Jinli Zhong,Suguo Du,Lu Zhou,Haojin Zhu,Fan Cheng,Cailian Chen,Qingshui Xue

DOI: https://doi.org/10.1109/vtcfall.2017.8288289

2017-01-01

Abstract:Controller Area Network (CAN), the de facto standard in-vehicle network protocol, prompts modern automobile an integrated system that achieves real-time interactions with roads, vehicles and people. Yet such connectivity makes it feasible to illegally access, or even attack the CAN, causing not only privacy disclosure, property damage, but also life threat. In this paper, we analyze intrinsic weakness in CAN protocol that is mostly exploited by attackers and comprehensively survey the existing attacks based on CAN interfaces. Furthermore, we propose an attack evaluation system based on attack tree model and Markov chain to assess the probability of compromising CAN and the steady state of CAN system at the presence of these attacks. Finally, we simulate new steady state when altering the difficulty of a certain attack and the results demonstrate that sometimes improving defense of an attack declines the security level of the entire system instead.

Mehmet Bozdal,Mohammad Samie,Sohaib Aslam,Ian Jennions

DOI: https://doi.org/10.3390/s20082364

IF: 3.9

2020-04-21

Sensors

Abstract:The automobile industry no longer relies on pure mechanical systems; instead, it benefits from many smart features based on advanced embedded electronics. Although the rise in electronics and connectivity has improved comfort, functionality, and safe driving, it has also created new attack surfaces to penetrate the in-vehicle communication network, which was initially designed as a close loop system. For such applications, the Controller Area Network (CAN) is the most-widely used communication protocol, which still suffers from various security issues because of the lack of encryption and authentication. As a result, any malicious/hijacked node can cause catastrophic accidents and financial loss. This paper analyses the CAN bus comprehensively to provide an outlook on security concerns. It also presents the security vulnerabilities of the CAN and a state-of-the-art attack surface with cases of implemented attack scenarios and goes through different solutions that assist in attack prevention, mainly based on an intrusion detection system (IDS).

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Omid Avatefipour,Hafiz Malik

DOI: https://doi.org/10.48550/arXiv.1802.01725

2018-02-06

Abstract:Nowadays with the help of advanced technology, modern vehicles are not only made up of mechanical devices but also consist of highly complex electronic devices and connections to the outside world. There are around 70 Electronic Control Units (ECUs) in modern vehicle which are communicating with each other over the standard communication protocol known as Controller Area Network (CAN-Bus) that provides the communication rate up to 1Mbps. There are different types of in-vehicle network protocol and bus system namely Controlled Area Network (CAN), Local Interconnected Network (LIN), Media Oriented System Transport (MOST), and FlexRay. Even though CAN-Bus is considered as de-facto standard for in-vehicle network communication, it inherently lacks the fundamental security features by design like message authentication. This security limitation has paved the way for adversaries to penetrate into the vehicle network and do malicious activities which can pose a dangerous situation for both driver and passengers. In particular, nowadays vehicular networks are not only closed systems, but also they are open to different external interfaces namely Bluetooth, GPS, to the outside world. Therefore, it creates new opportunities for attackers to remotely take full control of the vehicle. The objective of this research is to survey the current limitations of CAN-Bus protocol in terms of secure communication and different solutions that researchers in the society of automotive have provided to overcome the CAN-Bus limitation on different layers.

Cryptography and Security

Damilola Oladimeji,Amar Rasheed,Cihan Varol,Mohamed Baza,Hani Alshahrani,Abdullah Baz

DOI: https://doi.org/10.3390/s23198223

2023-10-02

Abstract:Current vehicles include electronic features that provide ease and convenience to drivers. These electronic features or nodes rely on in-vehicle communication protocols to ensure functionality. One of the most-widely adopted in-vehicle protocols on the market today is the Controller Area Network, popularly referred to as the CAN bus. The CAN bus is utilized in various modern, sophisticated vehicles. However, as the sophistication levels of vehicles continue to increase, we now see a high rise in attacks against them. These attacks range from simple to more-complex variants, which could have detrimental effects when carried out successfully. Therefore, there is a need to carry out an assessment of the security vulnerabilities that could be exploited within the CAN bus. In this research, we conducted a security vulnerability analysis on the CAN bus protocol by proposing an attack scenario on a CAN bus simulation that exploits the arbitration feature extensively. This feature determines which message is sent via the bus in the event that two or more nodes attempt to send a message at the same time. It achieves this by prioritizing messages with lower identifiers. Our analysis revealed that an attacker can spoof a message ID to gain high priority, continuously injecting messages with the spoofed ID. As a result, this prevents the transmission of legitimate messages, impacting the vehicle's operations. We identified significant risks in the CAN protocol, including spoofing, injection, and Denial of Service. Furthermore, we examined the latency of the CAN-enabled system under attack, finding that the compromised node (the attacker's device) consistently achieved the lowest latency due to message arbitration. This demonstrates the potential for an attacker to take control of the bus, injecting messages without contention, thereby disrupting the normal operations of the vehicle, which could potentially compromise safety.

Jing Ning,Jiadai Wang,Jiajia Liu,Nei Kato

DOI: https://doi.org/10.1109/LCOMM.2019.2937097

IF: 3.5529

2019-01-01

IEEE Communications Letters

Abstract:As the most wide-spread in-vehicle data bus protocol, CAN (Controller Area Network) has attracted more and more attention due to its lack of security protection mechanism. A variety of attacks against CAN bus have emerged, posing serious threat to vehicle safety. Accordingly, some methods have been proposed to detect CAN bus attacks, however, they have certain shortcomings such as additional compu...

Robert Buttigieg,Mario Farrugia,Clyde Meli

DOI: https://doi.org/10.1109/sta.2017.8314877

2017-12-01

Abstract:Modern vehicles may contain a considerable number of ECUs (Electronic Control Units) which are connected through various means of communication, with the CAN (Controller Area Network) protocol being the most widely used. However, several vulnerabilities such as the lack of authentication and the lack of data encryption have been pointed out by several authors, which ultimately render vehicles unsafe to their users and surroundings. Moreover, the lack of security in modern automobiles has been studied and analyzed by other researchers as well as several reports about modern car hacking have (already) been published. The contribution of this work aimed to analyze and test the level of security and how resilient is the CAN protocol by taking a BMW E90 (3-series) instrument cluster as a sample for a proof of concept study. This investigation was carried out by building and developing a rogue device using cheap commercially available components while being connected to the same CAN-Bus as a man in the middle device in order to send spoofed messages to the instrument cluster.

Yijie Xun,Yuanyuan Sun,Jiajia Liu

DOI: https://doi.org/10.1109/icc.2019.8761789

2018-01-01

Abstract:As the mainstream of future automotive industry, Intelligent and Connected Vehicles (ICVs) have versatile connections between themselves and external devices, although able to provide more conveniences and better driving experiences for the users, also bring forward lots of intrusion portals for the malicious attackers. It is noticed that the final step of almost all attacks in available works, must be at the in-vehicle network, i.e., the CAN bus. Actually, the characteristics of CAN data, specifically, the broadcast transmission on the CAN bus, as well as the unencrypted authentication strategy make the CAN bus vulnerable to various attacks. Different from previous works about CAN bus, we present in this paper a comprehensive study on the in-vehicle network of a modern ICV (a Luxgen SUV), from the perspective of the vehicle auxiliary system. We first clarify the complicated communication process among the smart key, Body Control Module (BCM), and Key Control Unit (KCU), identify the loophole among the Luxgen auxiliary system, and then introduce a practical method to utilize this vulnerability. Finally, extensive experiments have been conducted on the Luxgen SUV where a wireless diagnostic equipment was utilized to achieve successful remote invasion in road tests.

Jiajia Liu,Shubin Zhang,Wen Sun,Yongpeng Shi

DOI: https://doi.org/10.1109/mnet.2017.1600257

IF: 10.294

2017-01-01

IEEE Network

Abstract:The emergence of in-vehicle networks, which are composed of controller area network (CAN) buses and a great number of ECUs, significantly reduces the difficulty of vehicle designing, repairing and refitting. While owing to the intrinsic vulnerabilities of in-vehicle networks and the increasingly rich interfaces to connect in-vehicle networks to the outside, adversarial attacks can be easily implemented on in-vehicle networks. Such attacks cause serious threats to automobile security and drivers privacy. In light of this, we provide in this article a detailed guidance, explain the basic concepts, introduce the vulnerabilities of in-vehicle networks, and summarize the attacking methodologies. We also provide countermeasures for in-vehicle networks and point out challenges and future directions.

Zi-An Zhao,Yu Sun,Dawei Li,Jian Cui,Zhenyu Guan,Jianwei Liu

DOI: https://doi.org/10.1155/2021/2314520

IF: 1.968

2021-01-01

Security and Communication Networks

Abstract:Intravehicular communication relies on controller area network (CAN) protocol to deliver messages and instructions among different electronic control units (ECU). Unfortunately, inherent defects in CAN include the absence of confidentiality and integrity mechanism, enabling adversaries to launch attacks from wired or wireless interfaces. Although various CAN cryptographic protocols have been proposed for entity authentication and secure communication, the redundancy in the key establishment phase weakens their availability in large-scale CAN. In this paper, we propose a scalable security protocol suite for intravehicular networks and reduce the communication costs significantly. A new type of attack, suspension attack, is identified for the existing protocols and mitigated in our protocol by leveraging a global counter scheme. We formally verify the security properties of the proposed protocol suite through the AVISPA tool. The simulation results indicate that the communication and computation efficiency are improved in our protocol.

Qian Wang,Zhaojun Lu,Gang Qu

DOI: https://doi.org/10.48550/arXiv.1808.04046

2018-08-13

Abstract:Dozens of Electronic Control Units (ECUs) can be found on modern vehicles for safety and driving assistance. These ECUs also introduce new security vulnerabilities as recent attacks have been reported by plugging the in-vehicle system or through wireless access. In this paper, we focus on the security of the Controller Area Network (CAN), which is a standard for communication among ECUs. CAN bus by design does not have sufficient security features to protect it from insider or outsider attacks. Intrusion detection system (IDS) is one of the most effective ways to enhance vehicle security on the insecure CAN bus protocol. We propose a new IDS based on the entropy of the identifier bits in CAN messages. The key observation is that all the known CAN message injection attacks need to alter the CAN ID bits and analyzing the entropy of such bits can be an effective way to detect those attacks. We collected real CAN messages from a vehicle (2016 Ford Fusion) and performed simulated message injection attacks. The experimental results showed that our entropy based IDS can successfully detect all the injection attacks without disrupting the communication on CAN.

Cryptography and Security

Zhangwei Yu,Yan Liu,Guoqi Xie,Renfa Li,Siming Liu,Laurence T. Yang

DOI: https://doi.org/10.1109/tii.2022.3202539

IF: 12.3

2022-12-17

IEEE Transactions on Industrial Informatics

Abstract:Intelligent connected vehicle is rapidly growing with the 5-G technology; the diversity of functional interfaces has significantly expanded the avenues of attack, making automotive controller area network (CAN) more vulnerable to cyberthreats. Automotive CAN network attacks are a direct threat to traffic safety, and in this study, we explore the use of intrusion detection techniques for mitigating cyberattacks. However, most automotive CAN network intrusion detection technologies are not capable of defending against sophisticated attacks, making it extremely challenging for detecting intrusions in practice. In this article, we propose a novel time interval conditional entropy method for detecting intrusions in automotive CAN networks. The time interval conditional entropy intrusion detection method is not susceptible to interference and is capable of detecting a variety of attacks. In our experiments, the conditional entropy values of regular communication messages are collected and utilized to distinguish and detect the attacks. The time interval conditional entropy detection method is implemented and evaluated in our controller area net-work bus (CAN-BUS) network platform. The experiments show that our method has higher detection accuracy and is easier to deploy compared to existing automotive CAN network intrusion detection methods.

automation & control systems,computer science, interdisciplinary applications,engineering, industrial

Liang Tang,Yihan Li,Chun Shi,Linlin Qin,Gang Wu

DOI: https://doi.org/10.3969/j.issn.1000-386x.2017.03.050

2017-01-01

Abstract:The application and development of IOV(Internet of the vehicle) is the trend of the development of vehicle technology.While IOV has driven major advancement in vehicle performance and providing efficient and convenient services, it also brings potential information security risks to vehicles.In view of the problems that IOV brings, analysing the research status of its information security, we design the information security gateway(ISG) for electric vehicles.The ISG interconnects the controller area network(CAN) and the Ethernet, and migrates the IPSec protocol on IP layer.Aiming at the data in and out of CAN bus, it performs protocol conversion, data encrypt and decrypt, and data integrity check.It can prevent attackers from eavesdropping and tampering the communication information between electric vehicles and the outside world, as well as controlling the operation of these vehicles by infiltrating CAN bus.Experimental tests indicates that ISG ensures the information security of electric vehicles by providing data source authentication, data integrity and data confidentiality.

Jing Ning,Jiajia Liu

DOI: https://doi.org/10.1109/globecom38437.2019.9013930

2019-01-01

Abstract:The auxiliary functions of modern vehicles have increased the number of attack surfaces. As the most important information exchange channel for vehicles, Controller Area Network (CAN) attracts more and more attention. Due to no encryption and authentication, CAN bus is vulnerable to attack. Thus, the attacker can manipulate the message with serious consequences. Several methods have been proposed to improve the security of vehicles. However, most of them have their own deficiencies. In this paper, we propose an LOF-based attack detection scheme which utilizes the voltage physical characteristics of the CAN frame to judge whether a message is transmitted by a legitimate Electronic Control Unit (ECU). As validated by extensive experiments on two vehicles, our scheme can identify the attacker with an average detection rate of 98.9\%, and the false detection rate is less than 0.5\%. In addition, our scheme can accurately identify attacks from external devices.

Kshitija S. Tekade,SIPNA College of Engineering and Technology, Amravati, India

DOI: https://doi.org/10.48175/ijarsct-4824

2022-06-17

Abstract:According to today’s upcoming technologies vehicle is one of the important necessity of human being. A vehicle dynamics, economy and comfort are improved by traditional electronic control but some problems comp up and they are very dangerous. Hence in-vehicle networking protocol gives benefits to many faults so we can inhibit problems such as the body wiring complexity, space constraints and some reliability issues. Therefore Alarming statistics of accidents and increased number of vehicles on road demands for an intelligent safety mechanism that helps the driver in handling immediate precarious situations. The Main motivation of this proposed system is to reduce fatal incidents happen in car accident. Controller area network (CAN) has been widely used for in-vehicle network. The demand of data rate of in-vehicle network has risen sharply, while traditional CAN communication cannot support this demand of data rate with limited bandwidth around DC. CAN which connects the ECUs (Electrical Control Units) embedded in the automobiles. The Main motivation of this project is to reduce fatal incidents after a car accident.

Youngmi Baek,Seongjoo Shin

DOI: https://doi.org/10.3390/s22072636

2022-03-29

Abstract:Automotive cyber-physical systems are in transition from the closed-systems to open-networking systems. As a result, in-vehicle networks such as the controller area network (CAN) have become essential to connect to inter-vehicle networks through the various rich interfaces. Newly exposed security concerns derived from this requirement may cause in-vehicle networks to pose threats to automotive security and driver's safety. In this paper, to ensure a high level of security of the in-vehicle network for automotive CPS, we propose a novel lightweight and practical cyber defense platform, referred to as CANon (CAN with origin authentication and non-repudiation), to be enabled to detect cyber-attacks in real-time. CANon is designed based on the hierarchical approach of centralized-session management and distributed-origin authentication. In the former, a gateway node manages each initialization vector and session of origin-centric groups consisting of two more sending and receiving nodes. In the latter, the receiving nodes belonging to the given origin-centric group individually perform the symmetric key-based detection against cyber-attacks by verifying each message received from the sending node, namely origin authentication, in real-time. To improve the control security, CANon employs a one-time local key selected from a sequential hash chain (SHC) for authentication of an origin node in a distributed mode and exploits the iterative hash operations with randomness. Since the SHC can constantly generate and consume hash values regardless of their memory capacities, it is very effective for resource-limited nodes for in-vehicle networks. In addition, through implicit key synchronization within a given group, CANon addresses the challenges of a key exposure problem and a complex key distribution mechanism when performing symmetric key-based authentication. To achieve lightweight cyber-attack detection without imposing an additive load on CAN, CANon uses a keyed-message authentication code (KMAC) activated within a given group. The detection performance of CANon is evaluated under an actual node of Freescale S12XF and virtual nodes operating on the well-known CANoe tool. It is seen that the detection rate of CANon against brute-force and replay attacks reaches 100% when the length of KMAC is over 16 bits. It demonstrates that CANon ensures high security and is sufficient to operate in real-time even on low-performance ECUs. Moreover, CANon based on several software modules operates without an additive hardware security module at an upper layer of the CAN protocol and can be directly ported to CAN-FD (CAN with Flexible Data rate) so that it achieves the practical cyber defense platform.

Qian Wang,Yiming Qian,Zhaojun Lu,Yasser Shoukry,Gang Qu

DOI: https://doi.org/10.1109/asianhost.2018.8607178

2018-01-01

Abstract:The recent developments in the automobile industry and the self-driving technology necessitated an increase in the traditional automobile features to guarantee the drivers safety, improve the driving convenience and realize the autonomous driving. To support these necessary functions and features, a significant amount of the hardware equipment, i.e., Electronic Control Unit (ECU), is integrated into the car system. However, these ECUs also bring security vulnerabilities because their communication follows the Controller Area Network (CAN) protocol that was designed without supporting message origin authentication. Several methods to resolve this problem have been proposed in the literature, but most of them would require heavy communications and calculations to support the cryptography algorithms. In this paper, we propose a delay-based Intrusion Detection System (IDS) to protect the CAN network by identifying the location of the compromised ECU for the in-vehicle network. We develop and implement our detection method on CAN bus prototype, and our results show that our method is capable of an overall detection accuracy above 97%. The proposed scheme is demonstrated to protect the integrity of the messages on CAN bus leading to a further improve the security and safety of autonomous vehicles.

Chao Shang,Jin Cao,Jiajia Liu,Yinghui Zhang,Ben Niu,Hui Li

DOI: https://doi.org/10.1109/tits.2023.3339821

IF: 8.5

2023-01-01

IEEE Transactions on Intelligent Transportation Systems

Abstract:Controller Area Network (CAN) is the most wide-used bus system in Intra-Vehicle Networks(IVN). However, the nature of broadcast communication and the lack of security mechanisms make the CAN bus extremely fragile against malicious attacks. Although there are works protecting IVN, most of them are not feasible when applied to real vehicles because they do not consider the IVN node capability. In this paper, we propose a security framework for the CAN bus, covering ECU entity identity management and authentication, symmetric key generation and update, intra-domain, cross-domain secure transmission, and sensitivity-based security classification methods. We formally verify our protocols using the up-to-date tool Tamarin and simulate real attacks in a simulation environment and the results show that the proposed protocol can resist these attacks. By the use of speck encryption and the Chaskey MAC algorithm in our schemes, the analysis results show that the increased time of a frame for a single ECU in our proposed intra-domain scheme is $2.09~ms$ to $2.78~ms$ on Arduino Mega, and $121.65 \mu s$ to $152.15 \mu s$ on Arduino DUE, which takes up $6.08\%$ to $7.61\%$ of a 10ms cyclic time frame. And in the cross-domain scheme is $2.55~ms$ to $3.24~ms$ on Arduino Mega, and $134.30 \mu s$ to $164.80 \mu s$ on Arduino DUE, which takes up $6.72\%$ to $8.24\%$ of a 10ms frame. To the best of our knowledge, this is the first time an IVN cross-domain secure transmission protocol has been proposed without changing the IVN network topology or the CAN protocol. Our work brings practical protection to IVN.

Wufei Wu,Ryo Kurachi,Gang Zeng,Yutaka Matsubara,Hiroaki Takada,Renfa Li,Keqin Li

DOI: https://doi.org/10.1109/access.2018.2870695

IF: 3.9

2018-01-01

IEEE Access

Abstract:Cybersecurity is increasingly important for the safety and reliability of autonomous vehicles. The controller area network (CAN) is the most widely used in-vehicle network for automotive safety-critical applications. Enhancing the cybersecurity ability of CAN while considering the real-time, schedulability, and cost constraints becomes an urgent issue. To address this problem, a real-time, and schedulability analysis-guaranteed security mechanism [identification hopping CAN (IDH-CAN)] is proposed in this paper, which aims to improve the security performance of CAN under the constraints of automotive real-time applications. In order to support the operation of the IDH-CAN mechanism, an IDH-CAN controller is also designed and implemented on a field-programmable gate array, which can work as a hardware firewall in the data link layer of CAN to isolate cyberattacks from the physical layer. Meanwhile, to maximize the information entropy of the CAN message ID on the physical layer, the ID hopping table generation and optimization algorithms for IDH-CAN are also proposed. Then, information security evaluation experiments based on information entropy comparison are deployed. The simulation and practical evaluations demonstrate the effectiveness of the proposed mechanism in defending reverse engineering, targeted denial of service, and replay attacks without violating real-time and schedulability constraints.

Xuhang Ying,Giuseppe Bernieri,Mauro Conti,Linda Bushnell,Radha Poovendran

DOI: https://doi.org/10.1109/tdsc.2021.3068213

2021-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:In recent years, the security of automotive Cyber-Physical Systems (CPSs) is facing urgent threats due to the widespread use of legacy in-vehicle communication systems. As a representative legacy bus system, the Controller Area Network (CAN) hosts Electronic Control Units (ECUs) that are crucial for the vehicles functioning. In this scenario, malicious actors can exploit the CAN vulnerabilities, such as the lack of built-in authentication and encryption schemes, to launch CAN bus attacks (e.g., suspension, injection, and masquerade attacks) with life-threatening consequences (e.g., disabling brakes). In this article, we present TACAN (Transmitter Authentication in CAN), which provides secure authentication of ECUs on the legacy CAN bus by exploiting the covert channels, without introducing CAN protocol modifications or traffic overheads (no extra bits or CAN messages are used). TACAN turns upside-down the originally malicious concept of covert channels and exploits it to build an effective defensive technique that facilitates transmitter authentication via a centralized, trusted Monitor Node. TACAN consists of three different covert channels for ECU authentication: 1) the Inter-Arrival Time (IAT)-based, leveraging the IATs of CAN messages; 2) the Least Significant Bit (LSB)-based, concealing authentication messages into the LSBs of normal CAN data; and 3) a hybrid covert channel, exploiting the combination of the first two. In order to validate TACAN, we implement the covert channels on the University of Washington (UW) EcoCAR (Chevrolet Camaro 2016) testbed. We further evaluate the bit error, throughput, and detection performance of TACAN through extensive experiments using the EcoCAR testbed and a publicly available dataset collected from Toyota Camry 2010. We demonstrate the feasibility of TACAN and the effectiveness of detecting CAN bus attacks, highlighting no traffic overheads and attesting the regular functionality of-ECUs.

computer science, information systems, software engineering, hardware & architecture

Seonghoon Jeong,Sangho Lee,Hwejae Lee,Huy Kang Kim

DOI: https://doi.org/10.1109/TVT.2023.3327275

2024-03-14

Abstract:Controller Area Network (CAN) is an essential networking protocol that connects multiple electronic control units (ECUs) in a vehicle. However, CAN-based in-vehicle networks (IVNs) face security risks owing to the CAN mechanisms. An adversary can sabotage a vehicle by leveraging the security risks if they can access the CAN bus. Thus, recent actions and cybersecurity regulations (e.g., UNR 155) require carmakers to implement intrusion detection systems (IDSs) in their vehicles. The IDS should detect cyberattacks and provide additional information to analyze conducted attacks. Although many IDSs have been proposed, considerations regarding their feasibility and explainability remain lacking. This study proposes X-CANIDS, which is a novel IDS for CAN-based IVNs. X-CANIDS dissects the payloads in CAN messages into human-understandable signals using a CAN database. The signals improve the intrusion detection performance compared with the use of bit representations of raw payloads. These signals also enable an understanding of which signal or ECU is under attack. X-CANIDS can detect zero-day attacks because it does not require any labeled dataset in the training phase. We confirmed the feasibility of the proposed method through a benchmark test on an automotive-grade embedded device with a GPU. The results of this work will be valuable to carmakers and researchers considering the installation of in-vehicle IDSs for their vehicles.

Cryptography and Security,Signal Processing