Real-Time Network Defense of SAE J1939 Address Claim Attacks

Heavy vehicles are essential for the modern economy, delivering critical food, supplies, and freight throughout the world. Connected heavy vehicles are also driven by embedded computers that utilize internal communication using common standards. However, some implementations of the standards leave an opening for a malicious actor to abuse the system. One such abuse case is a cyber-attack known as the "Address Claim Attack." Proposed in 2018, this attack uses a single network message to disable all communication to and from a target electronic control unit, which may have a detrimental effect on operating the vehicle. This article demonstrates the viability of the attack and then describes the implementation of a solution to prevent this attack in real time without requiring any intervention from the manufacturer of the target devices. The defense technique uses a bit-banged Controller Area Network (CAN) filter to detect the attack. Once an attack is discovered, the defender induces a CAN protocol error to remove the malicious message from the network. We discuss our results in terms of their applicability for Address Claim Attacks and possible implications for preventing a variety of network-based attacks in real time.