DetailsAbout the talk
In this talk, we will first present a selective denial-of-service attack against the CAN standard which does not involve the transmission of any complete frames for its execution. This type of attack is obviously not detectable via frame-level analysis, which makes most currently proposed detection systems useless. As the attack is based on CAN protocol weaknesses, all CAN bus implementations by all manufacturers were, and are, vulnerable.
After showing a proof-of-concept, we will move on to the much harder part of proposing a possible countermeasure for detecting and preventing such an attack, along with our implementation experience and some thoughts around this and other attacks that may arise from the CAN bus protocol itself.
Stefano Zanero received a PhD in Computer Engineering from Politecnico di Milano, where he is currently an associate professor with the Dipartimento di Elettronica, Informazione e Bioingegneria. His research focuses on malware analysis, cyberphysical security, and cybersecurity in general. Besides teaching “Computer Security” and “Computer Forensics” at Politecnico, he has an extensive speaking and training experience in Italy and abroad. He co-authored over 90 scientific papers and books. He is a Senior Member of the IEEE, the IEEE Computer Society, and a lifetime senior member of the ACM. Stefano. He has been named a Fellow of ISSA (Information System Security Association) and sits in its International Board of Directors. A long time op-ed writer for magazines, Stefano is also a co-founder and chairman of Secure Network, a leading information security consulting firm based in Milan and in London; a co-founder of 18Months, a cloud-based ticketing solutions provider; and a co-founder of BankSealer, a startup in the FinTech sector that addresses fraud detection through machine learning techniques.
Stefano Longari received a BSc and an MSc in Computer Engineering from Politecnico di Milano, where he is currently a PhD Student, dedicating his research to automotive security.