Shan Ding,Tong Zhao,Ryo Kurachi,Gang Zeng

DOI: https://doi.org/10.1109/dasc/picom/datacom/cyberscitec.2018.00029

2018-01-01

Abstract:Controller Area Network (CAN) is the most widely employed real-time communication protocol for safety-critical applications. Recently, an issue of security countermeasure for CAN is the limited bandwidth of CAN. For this reason, the ID hopping technology has been proposed to improve the security with limited resource by varying the ID of a message when transmitting it on the CAN bus. However, the existing ID hopping method is not effective in terms of ID variation. In this paper, we propose a real-time and security mechanism to improve the security effect of ID hopping. Firstly, we obfuscate the priority of messages with two MILP models and a greedy algorithm called "Priority Bound Decision Algorithm", making priority different on the application layer. Secondly, combining the ID-hopping, our method can enhance the diversity of IDs on the data link layer. Thirdly, the results of security analysis indicate that our proposal can hinder the targeted DoS, replay attack and reverse engineering better than some existing methods.

Wufei Wu,Ryo Kurachi,Gang Zeng,Yutaka Matsubara,Hiroaki Takada,Renfa Li,Keqin Li

DOI: https://doi.org/10.1109/access.2018.2870695

IF: 3.9

2018-01-01

IEEE Access

Abstract:Cybersecurity is increasingly important for the safety and reliability of autonomous vehicles. The controller area network (CAN) is the most widely used in-vehicle network for automotive safety-critical applications. Enhancing the cybersecurity ability of CAN while considering the real-time, schedulability, and cost constraints becomes an urgent issue. To address this problem, a real-time, and schedulability analysis-guaranteed security mechanism [identification hopping CAN (IDH-CAN)] is proposed in this paper, which aims to improve the security performance of CAN under the constraints of automotive real-time applications. In order to support the operation of the IDH-CAN mechanism, an IDH-CAN controller is also designed and implemented on a field-programmable gate array, which can work as a hardware firewall in the data link layer of CAN to isolate cyberattacks from the physical layer. Meanwhile, to maximize the information entropy of the CAN message ID on the physical layer, the ID hopping table generation and optimization algorithms for IDH-CAN are also proposed. Then, information security evaluation experiments based on information entropy comparison are deployed. The simulation and practical evaluations demonstrate the effectiveness of the proposed mechanism in defending reverse engineering, targeted denial of service, and replay attacks without violating real-time and schedulability constraints.

Xuhang Ying,Giuseppe Bernieri,Mauro Conti,Linda Bushnell,Radha Poovendran

DOI: https://doi.org/10.1109/tdsc.2021.3068213

2021-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:In recent years, the security of automotive Cyber-Physical Systems (CPSs) is facing urgent threats due to the widespread use of legacy in-vehicle communication systems. As a representative legacy bus system, the Controller Area Network (CAN) hosts Electronic Control Units (ECUs) that are crucial for the vehicles functioning. In this scenario, malicious actors can exploit the CAN vulnerabilities, such as the lack of built-in authentication and encryption schemes, to launch CAN bus attacks (e.g., suspension, injection, and masquerade attacks) with life-threatening consequences (e.g., disabling brakes). In this article, we present TACAN (Transmitter Authentication in CAN), which provides secure authentication of ECUs on the legacy CAN bus by exploiting the covert channels, without introducing CAN protocol modifications or traffic overheads (no extra bits or CAN messages are used). TACAN turns upside-down the originally malicious concept of covert channels and exploits it to build an effective defensive technique that facilitates transmitter authentication via a centralized, trusted Monitor Node. TACAN consists of three different covert channels for ECU authentication: 1) the Inter-Arrival Time (IAT)-based, leveraging the IATs of CAN messages; 2) the Least Significant Bit (LSB)-based, concealing authentication messages into the LSBs of normal CAN data; and 3) a hybrid covert channel, exploiting the combination of the first two. In order to validate TACAN, we implement the covert channels on the University of Washington (UW) EcoCAR (Chevrolet Camaro 2016) testbed. We further evaluate the bit error, throughput, and detection performance of TACAN through extensive experiments using the EcoCAR testbed and a publicly available dataset collected from Toyota Camry 2010. We demonstrate the feasibility of TACAN and the effectiveness of detecting CAN bus attacks, highlighting no traffic overheads and attesting the regular functionality of-ECUs.

computer science, information systems, software engineering, hardware & architecture

Li Yue,Zheming Li,Tingting Yin,Chao Zhang

DOI: https://doi.org/10.14722/autosec.2021.23024

2021-01-01

Abstract:Modern vehicles have many electronic control units (ECUs) connected to the Controller Area Network (CAN) bus, which have few security features in design and are vulnerable to cyber attacks.Researchers have proposed solutions like intrusion detection systems (IDS) to mitigate such threats.We presented a novel attack, CANCloak, which can deceive two ECUs with one CAN data frame, and therefore can bypass IDS detection or cause vehicle malfunction.In this attack, assuming a malicious transmitter is controlled by the adversary, one crafted CAN data frame can be transmitted to a target receiver, while other ECUs shall not receive that frame nor raise any error.We have setup a physical test environment and evaluated the effectiveness of this attack.Evaluation results showed that success rate of CANCloak reaches up to 99.7%, while the performance depends on the attack payload and sample point settings of victim receivers, independent from bus bit rate.

Guoqi Xie,Laurence T. Yang,Yao Liu,Haibo Luo,Xin Peng,Renfa Li

DOI: https://doi.org/10.1109/tvt.2021.3061746

IF: 6.8

2021-06-01

IEEE Transactions on Vehicular Technology

Abstract:The rise of autonomous driving technology and the prosperity of mobile vehicular applications have brought tremendous pressure and put forward high bandwidth and low latency requirements for vehicular networks. Controller Area Network with Flexible Data-rate (CAN-FD) is a feasible choice to meet the high bandwidth and low latency requirements of in-vehicle communication of mobile vehicles. However, CAN-FD is vulnerable to masquerade attacks because it lacks necessary security authentication mechanisms and protection measures. This study presents a security enhancement technique called forward-backward exploration for independent in-vehicle CAN-FD messages while still guaranteeing each message is real-time. In the forward-backward exploration solution, a novel dual-pointer (including the forward pointer and the backward pointer) solution is proposed; the Message Authentication Code (MAC) size of each message is then dynamically adjusted by presenting the dual-pointer movement rules until the total payload no longer increases. Experimental results with real-life CAN-FD message set provided by an automaker demonstrate the effectiveness of our solution.

telecommunications,engineering, electrical & electronic,transportation science & technology

Guoqi Xie,Laurence T. Yang,Wei Wu,Keyu Zeng,Xiangzhen Xiao,Renfa Li

DOI: https://doi.org/10.1109/tits.2020.3000783

IF: 8.5

2021-08-01

IEEE Transactions on Intelligent Transportation Systems

Abstract:Controller Area Network with Flexible Data-rate (CAN FD) is beneficial for the in-vehicle communication of Internet of Connected Vehicles (IoCVs) because of its high bandwidth and data field length. However, CAN FD lacks a security authentication mechanism, making it extremely vulnerable to masquerade attacks. This study proposes the security enhancement for a real-time parallel in-vehicle application adopting a two-stage method. The first stage obtains the lower bound of an in-vehicle application by quickly abandoning most of sequences, while the second stage enhances security by adding Message Authentication Codes (MACs) to messages taking advantage of the laxity interval from the lower bound to the deadline. Experiments with an example and the adaptive cruise control in-vehicle application show the advantage of the proposed two-stage method in increasing the total byte size of MACs.

engineering, electrical & electronic,transportation science & technology, civil

Sunandan Adhikary,Ipsita Koley,Arkaprava Sain,Soumyadeep das,Shuvam Saha,Soumyajit Dey

2023-06-15

Abstract:This work focuses on eliminating timing-side channels in real-time safety-critical cyber-physical network protocols like Controller Area Networks (CAN). Automotive Electronic Control Units (ECUs) implement predictable scheduling decisions based on task level response time estimation. Such levels of determinism exposes timing information about task executions and therefore corresponding message transmissions via the network buses (that connect the ECUs and actuators). With proper analysis, such timing side channels can be utilized to launch several schedule-based attacks that can lead to eventual denial-of-service or man-in-the-middle-type attacks. To eliminate this determinism, we propose a novel schedule obfuscation strategy by skipping certain control task executions and related data transmissions along with random shifting of the victim task instance. While doing this, our strategy contemplates the performance of the control task as well by bounding the number of control execution skips. We analytically demonstrate how the attack success probability (ASP) is reduced under this proposed attack-aware skipping and randomization. We also demonstrate the efficacy and real-time applicability of our attack-aware schedule obfuscation strategy Hide-n-Seek by applying it to synthesized automotive task sets in a real-time Hardware-in-loop (HIL) setup.

Cryptography and Security,Systems and Control

Youngmi Baek,Seongjoo Shin

DOI: https://doi.org/10.3390/s22072636

2022-03-29

Abstract:Automotive cyber-physical systems are in transition from the closed-systems to open-networking systems. As a result, in-vehicle networks such as the controller area network (CAN) have become essential to connect to inter-vehicle networks through the various rich interfaces. Newly exposed security concerns derived from this requirement may cause in-vehicle networks to pose threats to automotive security and driver's safety. In this paper, to ensure a high level of security of the in-vehicle network for automotive CPS, we propose a novel lightweight and practical cyber defense platform, referred to as CANon (CAN with origin authentication and non-repudiation), to be enabled to detect cyber-attacks in real-time. CANon is designed based on the hierarchical approach of centralized-session management and distributed-origin authentication. In the former, a gateway node manages each initialization vector and session of origin-centric groups consisting of two more sending and receiving nodes. In the latter, the receiving nodes belonging to the given origin-centric group individually perform the symmetric key-based detection against cyber-attacks by verifying each message received from the sending node, namely origin authentication, in real-time. To improve the control security, CANon employs a one-time local key selected from a sequential hash chain (SHC) for authentication of an origin node in a distributed mode and exploits the iterative hash operations with randomness. Since the SHC can constantly generate and consume hash values regardless of their memory capacities, it is very effective for resource-limited nodes for in-vehicle networks. In addition, through implicit key synchronization within a given group, CANon addresses the challenges of a key exposure problem and a complex key distribution mechanism when performing symmetric key-based authentication. To achieve lightweight cyber-attack detection without imposing an additive load on CAN, CANon uses a keyed-message authentication code (KMAC) activated within a given group. The detection performance of CANon is evaluated under an actual node of Freescale S12XF and virtual nodes operating on the well-known CANoe tool. It is seen that the detection rate of CANon against brute-force and replay attacks reaches 100% when the length of KMAC is over 16 bits. It demonstrates that CANon ensures high security and is sufficient to operate in real-time even on low-performance ECUs. Moreover, CANon based on several software modules operates without an additive hardware security module at an upper layer of the CAN protocol and can be directly ported to CAN-FD (CAN with Flexible Data rate) so that it achieves the practical cyber defense platform.

Alvise de Faveri Tron,Stefano Longari,Michele Carminati,Mario Polino,Stefano Zanero

DOI: https://doi.org/10.1145/3548606.3560618

2022-09-20

Abstract:Current research in the automotive domain has proven the limitations of the CAN protocol from a security standpoint. Application-layer attacks, which involve the creation of malicious packets, are deemed feasible from remote but can be easily detected by modern IDS. On the other hand, more recent link-layer attacks are stealthier and possibly more disruptive but require physical access to the bus. In this paper, we present CANflict, a software-only approach that allows reliable manipulation of the CAN bus at the data link layer from an unmodified microcontroller, overcoming the limitations of state-of-the-art works. We demonstrate that it is possible to deploy stealthy CAN link-layer attacks from a remotely compromised ECU, targeting another ECU on the same CAN network. To do this, we exploit the presence of pin conflicts between microcontroller peripherals to craft polyglot frames, which allows an attacker to control the CAN traffic at the bit level and bypass the protocol's rules. We experimentally demonstrate the effectiveness of our approach on high-, mid-, and low-end microcontrollers, and we provide the ground for future research by releasing an extensible tool that can be used to implement our approach on different platforms and to build CAN countermeasures at the data link layer.

Cryptography and Security

Qiang Dong,Zenglu Song,Haoshu Shao

DOI: https://doi.org/10.1049/ell2.13112

2024-01-30

Electronics Letters

Abstract:This research presents a novel method for detecting and defending against intrusions in the Controller Area Network (CAN) bus used in automotive systems. By analysing frequency anomalies in message transmission and utilizing the arbitration mechanism of the CAN bus, this approach effectively identifies and disrupts illegal messages in real‐time, ensuring the security of the network. As automobile intelligence continues to develop, the electronic control units connected to the Controller Area Network (CAN) bus within vehicles face an increasing number of threats from potential attacks originating from the internet. To address this issue, an intrusion detection and defence method is proposed that is capable of detecting illegal messages through the use of frequency anomaly detection, and subsequently disrupting them through utilization of the CAN bus arbitration mechanism. This proposed method offers a simple implementation compared to traditional approaches, while being able to identify suspicious units and neutralize threats in real‐time. Experimental results demonstrate the effectiveness of this approach.

engineering, electrical & electronic

Xuhang Ying,Giuseppe Bernieri,Mauro Conti,Radha Poovendran

DOI: https://doi.org/10.48550/arXiv.1903.05231

2019-03-12

Cryptography and Security

Abstract:Nowadays, the interconnection of automotive systems with modern digital devices offers advanced user experiences to drivers. Electronic Control Units (ECUs) carry out a multitude of operations using the insecure Controller Area Network (CAN) bus in automotive Cyber-Physical Systems (CPSs). Therefore, dangerous attacks, such as disabling brakes, are possible and the safety of passengers is at risk. In this paper, we present TACAN (Transmitter Authentication in CAN), which provides secure authentication of ECUs by exploiting the covert channels without introducing CAN protocol modifications or traffic overheads (i.e., no extra bits or messages are used). TACAN turns upside-down the originally malicious concept of covert channels and exploits it to build an effective defensive technique that facilitates transmitter authentication via a trusted Monitor Node. TACAN consists of three different covert channels for ECU authentication: 1) Inter-Arrival Time (IAT)-based, leveraging the IATs of CAN messages; 2) offset-based, exploiting the clock offsets of CAN messages; 3) Least Significant Bit (LSB)-based, concealing authentication messages into the LSBs of normal CAN data. We implement the covert channels on the University of Washington (UW) EcoCAR testbed and evaluate their performance through extensive experiments. We demonstrate the feasibility of TACAN, highlighting no traffic overheads and attesting the regular functionality of ECUs. In particular, the bit error ratios are within 0.1% and 0.42% for the IAT-based and offset-based covert channels, respectively. Furthermore, the bit error ratio of the LSB-based covert channel is equal to that of a normal CAN bus, which is 3.1x10^-7%.

Damilola Oladimeji,Amar Rasheed,Cihan Varol,Mohamed Baza,Hani Alshahrani,Abdullah Baz

DOI: https://doi.org/10.3390/s23198223

2023-10-02

Abstract:Current vehicles include electronic features that provide ease and convenience to drivers. These electronic features or nodes rely on in-vehicle communication protocols to ensure functionality. One of the most-widely adopted in-vehicle protocols on the market today is the Controller Area Network, popularly referred to as the CAN bus. The CAN bus is utilized in various modern, sophisticated vehicles. However, as the sophistication levels of vehicles continue to increase, we now see a high rise in attacks against them. These attacks range from simple to more-complex variants, which could have detrimental effects when carried out successfully. Therefore, there is a need to carry out an assessment of the security vulnerabilities that could be exploited within the CAN bus. In this research, we conducted a security vulnerability analysis on the CAN bus protocol by proposing an attack scenario on a CAN bus simulation that exploits the arbitration feature extensively. This feature determines which message is sent via the bus in the event that two or more nodes attempt to send a message at the same time. It achieves this by prioritizing messages with lower identifiers. Our analysis revealed that an attacker can spoof a message ID to gain high priority, continuously injecting messages with the spoofed ID. As a result, this prevents the transmission of legitimate messages, impacting the vehicle's operations. We identified significant risks in the CAN protocol, including spoofing, injection, and Denial of Service. Furthermore, we examined the latency of the CAN-enabled system under attack, finding that the compromised node (the attacker's device) consistently achieved the lowest latency due to message arbitration. This demonstrates the potential for an attacker to take control of the bus, injecting messages without contention, thereby disrupting the normal operations of the vehicle, which could potentially compromise safety.

Zachariah Tyree,Robert A. Bridges,Frank L. Combs,Michael R. Moore

DOI: https://doi.org/10.48550/arXiv.1808.10840

2018-08-28

Abstract:Modern vehicles rely on scores of electronic control units (ECUs) broadcasting messages over a few controller area networks (CANs). Bereft of security features, in-vehicle CANs are exposed to cyber manipulation and multiple researches have proved viable, life-threatening cyber attacks. Complicating the issue, CAN messages lack a common mapping of functions to commands, so packets are observable but not easily decipherable. We present a transformational approach to CAN IDS that exploits the geometric properties of CAN data to inform two novel detectors--one based on distance from a learned, lower dimensional manifold and the other on discontinuities of the manifold over time. Proof-of-concept tests are presented by implementing a potential attack approach on a driving vehicle. The initial results suggest that (1) the first detector requires additional refinement but does hold promise; (2) the second detector gives a clear, strong indicator of the attack; and (3) the algorithms keep pace with high-speed CAN messages. As our approach is data-driven it provides a vehicle-agnostic IDS that eliminates the need to reverse engineer CAN messages and can be ported to an after-market plugin.

Cryptography and Security

Pablo Moriano,Robert A. Bridges,Michael D. Iannacone

DOI: https://doi.org/10.14722/autosec.2022.23028

2022-03-12

Abstract:Vehicular Controller Area Networks (CANs) are susceptible to cyber attacks of different levels of sophistication. Fabrication attacks are the easiest to administer -- an adversary simply sends (extra) frames on a CAN -- but also the easiest to detect because they disrupt frame frequency. To overcome time-based detection methods, adversaries must administer masquerade attacks by sending frames in lieu of (and therefore at the expected time of) benign frames but with malicious payloads. Research efforts have proven that CAN attacks, and masquerade attacks in particular, can affect vehicle functionality. Examples include causing unintended acceleration, deactivation of vehicle's brakes, as well as steering the vehicle. We hypothesize that masquerade attacks modify the nuanced correlations of CAN signal time series and how they cluster together. Therefore, changes in cluster assignments should indicate anomalous behavior. We confirm this hypothesis by leveraging our previously developed capability for reverse engineering CAN signals (i.e., CAN-D [Controller Area Network Decoder]) and focus on advancing the state of the art for detecting masquerade attacks by analyzing time series extracted from raw CAN frames. Specifically, we demonstrate that masquerade attacks can be detected by computing time series clustering similarity using hierarchical clustering on the vehicle's CAN signals (time series) and comparing the clustering similarity across CAN captures with and without attacks. We test our approach in a previously collected CAN dataset with masquerade attacks (i.e., the ROAD dataset) and develop a forensic tool as a proof of concept to demonstrate the potential of the proposed approach for detecting CAN masquerade attacks.

Cryptography and Security,Machine Learning,Applications

Jinli Zhong,Suguo Du,Lu Zhou,Haojin Zhu,Fan Cheng,Cailian Chen,Qingshui Xue

DOI: https://doi.org/10.1109/vtcfall.2017.8288289

2017-01-01

Abstract:Controller Area Network (CAN), the de facto standard in-vehicle network protocol, prompts modern automobile an integrated system that achieves real-time interactions with roads, vehicles and people. Yet such connectivity makes it feasible to illegally access, or even attack the CAN, causing not only privacy disclosure, property damage, but also life threat. In this paper, we analyze intrinsic weakness in CAN protocol that is mostly exploited by attackers and comprehensively survey the existing attacks based on CAN interfaces. Furthermore, we propose an attack evaluation system based on attack tree model and Markov chain to assess the probability of compromising CAN and the steady state of CAN system at the presence of these attacks. Finally, we simulate new steady state when altering the difficulty of a certain attack and the results demonstrate that sometimes improving defense of an attack declines the security level of the entire system instead.

Jia Zhou,Guoqi Xie,Haibo Zeng,Weizhe Zhang,Laurence T. Yang,Mamoun Alazab,Renfa Li

DOI: https://doi.org/10.1109/TITS.2022.3153718

IF: 8.5

2023-01-01

IEEE Transactions on Intelligent Transportation Systems

Abstract:With the deep integration of the Internet of Things (IoT) technology and the increase of computational power and memory, vehicles can also serve as the infrastructures for Intelligent Transportation System (ITS), e.g., as fog nodes. However, when connecting vehicles to the internet, alongside with the benefits it brings, it also opens many new challenges such as security attacks. Controller Area Network (CAN) is one of the main in-vehicle communication protocols in modern cars. Its lack of sender verification mechanism makes CAN particularly vulnerable to cyber-attacks including masquerade attack. Fingerprinting Electronic Control Units (ECUs) based on hardware characteristics has been proved feasible and effective on defending CAN buses. However, most state-of-the-art works exploited the supervised learning algorithm to identify the transmitter based on the signal characteristics. This makes the decision process hard to understand, and it also limits the deployment on proprietary CAN bus without prior knowledge. To solve this, we design a novel clock-skew-based approach capable of pinpointing the sender and detecting intrusion on proprietary CAN bus. We take a single CAN frame as the object for measurement, and adjust the measuring process such that our approach can be independent of the transmission time of frames. Based on the statistical analysis of data from real vehicles, we propose a novel box-plot algorithm based on score mechanism to filter the raw data. Finally, the clock skews are estimated and accumulated to build a linear model for representing the transmitter ECU. The evaluation results on one CAN prototype and two production vehicles show that our approach is able to well identify and differentiate ECUs on the bus without prior knowledge. The data processed by the proposed box-plot algorithm can describe the hardware characteristics of ECUs precisely. We also show the ability of our approach to protecting the CAN bus against the masquerade attack.

Shalabh Jain,Qian Wang,Md Tanvir Arafin,Jorge Guajardo

DOI: https://doi.org/10.1007/978-3-662-53140-2_5

2016-01-01

Abstract:Efficient key management for automotive networks (CAN) is critical, governing the adoption of security in the next generation of vehicles. A recent promising approach for dynamic key agreement between groups of nodes, Plug-and-Secure for CAN, has been demonstrated to be information theoretically secure based on the physical properties of the CAN bus. In this paper, we illustrate side-channel attacks on the scheme, leading to nearly-complete leakage of the derived secret key bits to an adversary that is capable of probing the CAN bus. We identify the fundamental network properties that lead to such attacks and propose ideas to minimize the information leakage at the hardware, controller and system levels.

Md Hasan Shahriar,Yang Xiao,Pablo Moriano,Wenjing Lou,Y. Thomas Hou

DOI: https://doi.org/10.1109/JIOT.2023.3303271

2023-10-08

Abstract:Modern vehicles rely on a fleet of electronic control units (ECUs) connected through controller area network (CAN) buses for critical vehicular control. With the expansion of advanced connectivity features in automobiles and the elevated risks of internal system exposure, the CAN bus is increasingly prone to intrusions and injection attacks. As ordinary injection attacks disrupt the typical timing properties of the CAN data stream, rule-based intrusion detection systems (IDS) can easily detect them. However, advanced attackers can inject false data to the signal/semantic level, while looking innocuous by the pattern/frequency of the CAN messages. The rule-based IDS, as well as the anomaly-based IDS, are built merely on the sequence of CAN messages IDs or just the binary payload data and are less effective in detecting such attacks. Therefore, to detect such intelligent attacks, we propose CANShield, a deep learning-based signal-level intrusion detection framework for the CAN bus. CANShield consists of three modules: a data preprocessing module that handles the high-dimensional CAN data stream at the signal level and parses them into time series suitable for a deep learning model; a data analyzer module consisting of multiple deep autoencoder (AE) networks, each analyzing the time-series data from a different temporal scale and granularity, and finally an attack detection module that uses an ensemble method to make the final decision. Evaluation results on two high-fidelity signal-based CAN attack datasets show the high accuracy and responsiveness of CANShield in detecting advanced intrusion attacks.

Cryptography and Security,Machine Learning

Franco Oberti,Alessandro Savino,Ernesto Sanchez,Filippo Parisi,Stefano Di Carlo

DOI: https://doi.org/10.1109/TDMR.2022.3157000

2022-03-07

Abstract:The automobile industry is no longer relying on pure mechanical systems; instead, it benefits from advanced Electronic Control Units (ECUs) in order to provide new and complex functionalities in the effort to move toward fully connected cars. However, connected cars provide a dangerous playground for hackers. Vehicles are becoming increasingly vulnerable to cyber attacks as they come equipped with more connected features and control systems. This situation may expose strategic assets in the automotive value chain. In this scenario, the Controller Area Network (CAN) is the most widely used communication protocol in the automotive domain. However, this protocol lacks encryption and authentication. Consequently, any malicious/hijacked node can cause catastrophic accidents and financial loss. Starting from the analysis of the vulnerability connected to the CAN communication protocol in the automotive domain, this paper proposes EXT-TAURUM P2T a new low-cost secure CAN-FD architecture for the automotive domain implementing secure communication among ECUs, a novel key provisioning strategy, intelligent throughput management, and hardware signature mechanisms. The proposed architecture has been implemented, resorting to a commercial Multi-Protocol Vehicle Interface module, and the obtained results experimentally demonstrate the approach's feasibility.

Cryptography and Security

Wenhong Ma,Yan Liu,Guoqi Xie,Renfa Li,Laurence T. Yang

DOI: https://doi.org/10.1109/jiot.2021.3085422

IF: 10.6

2021-01-01

IEEE Internet of Things Journal

Abstract:Controller area network with flexible data-rate (CAN-FD) has received great attention in automotive cyber–physical systems (ACPSs) due to its high bandwidth and long payload. However, CAN-FD adopts a broadcast message transmission mechanism and lacks security protection, making it extremely vulnerable to cyberattacks. CAN-FD message packing (packing signals into messages) with low bandwidth occupancy (utilization) under security constraints is the prerequisite for running intelligent applications in ACPS. In this work, we implement a two-stage CAN-FD message packing solution to reduce bandwidth utilization and improve signal acceptance rate under security constraints. The first stage solves the message packing problem of minimizing bus bandwidth utilization under security constraints. The second stage aims at improving the signal acceptance rate by repacking signals. Experimental results show that the first stage reduces average bus bandwidth utilization by 135% compared with the unpacking solution, and the second stage improves the average signal acceptance rate by 5% than existing advanced methods.

computer science, information systems,telecommunications,engineering, electrical & electronic