Politecnico di Torino (logo)

Vehicle Scenario for Capture the Flag Competitions

Carlo Iurato

Vehicle Scenario for Capture the Flag Competitions.

Rel. Paolo Ernesto Prinetto, Nicolò Maunero, Simone Soderi. Politecnico di Torino, Corso di laurea magistrale in Ingegneria Informatica (Computer Engineering), 2022

[img] PDF (Tesi_di_laurea) - Tesi
Restricted to: Repository staff only until 13 April 2025 (embargo date).
Licenza: Creative Commons Attribution Non-commercial No Derivatives.

Download (2MB)

Nowadays vehicles have got a significant amount of on-board computers; moreover, the number of electronic components installed in vehicles will definitely increase in the next years due to emerging technologies such as autonomous driving systems. Modern vehicles, therefore, should be considered as complex IT/OT systems characterized by a large attack surface that leads to significant cybersecurity risks. Additionally, it should be noted that vehicles are safety-critical environments, meaning that possible vulnerabilities exploited by cyber-criminals could lead to catastrophic consequences for people (i.e. passengers) and for the vehicle manufacturer. The in-vehicle communication network generally relies on the Controller Area Network protocol (CAN-bus), which still suffers from various vulnerabilities because of the lack of security measures. For this reason, raising people’s and automotive companies’ awareness of possible vulnerabilities or cyber-attacks against vehicular targets is crucial. For educational and informational purposes, in the area of cybersecurity, cyber challenges, in the form of Capture the Flag (CTF) competitions, are often used. Individuals or teams compete with each other in a game that is based on the discovery and exploitation of intentionally inserted cybersecurity vulnerabilities. In this way, many people are introduced to computer security concepts through a gamification approach, which allows them to learn and acquire cybersecurity skills for both attacking and defending a computer system. The goal of this thesis work is to design and develop a set of cybersecurity challenges revolving around the CAN-bus protocol, in order to introduce participants to aspects and security issues in the protocol itself and more in general on vehicular systems. The first set of proposed CTFs have a demonstrational purpose. This challenges are designed with the intent to familiarize participants with the Controller Area Network protocol and with tools useful for attacking or defending a CAN network. The second group of challenges presented consists in a path of four CTFs, developed to provide individuals or teams with an emulation of a theft of a vehicle. The first step consists in gaining access to the car by exploiting a well-known attack against vehicle’s key fob: the Rolljam attack. The second and the third steps are respectively to turn on and to start the vehicle by injecting messages within the network exploiting CAN-bus vulnerabilities. The fourth and last step consists in solving a communication problem between two CAN nodes and retrieving the flag to start the vehicle. For the first challenge participants will be provided with an USB dongle, to receive live radio signals, and with USB wireless transceiver. For what concerns the second and third CTFs, participants will be furnished with a virtual network designed by exploiting the virtual CAN interface offered by Linux operative system. For the final challenge the architecture is more complex. It requires three different boards connected together to form a real physical CAN network. Each CAN frame passing on this network will be forwarded by one of these boards to a Linux machine in such a way that participants can analyze the traffic on the physical CAN network exploiting CAN-Utils tools. The scope of these four CTFs is to provide a challenging scenario for individuals and teams, in which they can improve their skills and learn what are the possible cybersecurity problems in a vehicular environment.

Relators: Paolo Ernesto Prinetto, Nicolò Maunero, Simone Soderi
Academic year: 2021/22
Publication type: Electronic
Number of Pages: 50
Corso di laurea: Corso di laurea magistrale in Ingegneria Informatica (Computer Engineering)
Classe di laurea: New organization > Master science > LM-32 - COMPUTER SYSTEMS ENGINEERING
Aziende collaboratrici: UNSPECIFIED
URI: http://webthesis.biblio.polito.it/id/eprint/22574
Modify record (reserved for operators) Modify record (reserved for operators)