Yong Xie,Gang Zeng,Ryo Kurachi,Fu Xiao,Hiroaki Takada,Shiyan Hu

DOI: https://doi.org/10.1109/tdsc.2022.3194712

2022-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:The CAN FD emerges as a promising CAN technology inside the ACPS due to its advantages of high data-phase bit-rate and message payload. HSM based security solution is recommended by auto industry to protect CAN FD from potential security attacks, but it induces new challenges on timing analysis of CAN FD messages, which is left open in the literature. This article develops the first security-aware system model to describe the processing of CAN FD messages, and presents a new WCRT analysis to bound the interference induced by security-critical messages. We give the theoretical proof that our WCRT analysis can upper bound the response time of CAN FD messages. Using a small message set, we show that the WCRT computed by our new analysis is only 14% percent higher than the true WCRT obtained from an exhaustive search based simulator. By comparing with existing method, the number of impacted messages increases along with the increasing number of security critical messages, and for the two typical CAN FD systems, the percentage of WCRT increase varies from 12.43% to 14.57% and 7.0% to 10.89%, respectively; the percentage of WCRT decrease varies from 3.29% to 6.04% and 4.13% to 7.93%, respectively.

Xie Yong,Zeng Gang,Ryo Kurachi,Xie Guoqi,Dou Yong,Zhou Zhili

DOI: https://doi.org/10.1016/j.sysarc.2017.10.008

IF: 5.836

2017-01-01

Journal of Systems Architecture

Abstract:CAN with flexible data rate (CAN FD) is considered the next generation in-vehicle network standard for automotive cyber-physical systems. CAN FD supports a data phase bit-rate of up to 10 Mbps and message payload of up to 64 bytes. However, the substantial differences regarding the allowed message payloads and the heterogeneity of the signal periods indicate the need for a systematic design method to fully utilize its large transmission bandwidth. We propose an optimized design method for CAN FD to minimize bandwidth utilization while meeting the signal timing constraint. First, two slack evaluation metrics are defined for the quantitative analysis of the potential packing choices. Based on these metrics, we propose a clustering-based signal packing algorithm, and the schedulability of the signals and the packed messages are both verified. The proposed method is compared with other design methods proposed for both CAN and CAN FD. The experimental results demonstrated that our method is the most bandwidth efficient and can meet the timing constraint simultaneously.

Wei Peng,Hong Li,Min Yao,Zheng Sun

DOI: https://doi.org/10.1109/iccet.2010.5485642

2010-01-01

Abstract:In AUTOSAR system configuration phase, integrators face many challenges in determining the tradeoffs when mapping hundreds of software components to electronic control units (ECU), so finding a common method for this artificial process is very significant. In this paper, we provide an approach to help system integrators building a correct and efficient system configuration. In our method, nested software components are decomposed iteratively to atomic ones. Then all atomic components are divided into two groups: ECU-dependent components and ECU-independent components. The former is deployed onto ECUs first according to its hardware requirements. The latter is deployed to a suitable ECU using evolutionary algorithm. In particular, we focus on the resource requirements, real-time scheduling, and minimization of inter-ECU communication consumption that has an important impact on the non-functional aspects of real-time control system. Experiment results demonstrate the effectiveness of our approach.

Yong Xie,Yili Guo,Sheng Yang,Jian Zhou,Xiaobai Chen

DOI: https://doi.org/10.3390/s21206807

IF: 3.9

2021-10-13

Sensors

Abstract:The introduction of various networks into automotive cyber-physical systems (ACPS) brings great challenges on security protection of ACPS functions, the auto industry recommends to adopt the hardware security module (HSM)-based multicore ECU to secure in-vehicle networks while meeting the delay constraint. However, this approach incurs significant hardware cost. Consequently, this paper aims to reduce security enhancing-related hardware cost by proposing two efficient design space exploration (DSE) algorithms, namely, stepwise decreasing-based heuristic algorithm (SDH) and interference balancing-based heuristic algorithm (IBH), which explore the task assignment, task scheduling, and message scheduling to minimize the number of required HSMs. Experiments on both synthetical and real data sets show that the proposed SDH and IBH are superior than state-of-the-art algorithm, and the advantage of SDH and IBH becomes more obvious as the increase about the percentage of security-critical tasks. For synthetic data sets, the hardware cost can be reduced by 61.4% and 45.6% averagely for IBH and SDH, respectively; for real data sets, the hardware cost can be reduced by 64.3% and 54.4% on average for IBH and SDH, respectively. Furthermore, IBH is better than SDH in most cases, and the runtime of IBH is two or three orders of magnitude smaller than SDH and state-of-the-art algorithm.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Yong Xie,Gang Zeng,Ryo Kurachi,Fu Xiao,Hiroaki Takada

DOI: https://doi.org/10.1109/tits.2021.3059769

IF: 8.5

2021-01-01

IEEE Transactions on Intelligent Transportation Systems

Abstract:Extensibility is an important optimization objective for the E/E architecture of automotive cyber-physical systems (ACPS), while little attention has paid to the extensibility-aware design of in-vehicle network. To address this problem, this paper formulates a trade-off problem that balances the bandwidth utilization and the extensibility from the initial design of CAN FD. We firstly propose a new extensibility model and the related evaluation metric, and then two optimization algorithms, namely, the mixed integer linear programming (MILP) approach and the simulated annealing (SA) based heuristic approach, are proposed to resolve the trade-off problem for mid-sized and industry sized signal sets, respectively. The experiment results show the efficiency of the proposed extensibility metric and the optimization algorithms. By comparing with state-of-the-art algorithm, the MILP reduces the increase range of the bandwidth utilization of the extended signal set by 18.17% to 57.64% averagely, and 49.22% to 89.40% maximally, with only 0.06% to 0.79% bandwidth utilization overhead; the SA approach can reduces the increase range of the bandwidth utilization of the extended signal set by 12.71% to 58.33% averagely, and 40.08% to 89.40% maximally, with only 0.06% to 0.8% bandwidth utilization overhead.

Wenhong Ma,Yan Liu,Guoqi Xie,Renfa Li,Laurence T. Yang

DOI: https://doi.org/10.1109/jiot.2021.3085422

IF: 10.6

2021-01-01

IEEE Internet of Things Journal

Abstract:Controller area network with flexible data-rate (CAN-FD) has received great attention in automotive cyber–physical systems (ACPSs) due to its high bandwidth and long payload. However, CAN-FD adopts a broadcast message transmission mechanism and lacks security protection, making it extremely vulnerable to cyberattacks. CAN-FD message packing (packing signals into messages) with low bandwidth occupancy (utilization) under security constraints is the prerequisite for running intelligent applications in ACPS. In this work, we implement a two-stage CAN-FD message packing solution to reduce bandwidth utilization and improve signal acceptance rate under security constraints. The first stage solves the message packing problem of minimizing bus bandwidth utilization under security constraints. The second stage aims at improving the signal acceptance rate by repacking signals. Experimental results show that the first stage reduces average bus bandwidth utilization by 135% compared with the unpacking solution, and the second stage improves the average signal acceptance rate by 5% than existing advanced methods.

computer science, information systems,telecommunications,engineering, electrical & electronic

Guoqi Xie,Laurence T. Yang,Wei Wu,Keyu Zeng,Xiangzhen Xiao,Renfa Li

DOI: https://doi.org/10.1109/tits.2020.3000783

IF: 8.5

2021-08-01

IEEE Transactions on Intelligent Transportation Systems

Abstract:Controller Area Network with Flexible Data-rate (CAN FD) is beneficial for the in-vehicle communication of Internet of Connected Vehicles (IoCVs) because of its high bandwidth and data field length. However, CAN FD lacks a security authentication mechanism, making it extremely vulnerable to masquerade attacks. This study proposes the security enhancement for a real-time parallel in-vehicle application adopting a two-stage method. The first stage obtains the lower bound of an in-vehicle application by quickly abandoning most of sequences, while the second stage enhances security by adding Message Authentication Codes (MACs) to messages taking advantage of the laxity interval from the lower bound to the deadline. Experiments with an example and the adaptive cruise control in-vehicle application show the advantage of the proposed two-stage method in increasing the total byte size of MACs.

engineering, electrical & electronic,transportation science & technology, civil

Qishen Zhou,Bin Zhou,Simon Hu,Claudio Roncoli,Yibing Wang,Jia Hu,Guangquan Lu

DOI: https://doi.org/10.1016/j.trc.2023.104320

2023-01-01

Abstract:This paper presents a safety-enhanced eco-driving strategy for connected and autonomous vehicles (CAVs), which is implemented by a hierarchical and distributed framework. The driving risk field, shockwave theory, and motion planning and control method are integrated into this framework to optimize the trajectories of CAVs on a signalized arterial under mixed traffic flow, with the aim of reducing the driving risk and fuel consumption of CAVs simultaneously, while ensuring traffic efficiency. The optimization procedure is mainly composed of two parts: long-term trajectory planning based on optimal control and short-term trajectory control based on model predictive control, which makes the strategy more adaptable to the various traffic conditions. The results show that the proposed framework can effectively reduce the safety risk that vehicles are exposed to and their fuel consumption by 18%–24% and 20%–27%, respectively. Furthermore, it reveals that conventional eco-driving strategies may result in negative safety issues when only considering the impact of preceding vehicles on the eco-CAV. However, these negative impacts can be eliminated when the impacts of following vehicles on the eco-CAV are taken into account. In addition, the sensitivity analysis on the Market Penetration Rate (MPR) of CAVs and traffic demand is performed. The results show that the framework is robust and can work under various traffic conditions (including under-saturated and over-saturated ones) and different MPRs.

Ruiqi Lu,Guoqi Xie,Renfa Li,Yan Liu,Xinzhong Liu,Wei Xu,Jianmei Lei,Kenli Li

DOI: https://doi.org/10.1109/tcad.2024.3368971

IF: 2.9

2024-01-01

IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems

Abstract:As promising industrial embedded networks, Controller Area Networks with Flexible Data-rate (CAN-FD) are widely used in time-sensitive domains, such as automotive networks. However, the absence of built-in security mechanisms in CAN-FD necessitates the development of security protection mechanisms. The existing Lightweight Authentication for Secure Automotive Networks (LASAN) framework focuses on enhancing the security of CAN/CAN-FD communication but neglects the conflict between security and delay. In this study, we conduct a thorough analysis of the causal mechanism related to the security and delay of LASAN and propose a static message scheduling method called Cooperative Swapping Approach (CSA) to achieve secure and low-delay CAN-FD communication. CSA is to minimize the end-to-end delay of precedence-constrained CAN-FD applications by swapping message positions in a valid message sequence. Nevertheless, exchanging message positions may impact the precedence dependencies between messages; therefore, we propose a novel Cooperative Transform Approach (CTA) within the CSA to efficiently preserve these precedence constraints. Valid message sequences with minimal end-to-end delays of a motivation example and an Adaptive Cruise Control (ACC) application are obtained in LASAN by CSA. These sequences are implemented on the embedded microcontroller platform of STM32H743IITs for evaluation. Experimental results show that our proposed CSA can effectively reduce the end-to-end delay of LASAN and outperform the state-of-the-art static message scheduling method in terms of low delay.

engineering, electrical & electronic,computer science, interdisciplinary applications, hardware & architecture

Yong Xie,Gang Zeng,Ryo Kurachi,Xin Peng,Guoqi Xie,Hiroaki Takada

DOI: https://doi.org/10.1109/tii.2019.2936240

IF: 12.3

2020-01-01

IEEE Transactions on Industrial Informatics

Abstract:To realize the optimized design of the automotive cyber-physical system, it is required to consider the interplay between the communication and computation. However, the existing research about the design of the controller area network (CAN) with flexible data rate (CAN FD) ignores this, it only considers the minimization of the bandwidth utilization and neglects the fact that it would trigger too many unnecessary message receiving interrupts (MRIs) on message receiving electronic control units. To address this problem, this article formulates a tradeoff problem that balances the bandwidth utilization and the number of unnecessary MRIs during the design of the CAN FD. We first propose an algorithm to analyze the number of unnecessary MRIs triggered by the packed messages, and then, two heuristic algorithms, namely, the Top-Down approach and the Hybrid approach, are proposed to resolve the tradeoff problem for midsized and large signal sets, respectively. The experiment results show that compared with the state-of-the-art algorithm, the Top-Down approach reduces the unnecessary MRIs by 10.48 & x0025;-99.89 & x0025; with only 0.02 & x0025;-1.32 & x0025; bandwidth utilization overhead, the Hybrid approach reduces the unnecessary MRIs by 23.15 & x0025;-99.63 & x0025; with only 0.13 & x0025;-2.07 & x0025; bandwidth utilization overhead.

Guoqi Xie,Laurence T. Yang,Yao Liu,Haibo Luo,Xin Peng,Renfa Li

DOI: https://doi.org/10.1109/tvt.2021.3061746

IF: 6.8

2021-06-01

IEEE Transactions on Vehicular Technology

Abstract:The rise of autonomous driving technology and the prosperity of mobile vehicular applications have brought tremendous pressure and put forward high bandwidth and low latency requirements for vehicular networks. Controller Area Network with Flexible Data-rate (CAN-FD) is a feasible choice to meet the high bandwidth and low latency requirements of in-vehicle communication of mobile vehicles. However, CAN-FD is vulnerable to masquerade attacks because it lacks necessary security authentication mechanisms and protection measures. This study presents a security enhancement technique called forward-backward exploration for independent in-vehicle CAN-FD messages while still guaranteeing each message is real-time. In the forward-backward exploration solution, a novel dual-pointer (including the forward pointer and the backward pointer) solution is proposed; the Message Authentication Code (MAC) size of each message is then dynamically adjusted by presenting the dual-pointer movement rules until the total payload no longer increases. Experimental results with real-life CAN-FD message set provided by an automaker demonstrate the effectiveness of our solution.

telecommunications,engineering, electrical & electronic,transportation science & technology

Wufei Wu,Ryo Kurachi,Gang Zeng,Yutaka Matsubara,Hiroaki Takada,Renfa Li,Keqin Li

DOI: https://doi.org/10.1109/access.2018.2870695

IF: 3.9

2018-01-01

IEEE Access

Abstract:Cybersecurity is increasingly important for the safety and reliability of autonomous vehicles. The controller area network (CAN) is the most widely used in-vehicle network for automotive safety-critical applications. Enhancing the cybersecurity ability of CAN while considering the real-time, schedulability, and cost constraints becomes an urgent issue. To address this problem, a real-time, and schedulability analysis-guaranteed security mechanism [identification hopping CAN (IDH-CAN)] is proposed in this paper, which aims to improve the security performance of CAN under the constraints of automotive real-time applications. In order to support the operation of the IDH-CAN mechanism, an IDH-CAN controller is also designed and implemented on a field-programmable gate array, which can work as a hardware firewall in the data link layer of CAN to isolate cyberattacks from the physical layer. Meanwhile, to maximize the information entropy of the CAN message ID on the physical layer, the ID hopping table generation and optimization algorithms for IDH-CAN are also proposed. Then, information security evaluation experiments based on information entropy comparison are deployed. The simulation and practical evaluations demonstrate the effectiveness of the proposed mechanism in defending reverse engineering, targeted denial of service, and replay attacks without violating real-time and schedulability constraints.

Zhangwei Yu,Yan Liu,Guoqi Xie,Renfa Li,Siming Liu,Laurence T. Yang

DOI: https://doi.org/10.1109/tii.2022.3202539

IF: 12.3

2022-12-17

IEEE Transactions on Industrial Informatics

Abstract:Intelligent connected vehicle is rapidly growing with the 5-G technology; the diversity of functional interfaces has significantly expanded the avenues of attack, making automotive controller area network (CAN) more vulnerable to cyberthreats. Automotive CAN network attacks are a direct threat to traffic safety, and in this study, we explore the use of intrusion detection techniques for mitigating cyberattacks. However, most automotive CAN network intrusion detection technologies are not capable of defending against sophisticated attacks, making it extremely challenging for detecting intrusions in practice. In this article, we propose a novel time interval conditional entropy method for detecting intrusions in automotive CAN networks. The time interval conditional entropy intrusion detection method is not susceptible to interference and is capable of detecting a variety of attacks. In our experiments, the conditional entropy values of regular communication messages are collected and utilized to distinguish and detect the attacks. The time interval conditional entropy detection method is implemented and evaluated in our controller area net-work bus (CAN-BUS) network platform. The experiments show that our method has higher detection accuracy and is easier to deploy compared to existing automotive CAN network intrusion detection methods.

automation & control systems,computer science, interdisciplinary applications,engineering, industrial

Franco Oberti,Alessandro Savino,Ernesto Sanchez,Filippo Parisi,Stefano Di Carlo

DOI: https://doi.org/10.1109/TDMR.2022.3157000

2022-03-07

Abstract:The automobile industry is no longer relying on pure mechanical systems; instead, it benefits from advanced Electronic Control Units (ECUs) in order to provide new and complex functionalities in the effort to move toward fully connected cars. However, connected cars provide a dangerous playground for hackers. Vehicles are becoming increasingly vulnerable to cyber attacks as they come equipped with more connected features and control systems. This situation may expose strategic assets in the automotive value chain. In this scenario, the Controller Area Network (CAN) is the most widely used communication protocol in the automotive domain. However, this protocol lacks encryption and authentication. Consequently, any malicious/hijacked node can cause catastrophic accidents and financial loss. Starting from the analysis of the vulnerability connected to the CAN communication protocol in the automotive domain, this paper proposes EXT-TAURUM P2T a new low-cost secure CAN-FD architecture for the automotive domain implementing secure communication among ECUs, a novel key provisioning strategy, intelligent throughput management, and hardware signature mechanisms. The proposed architecture has been implemented, resorting to a commercial Multi-Protocol Vehicle Interface module, and the obtained results experimentally demonstrate the approach's feasibility.

Cryptography and Security

Qian Wang,Yiming Qian,Zhaojun Lu,Yasser Shoukry,Gang Qu

DOI: https://doi.org/10.1109/asianhost.2018.8607178

2018-01-01

Abstract:The recent developments in the automobile industry and the self-driving technology necessitated an increase in the traditional automobile features to guarantee the drivers safety, improve the driving convenience and realize the autonomous driving. To support these necessary functions and features, a significant amount of the hardware equipment, i.e., Electronic Control Unit (ECU), is integrated into the car system. However, these ECUs also bring security vulnerabilities because their communication follows the Controller Area Network (CAN) protocol that was designed without supporting message origin authentication. Several methods to resolve this problem have been proposed in the literature, but most of them would require heavy communications and calculations to support the cryptography algorithms. In this paper, we propose a delay-based Intrusion Detection System (IDS) to protect the CAN network by identifying the location of the compromised ECU for the in-vehicle network. We develop and implement our detection method on CAN bus prototype, and our results show that our method is capable of an overall detection accuracy above 97%. The proposed scheme is demonstrated to protect the integrity of the messages on CAN bus leading to a further improve the security and safety of autonomous vehicles.

Qiang Dong,Zenglu Song,Haoshu Shao

DOI: https://doi.org/10.1049/ell2.13112

2024-01-30

Electronics Letters

Abstract:This research presents a novel method for detecting and defending against intrusions in the Controller Area Network (CAN) bus used in automotive systems. By analysing frequency anomalies in message transmission and utilizing the arbitration mechanism of the CAN bus, this approach effectively identifies and disrupts illegal messages in real‐time, ensuring the security of the network. As automobile intelligence continues to develop, the electronic control units connected to the Controller Area Network (CAN) bus within vehicles face an increasing number of threats from potential attacks originating from the internet. To address this issue, an intrusion detection and defence method is proposed that is capable of detecting illegal messages through the use of frequency anomaly detection, and subsequently disrupting them through utilization of the CAN bus arbitration mechanism. This proposed method offers a simple implementation compared to traditional approaches, while being able to identify suspicious units and neutralize threats in real‐time. Experimental results demonstrate the effectiveness of this approach.

engineering, electrical & electronic

Dong-Hoon Shin,Shibo He,Junshan Zhang

DOI: https://doi.org/10.1109/tnet.2015.2403862

2016-01-01

IEEE/ACM Transactions on Networking

Abstract:Cyber-Physical Systems (CPS) are emerging as the underpinning technology for major industries in this century. Wide-area monitoring and control is an essential ingredient of CPS to ensure reliability and security. Traditionally, a hierarchical system has been used to monitor and control remote devices deployed in a large geographical region. However, a general consensus is that such a hierarchical system can be highly vulnerable to component (i.e., nodes and links) failures, calling for a robust and cost-effective communication system for CPS. To this end, we consider a middleware approach to leverage the existing commercial communication infrastructure (e.g., Internet and cellular networks) with abundant connectivity. In this approach, a natural question is how to use the middleware to cohesively "glue" the physical system and the commercial communication infrastructure together, in order to enhance robustness and cost-effectiveness. We tackle this problem while taking into consideration two different cases of middleware deployment: single-stage and multi-stage deployments. We design offline and online algorithms for these two cases, respectively. We show that the offline algorithm achieves the best possible approximation ratio while the online algorithm attains the order-optimal competitive ratio. We also demonstrate the performance of our proposed algorithms through simulations.

Guoqi Xie,Gang Zeng,Jiyao An,Renfa Li,Keqin Li

DOI: https://doi.org/10.1145/3162052

2018-01-01

ACM Transactions on Cyber-Physical Systems

Abstract:Automotive functional safety standard ISO 26262 aims to avoid unreasonable risks due to systematic failures and random hardware failures caused by malfunctioning behavior. Automotive functions involve distributed end-to-end computation in automotive cyber-physical systems (ACPSs). The automotive industry is highly cost-sensitive to the mass market. This study presents a resource-cost-aware fault-tolerant design methodology for end-to-end functional safety computation on ACPSs. The proposed design methodology involves early functional safety requirement verification and late resource cost design optimization. We first propose the functional safety requirement verification (FSRV) method to verify the functional safety requirement consisting of reliability and response time requirements of the distributed automotive function during the early design phase. We then propose the resource-cost-aware fault-tolerant optimization (RCFO) method to reduce the resource cost while satisfying the functional safety requirement of the function during the late design phase. Finally, we perform experiments with real-life automotive and synthetic automotive functions. Findings reveal that the proposed RCFO and VFSR methods demonstrate satisfactory resource cost reduction compared with other methods while satisfying the functional safety requirement.

Shan Ding,Hui Wang,Gang Zeng

DOI: https://doi.org/10.1109/SmartWorld-UIC-ATC-SCALCOM-IOP-SCI.2019.00055

2019-01-01

Abstract:Controller Area Network (CAN) is the most widely used in-vehicle network for communication among electronic control units (ECUs). To overcome the bandwidth limitation of standard CAN, CAN with flexible data rate (CAN FD) has been proposed. However, packing CAN FD frame with minimum bandwidth utilization and meeting real-time requirement simultaneously is a challenge. Previous research revealed that packing frames with minimized bandwidth utilization may violate frames' deadlines. To mitigate this issue, we proposed an integrated framework for packing frames to reduce the bandwidth utilization and improve the schedulability of packed frames simultaneously. The framework first employs an existing genetic algorithm (GA) for packing signals for each ECU separately, and then assigning offsets for packed frames in all ECUs together. Intensive experiments on randomly generated signal sets demonstrated that the proposed framework can achieve higher schedulability while maintaining the minimum bandwidth utilization comparing with the state-of-the-art methods.

Youngmi Baek,Seongjoo Shin

DOI: https://doi.org/10.3390/s22072636

2022-03-29

Abstract:Automotive cyber-physical systems are in transition from the closed-systems to open-networking systems. As a result, in-vehicle networks such as the controller area network (CAN) have become essential to connect to inter-vehicle networks through the various rich interfaces. Newly exposed security concerns derived from this requirement may cause in-vehicle networks to pose threats to automotive security and driver's safety. In this paper, to ensure a high level of security of the in-vehicle network for automotive CPS, we propose a novel lightweight and practical cyber defense platform, referred to as CANon (CAN with origin authentication and non-repudiation), to be enabled to detect cyber-attacks in real-time. CANon is designed based on the hierarchical approach of centralized-session management and distributed-origin authentication. In the former, a gateway node manages each initialization vector and session of origin-centric groups consisting of two more sending and receiving nodes. In the latter, the receiving nodes belonging to the given origin-centric group individually perform the symmetric key-based detection against cyber-attacks by verifying each message received from the sending node, namely origin authentication, in real-time. To improve the control security, CANon employs a one-time local key selected from a sequential hash chain (SHC) for authentication of an origin node in a distributed mode and exploits the iterative hash operations with randomness. Since the SHC can constantly generate and consume hash values regardless of their memory capacities, it is very effective for resource-limited nodes for in-vehicle networks. In addition, through implicit key synchronization within a given group, CANon addresses the challenges of a key exposure problem and a complex key distribution mechanism when performing symmetric key-based authentication. To achieve lightweight cyber-attack detection without imposing an additive load on CAN, CANon uses a keyed-message authentication code (KMAC) activated within a given group. The detection performance of CANon is evaluated under an actual node of Freescale S12XF and virtual nodes operating on the well-known CANoe tool. It is seen that the detection rate of CANon against brute-force and replay attacks reaches 100% when the length of KMAC is over 16 bits. It demonstrates that CANon ensures high security and is sufficient to operate in real-time even on low-performance ECUs. Moreover, CANon based on several software modules operates without an additive hardware security module at an upper layer of the CAN protocol and can be directly ported to CAN-FD (CAN with Flexible Data rate) so that it achieves the practical cyber defense platform.