bus uses a differential 2 wire CAN-H and CAN-L topology which always stay opposite (low or high voltage). CAN bus could have 2 states: Recessive (CAN-H and CAN-L are derived to 2.5V) and Dominant (CAN-H is derived to 5V and CAN-L to 0V). The idle state of the bus is recessive, the only operation a node needs to send data is to drive the bus to a dominant state, this way the data can be encoded in “Dominant / Recessive” (0 / 1). Whenever a single Recessive bit is overwritten by a Dominant one, the message CRC will be invalid, and the message will be ignored. This operation must be constructed by an independent custom CAN controller. To block messages on a 1 MB/s CAN BUS, a FPGA could be used to execute the operation.