Academia.eduAcademia.edu

Outline

Title
Abstract
Introduction
Background on Can
Limitations and Enhancements
Conclusion
References
All Topics
Political Science
Security Studies

An Extended Survey on Vehicle Security

Profile image of Eugene VassermanEugene Vasserman

2019, arXiv (Cornell University)

https://doi.org/10.1109/ACCESS.2021.3104854
visibility

description

16 pages

link

1 file

Abstract

Advanced electronic units inside modern vehicles have enhanced the driving experience, but also introduced a myriad of security problems due to the inherent limitations of the internal communication protocol. In the last two decades, a number of security threats have been identified and accordingly, security measures have been proposed. While a large body of research on the vehicular security domain is focused on exposing vulnerabilities and proposing counter measures, there is an apparent paucity of research aimed at reviewing existing works on automotive security and at extracting insights. This paper provides a systematic review of security threats and countermeasures for the ubiquitous CAN bus communication protocol. It further exposes the limitations of the existing security measures, and discusses a seemingly-overlooked, simple, cost-effective and incrementally deployable solution which can provide a reasonable defense against a major class of packet injection attacks and many denial of service attacks.

Related papers

Evaluation of CAN Bus Security Challenges
Mohammad Samie

Sensors, 2020

The automobile industry no longer relies on pure mechanical systems; instead, it benefits from many smart features based on advanced embedded electronics. Although the rise in electronics and connectivity has improved comfort, functionality, and safe driving, it has also created new attack surfaces to penetrate the in-vehicle communication network, which was initially designed as a close loop system. For such applications, the Controller Area Network (CAN) is the most-widely used communication protocol, which still suffers from various security issues because of the lack of encryption and authentication. As a result, any malicious/hijacked node can cause catastrophic accidents and financial loss. This paper analyses the CAN bus comprehensively to provide an outlook on security concerns. It also presents the security vulnerabilities of the CAN and a state-of-the-art attack surface with cases of implemented attack scenarios and goes through different solutions that assist in attack pr...

View PDFchevron_right
Vulnerabilities of Can Bus & Automobile Security
sahid irfan

International Journal of Control and Automation, 2019

In an automobile, CAN-bus is the centralized networking system on which Electronic Control Units(ECUs) or nodes broadcast messages or data. Automobile security threats have gone from hypothesis to reality. It is possible for a hacker to remotely control ECUs by means of freeware applications and devices. As a result, the modern automobile presents a broad attack surface and a multitude of potential vulnerabilities to exploit. Security of the CAN-bus can be improved by introducing a monitoring node into the network and using cryptographic techniques. This research highlights the elements of the CAN-bus network, cryptographic methods and suggestions for future development and safety of an automobile.

View PDFchevron_right
IDH-CAN: A Hardware-Based ID Hopping CAN Mechanism With Enhanced Security for Automotive Real-Time Applications
亮 倉地

IEEE Access, 2018

Cybersecurity is increasingly important for the safety and reliability of autonomous vehicles. The controller area network (CAN) is the most widely used in-vehicle network for automotive safety-critical applications. Enhancing the cybersecurity ability of CAN while considering the real-time, schedulability, and cost constraints becomes an urgent issue. To address this problem, a real-time, and schedulability analysisguaranteed security mechanism [identification hopping CAN (IDH-CAN)] is proposed in this paper, which aims to improve the security performance of CAN under the constraints of automotive real-time applications. In order to support the operation of the IDH-CAN mechanism, an IDH-CAN controller is also designed and implemented on a field-programmable gate array, which can work as a hardware firewall in the data link layer of CAN to isolate cyberattacks from the physical layer. Meanwhile, to maximize the information entropy of the CAN message ID on the physical layer, the ID hopping table generation and optimization algorithms for IDH-CAN are also proposed. Then, information security evaluation experiments based on information entropy comparison are deployed. The simulation and practical evaluations demonstrate the effectiveness of the proposed mechanism in defending reverse engineering, targeted denial of service, and replay attacks without violating real-time and schedulability constraints. INDEX TERMS Controller area network (CAN), cybersecurity, ID hopping, information entropy, in-vehicle network, real-time, schedulability analysis. I. INTRODUCTION Currently, a paradigm in the automotive industry has shifted from high-performance vehicles to comfortable, intelligent, safe and secure vehicles. However, cybersecurity is one of the most critical issues in autonomous driving technology [1], [2]. For the realization of autonomous driving, an increasing number of automotive application components are employed. Such a complex system is increasingly dependent on internal and external networks. Stateof-the-art, on-board architectures of high-end automobiles can include more than 100 Electronic control units (ECUs) that are interconnected via heterogeneous communication networks [3], such as Controller Area Network (CAN), LIN, FlexRay, and automotive Ethernet. As in-vehicle networks are no longer isolated, autonomous vehicles face new vulnerabilities and attacks with the expansion of the external communication interface of automobiles. In the era of the upcoming autonomous driving vehicle, new security issues will surely arise. These potential attacks are discussed in [4]-[7]. The security attacks against CAN have attracted increasing research attention [4], [5], [8]. Unfortunately, the original CAN protocol does not consider network security issues, so it cannot provide security mechanisms such as message

View PDFchevron_right
CASAD: CAN-Aware Stealthy-Attack Detection for In-Vehicle Networks
Tomas Olovsson

ArXiv, 2019

Nowadays, vehicles have complex in-vehicle networks (IVNs) with millions of lines of code controlling almost every function in the vehicle including safety-critical functions. It has recently been shown that IVNs are becoming increasingly vulnerable to cyber-attacks capable of taking control of vehicles, thereby threatening the safety of the passengers. Several countermeasures have been proposed in the literature in response to the arising threats, however, hurdle requirements imposed by the industry is hindering their adoption in practice. In particular, detecting attacks on IVNs is challenged by strict resource constraints and utterly complex communication patterns that vary even for vehicles of the same model. In addition, existing solutions suffer from two main drawbacks. First, they depend on the underlying vehicle configuration, and second, they are incapable of detecting certain attacks of a stealthy nature. In this paper, we propose CASAD, a CAN-Aware Stealthy-Attack Detecti...

View PDFchevron_right
Security for CAN (Controller Area Network) in Vehicle Communication System
IJSRD Journal

Today, cars are becoming more and more computerized due to information technology world. CAN protocol is used in vehicle for connect no of control units to each other. CAN protocol contains no security field it is vulnerable to many attacks. So attacks in vehicle communication system are common factor and major concerns for a vehicle security. CAN protocol have no authentication field. We propose cryptographic security mechanism to prevent attacks (masquerade and replay) in vehicle communication with architecture based on CAN. In this paper software based security is presented by using MAC (message authentication code) algorithm and provides integrity and authenticity of message.

View PDFchevron_right
Security Enhancement for Real-Time Parallel In-Vehicle Applications by CAN FD Message Authentication
naga lakshmi

Controller Area Network with Flexible Data-rate (CAN FD) is beneficial for the in-vehicle communication of Internet of Connected Vehicles (IoCVs) because of its high bandwidth and data field length. However, CAN FD lacks a security authentication mechanism, making it extremely vulnerable to masquerade attacks. This study proposes the security enhancement for a real-time parallel in-vehicle application adopting a two-stage method. The first stage obtains the lower bound of an in-vehicle application by quickly abandoning most of sequences, while the second stage enhances security by adding Message Authentication Codes (MACs) to messages taking advantage of the laxity interval from the lower bound to the deadline. Experiments with an example and the adaptive cruise control in-vehicle application show the advantage of the proposed two-stage method in increasing the total byte size of MACs.

View PDFchevron_right
Keep the Moving Vehicle Secure: Context-Aware Intrusion Detection System for In-Vehicle CAN Bus Security
Andrei Petrovski

2022

The growth of information technologies has driven the development of the transportation sector, including connected and autonomous vehicles. Due to its communication capabilities, the controller area network (CAN) is the most widely used in-vehicle communication protocol. However, CAN lacks suitable security mechanisms such as message authentication and encryption. This makes the CAN bus vulnerable to numerous cyberattacks. Not only are these attacks a threat the information security and privacy, but they can also directly affect the safety of drivers, passengers and the surrounding environment of the moving vehicles. This paper presents CAN-CID, a context-aware intrusion detection system (IDS) to detect cyberattacks on the CAN bus, which would be suitable for deployment in automobiles including military vehicles, passenger cars, commercial vehicles and other CAN-based applications such as aerospace, industrial automation and medical equipment. CAN-CID is an ensemble model of a gated recurrent unit (GRU) network and a time-based model. A GRU algorithm works by learning to predict the centre ID of a CAN ID sequence, and ID-based probabilistic thresholds are used to identify anomalous IDs, whereas the time-based model identifies anomalous IDs using time-based thresholds. The number of anomalies compared to the total number of IDs over an observation window is used to classify the window status as anomalous or benign. The proposed model uses only benign data for training and threshold estimation, avoiding the need to collect realistic attack data to train the algorithm. The performance of the CAN-CID model was tested against three datasets over a range of 16 attacks, including fabrication and more sophisticated masquerade attacks. The CAN-CID model achieved an F1-Score of over 99% for 13 of those attacks and outperformed benchmark models from the literature for all attacks, with near real-time detection latency.

View PDFchevron_right
Cyber-security for the Controller Area Network (CAN) communication protocol
Alberto Sangiovanni Vincentelli

Proceedings of the 2012 ASE International Conference on Cyber Security, CyberSecurity 2012, 2013

We propose a security mechanism to help prevent cyber-attacks (masquerade and replay) in vehicles with architecture based on Controller Area Network (CAN). We focus on CAN as it will likely continue being used in upcoming in-vehicle architectures. The CAN protocol contains no direct support for secure communications. Retrofitting the protocol with security mechanisms poses several challenges given the very limited data rates available (e.g., 500kbps) since bus utilization may significantly increase. In this paper, we focus on a security mechanism which keeps the bus utilization as low as possible. Through our experimental results, we show that our security mechanism can achieve high security levels while keeping communication overheads (e.g., bus load and message latency) at reasonable levels.

View PDFchevron_right
CANTrack: Enhancing Automotive CAN Bus Security Using Intuitive Encryption Algorithms
Wael Farag

7th Inter. Conf. on Modeling, Simulation, and Applied Optimization (ICMSAO), UAE, March 2017, 2017

In this paper, the proposed CANTrack solution is described and its implementation is thoroughly explained. CANTrack is a sophisticated Computer Aided Design (CAD) tool that supports the entire development process for automotive networked systems. CANTrack differentiates itself from other competitive tools; by not only supporting planning, development, testing and finally starting-up; but also incorporating the unique features of CAN bus security enhancement and tool customization upon customer needs. The Controller Area Network (CAN) bus security feature is implemented using an intuitive algorithm that encrypts the 8-byte payload data using a symmetric key that is being dynamically changed using synchronized key generators across all nodes. This algorithm makes the encrypted message unique at any instance of time to avoid replay attacks. The algorithm is tested thoroughly on an experimental setup using Vector Canoe; with the results of two use cases presented.

View PDFchevron_right
Security Issues in Controller Area Networks in Automobiles
Clyde Meli, Robert Buttigieg, Mario Farrugia

—Modern vehicles may contain a considerable number of ECUs (Electronic Control Units) which are connected through various means of communication, with the CAN (Controller Area Network) protocol being the most widely used. However, several vulnerabilities such as the lack of authentication and the lack of data encryption have been pointed out by several authors, which ultimately render vehicles unsafe to their users and surroundings. Moreover, the lack of security in modern automobiles has been studied and analyzed by other researchers as well as several reports about modern car hacking have (already) been published. The contribution of this work aimed to analyze and test the level of security and how resilient is the CAN protocol by taking a BMW E90 (3-series) instrument cluster as a sample for a proof of concept study. This investigation was carried out by building and developing a rogue device using cheap commercially available components while being connected to the same CAN-Bus as a man in the middle device in order to send spoofed messages to the instrument cluster.

View PDFchevron_right

References (83)

  1. M. Farsi, K. Ratcliff, and M. Barbosa, "An overview of controller area network," Computing & Control Engineering Journal, vol. 10, no. 3, 1999.
  2. W. Voss, A comprehensible guide to controller area network. Copperhill Media, 2008.
  3. M. Di Natale, H. Zeng, P. Giusto, and A. Ghosal, Understanding and using the controller area network communication protocol: theory and practice. Springer Science & Business Media, 2012.
  4. M. Wolf, A. Weimerskirch, and C. Paar, "Security in automotive bus systems," in Workshop on Embedded Security in Cars, 2004.
  5. K. Koscher, A. Czeskis, F. Roesner, S. Patel, T. Kohno, S. Checkoway, D. McCoy, B. Kantor, D. Anderson, H. Shacham, and S. Savage, "Experi- mental security analysis of a modern automobile," in IEEE S&P, 2010.
  6. C. Miller and C. Valasek, "Adventures in automotive networks and control units," DEFCON, 2013.
  7. --, "Remote exploitation of an unaltered passenger vehicle," Black Hat USA, 2015.
  8. D. K. Nilsson, U. E. Larson, and E. Jonsson, "Efficient in-vehicle delayed data authentication based on compound message authentication codes," in IEEE Vehicular Technology Conference, 2008.
  9. T. Hoppe, S. Kiltz, and J. Dittmann, "Security threats to automotive CAN networks -practical examples and selected short-term countermeasures," in Computer Safety, Reliability, and Security, 2008.
  10. P. Kleberger, T. Olovsson, and E. Jonsson, "Security aspects of the in- vehicle network in the connected car," in IEEE IV, 2011.
  11. I. Studnia, V. Nicomette, E. Alata, Y. Deswarte, M. Kaâniche, and Y. Laarouchi, "Survey on security threats and protection mechanisms in embedded automotive networks," in DSN-W, 2013.
  12. C. Miller and C. Valasek, "A survey of remote automotive attack surfaces," Black Hat USA, 2014.
  13. O. Avatefipour and H. Malik, "State-of-the-art survey on in-vehicle network communication (CAN-Bus) security and vulnerabilities," arXiv:1802.01725, 2018.
  14. J. Liu, S. Zhang, W. Sun, and Y. Shi, "In-vehicle network attacks and coun- termeasures: Challenges and future directions," IEEE Network, vol. 31, no. 5, pp. 50-58, 2017.
  15. M. Dibaei, X. Zheng, K. Jiang, R. Abbas, S. Liu, Y. Zhang, Y. Xiang, and S. Yu, "Attacks and defences on intelligent connected vehicles: A survey," Digital Communications and Networks, 2020.
  16. B. Mokhtar and M. Azab, "Survey on security issues in vehicular ad hoc networks," Alexandria engineering journal, vol. 54, no. 4, pp. 1115-1126, 2015.
  17. C. Bernardini, M. R. Asghar, and B. Crispo, "Security and privacy in vehicular communications: Challenges and opportunities," Vehicular Communications, vol. 10, pp. 13-28, 2017.
  18. F. Sakiz and S. Sen, "A survey of attacks and detection mechanisms on intelligent transportation systems: Vanets and iov," Ad Hoc Networks, vol. 61, pp. 33-50, 2017.
  19. H. Hasrouny, A. E. Samhat, C. Bassil, and A. Laouiti, "Vanet security challenges and solutions: A survey," Vehicular Communications, vol. 7, pp. 7-20, 2017.
  20. M. S. Al-Kahtani, "Survey on security attacks in vehicular ad hoc networks (vanets)," in 2012 6th international conference on signal processing and communication systems. IEEE, 2012, pp. 1-9.
  21. J. Cui, L. S. Liew, G. Sabaliauskaite, and F. Zhou, "A review on safety failures, security attacks, and available countermeasures for autonomous vehicles," Ad Hoc Networks, vol. 90, p. 101823, 2019.
  22. J. Petit and S. E. Shladover, "Potential cyberattacks on automated vehi- cles," IEEE Transactions on Intelligent transportation systems, vol. 16, no. 2, pp. 546-556, 2014.
  23. K.-T. Cho and K. G. Shin, "Error handling of in-vehicle networks makes them vulnerable," in ACM CCS, 2016.
  24. Texas Instruments, "Introduction to the controller area network (can)," accessed 2019-08-29. [Online]. Available: http://www.ti.com/ lit/an/sloa101b/sloa101b.pdf
  25. K. Pazul, "Controller area network (CAN) basics," Microchip Technology Inc, 1999.
  26. kvaser, "CAN bus error handling," accessed 2018-11-29. [Online]. Available: https://www.kvaser.com/about-can/the-can-protocol/ can-error-handling/
  27. Copperhill Technologies, "CAN bus guide -error flag." [Online]. Avail- able: https://www.copperhilltechnologies.com/can-bus-guide-error-flag/
  28. D. K. Nilsson, P. H. Phung, and U. E. Larson, "Vehicle ECU classification based on safety-security characteristics," in IET Road Transport Infor- mation and Control Conference and the ITS United Kingdom Members' Conference (RTIC), 2008.
  29. S. Shukla, "Embedded security for vehicles: Ecu hacking," 2016.
  30. C. N. Coverdill and S. A. Wright, "Truck with monitored and resettable electronic control units," 1999, uS Patent 5,890,080.
  31. Nissan-global, "Nissan autonomous emergency steer- ing system," accessed 2018-10-29. [Online].
  32. Avail- able: https://www.nissan-global.com/EN/TECHNOLOGY/OVERVIEW/ autonomous_emergency_steering_system.html
  33. T. Ziermann, S. Wildermann, and J. Teich, "CAN+: A new backward- compatible controller area network (CAN) protocol with up to 16x higher data rates," in Design, Automation and Test,Europe, 2009.
  34. I. Sheikh, M. Hanif, and M. Short, "Improving information throughput and transmission predictability in controller area networks," in 2010 IEEE International Symposium on Industrial Electronics. IEEE, 2010, pp. 1736-1741.
  35. S. Kang, S. Han, S. Cho, D. Jang, H. Choi, and J.-W. Choi, "High speed can transmission scheme supporting data rate of over 100 mb/s," IEEE Communications Magazine, vol. 54, no. 6, pp. 128-135, 2016.
  36. R. M. Ishtiaq Roufa, H. Mustafaa, S. O. Travis Taylora, W. Xua, M. Grute- serb, W. Trappeb, and I. Seskarb, "Security and privacy vulnerabilities of in-car wireless networks: A tire pressure monitoring system case study," in USENIX Security, 2010.
  37. N. T. Courtois, G. V. Bard, and D. Wagner, "Algebraic and slide attacks on KeeLoq," in Workshop on Fast Software Encryption, 2008.
  38. A. Bogdanov, "Cryptanalysis of the KeeLoq block cipher," IACR Cryptol- ogy ePrint Archive, 2007.
  39. --, "Attacks on the KeeLoq block cipher and authentication systems," in Conference on RFID Security, 2007.
  40. S. Indesteege, N. Keller, O. Dunkelman, E. Biham, and B. Preneel, "A practical attack on KeeLoq," in EUROCRYPT, 2008.
  41. S. Checkoway, D. McCoy, B. Kantor, D. Anderson, H. Shacham, S. Sav- age, K. Koscher, A. Czeskis, F. Roesner, and T. Kohno, "Comprehensive experimental analyses of automotive attack surfaces," in USENIX Security, 2011.
  42. H. Wen, Q. A. Chen, and Z. Lin, "Plug-n-pwned: Comprehensive vulner- ability analysis of obd-ii dongles as a new over-the-air attack surface in automotive iot," 2020.
  43. D. Spill and A. Bittau, "BlueSniff: Eve meets Alice and Bluetooth," WOOT, 2007.
  44. S. Woo, H. J. Jo, and D. H. Lee, "A practical wireless attack on the connected car and security protocol for in-vehicle can," IEEE Transactions on intelligent transportation systems, vol. 16, no. 2, pp. 993-1006, 2014.
  45. I. D. Foster, A. Prudhomme, K. Koscher, and S. Savage, "Fast and vulnerable: A story of telematic failures," in WOOT, 2015.
  46. A. Van Herrewege, D. Singelee, and I. Verbauwhede, "CANAuth -a simple, backward compatible broadcast authentication protocol for CAN bus," in ECRYPT Workshop on Lightweight Cryptography, 2011.
  47. M. Bellare, "Hmac: Keyed-hashing for message authentication," Network Working Group RFC, vol. 2104, 1997.
  48. B. Groza, S. Murvay, A. Van Herrewege, and I. Verbauwhede, "LiBrA- CAN: a lightweight broadcast authentication protocol for controller area networks," in Cryptology and Network Security, 2012.
  49. A. Groll and C. Ruland, "Secure and authentic communication on existing in-vehicle networks," in IEEE IV, 2009.
  50. L. Dariz, M. Selvatici, M. Ruggeri, G. Costantino, and F. Martinelli, "Trade-off analysis of safety and security in CAN bus communication," in MT-ITS, 2017.
  51. Q. Wang and S. Sawhney, "VeCure: A practical security framework to protect the CAN bus of vehicles," in IOT, 2014.
  52. R. Kurachi, Y. Matsubara, H. Takada, N. Adachi, Y. Miyashita, and S. Horihata, "CaCAN-centralized authentication system in CAN (con- troller area network)," in ESCAR, 2014.
  53. H. Ueda, R. Kurachi, H. Takada, T. Mizutani, M. Inoue, and S. Horihata, "Security authentication system for in-vehicle network," SEI technical review, vol. 81, 2015.
  54. E. Wang, W. Xu, S. Sastry, S. Liu, and K. Zeng, "Hardware module-based message authentication in intra-vehicle networks," in 2017 ACM/IEEE 8th International Conference on Cyber-Physical Systems (ICCPS). IEEE, 2017, pp. 207-216.
  55. A.-I. Radu and F. D. Garcia, "LeiA: A lightweight authentication protocol for CAN," in ESORICS, 2016.
  56. A. Hazem and H. Fahmy, "Lcap -a lightweight can authentication protocol for securing in-vehicle networks," in ESCAR, 2012.
  57. A. Perrig, R. Canetti, J. D. Tygar, and D. Song, "Efficient authentication and signing of multicast streams over lossy channels," in IEEE S&P, 2000.
  58. S. Nürnberger and C. Rossow, "vatiCAN -vetted, authenticated CAN bus," in CHES, 2016.
  59. Z. Lu, Q. Wang, X. Chen, G. Qu, Y. Lyu, and Z. Liu, "Leap: a lightweight encryption and authentication protocol for in-vehicle communications," in 2019 IEEE Intelligent Transportation Systems Conference (ITSC). IEEE, 2019, pp. 1158-1164.
  60. P. I. Radoglou-Grammatikis and P. G. Sarigiannidis, "Securing the smart grid: A comprehensive compilation of intrusion detection and prevention systems," IEEE Access, vol. 7, pp. 46 595-46 620, 2019.
  61. M. Baykara and R. Das, "A novel honeypot based security approach for real-time intrusion detection and prevention systems," Journal of Informa- tion Security and Applications, vol. 41, pp. 103-116, 2018.
  62. I. Butun, S. D. Morgera, and R. Sankar, "A survey of intrusion detection systems in wireless sensor networks," IEEE communications surveys & tutorials, vol. 16, no. 1, pp. 266-282, 2013.
  63. M. Baykara and R. Das, "A novel hybrid approach for detection of web- based attacks in intrusion detection systems," International Journal of Computer Networks And Applications, vol. 4, no. 2, pp. 62-76, 2017.
  64. M. Baykara and R. Daş, "A survey on potential applications of honey- pot technology in intrusion detection systems," International Journal of Computer Networks and Applications (IJCNA), vol. 2, no. 5, pp. 203-208, 2015.
  65. T. Hoppe, S. Kiltz, and J. Dittmann, "Security threats to automotive CAN networks -practical examples and selected short-term countermeasures," Reliability Engineering & System Safety, vol. 96, no. 1, 2011.
  66. M. Gmiden, M. H. Gmiden, and H. Trabelsi, "An intrusion detection method for securing in-vehicle CAN bus," in STA, 2016.
  67. P.-S. Murvay and B. Groza, "Source identification using signal characteris- tics in controller area networks," IEEE Signal Processing Letters, vol. 21, no. 4, pp. 395-399, 2014.
  68. W. Choi, H. J. Jo, S. Woo, J. Y. Chun, J. Park, and D. H. Lee, "Identi- fying ECUs using inimitable characteristics of signals in controller area networks," IEEE Transactions on Vehicular Technology, 2018.
  69. H. M. Song, H. R. Kim, and H. K. Kim, "Intrusion detection system based on the analysis of time intervals of CAN messages for in-vehicle network," in ICOIN, 2016.
  70. A. Taylor, N. Japkowicz, and S. Leblanc, "Frequency-based anomaly detection for the automotive CAN bus," in WCICSS, 2015.
  71. M. R. Moore, R. A. Bridges, F. L. Combs, M. S. Starr, and S. J. Prowell, "Modeling inter-signal arrival times for accurate detection of CAN bus signal injection attacks: a data-driven approach to in-vehicle intrusion detection," in Cyber and Information Security Research, 2017.
  72. M. Müter and N. Asaj, "Entropy-based anomaly detection for in-vehicle networks," in IEEE IV, 2011.
  73. M.-J. Kang and J.-W. Kang, "Intrusion detection system using deep neural network for in-vehicle network security," PloS One, vol. 11, no. 6, 2016.
  74. F. Amato, L. Coppolino, F. Mercaldo, F. Moscato, R. Nardone, and A. San- tone, "Can-bus attack detection with deep learning," IEEE Transactions on Intelligent Transportation Systems, 2021.
  75. M. Markovitz and A. Wool, "Field classification, modeling and anomaly detection in unknown CAN bus networks," Vehicular Communications, vol. 9, 2017.
  76. M. Marchetti and D. Stabili, "Anomaly detection of CAN bus messages through analysis of ID sequences," in IEEE IV, 2017.
  77. A. Taylor, S. Leblanc, and N. Japkowicz, "Anomaly detection in automo- bile control network data with long short-term memory networks," in 2016 IEEE International Conference on Data Science and Advanced Analytics (DSAA). IEEE, 2016, pp. 130-139.
  78. S. Tariq, S. Lee, and S. S. Woo, "Cantransfer: transfer learning based intrusion detection on a controller area network using convolutional lstm network," in Proceedings of the 35th Annual ACM Symposium on Applied Computing, 2020, pp. 1048-1055.
  79. "Earth-moving machinery -machine-control systems (MCS) using elec- tronic components -performance criteria and tests for functional safety," ISO 15998:2008, 2008.
  80. A. Palanca, E. Evenchick, F. Maggi, and S. Zanero, "A stealth, selec- tive, link-layer denial-of-service attack against automotive networks," in DIMVA, 2017.
  81. S. Kulandaivel, S. Jain, J. Guajardo and V. Sekar, "Cannon: Reliable and stealthy remote shutdown attacks via unaltered automotive microcontrollers," accessed 2021-06-15. [Online]. Available: https://users.ece.cmu.edu/~vsekar/assets/pdf/oakland21_cannon.pdf
  82. S. Nie, L. Liu, and Y. Du, "Free-fall: hacking Tesla from wireless to CAN bus," Black Hat USA Briefings, 2017.
  83. CHANDRA SHARMA received his BS degree in Computer Engineering from Kathmandu En- gineering College, Nepal, in 2015. He joined Kansas State University, KS, in 2017 to pursue the PhD degree in Computer Science. Starting 2018, he has been working as a Re- search Assistant at PITS Lab at Kansas State University. His primary research interests include information theory and system and software secu- rity. His current work focuses on privacy concerns of disclosing personal information on the internet and optimizing the trade- off between information privacy and utility. SAMUEL MOYLAN graduated from the depart- ment of Computer Science at Kansas State Uni- versity in 2019. While at Kansas State University, his research interests included vehicular security and cyber security. EUGENE Y VASSERMAN is an Associate Pro- fessor in the Department of Computer Science at Kansas State University, specializing in the security of distributed systems. His current re- search is chiefly in the area of security for med- ical cyber-physical systems, security usability, and user education, with past work spanning the gamut from medical system authorization with integrated break-glass capabilities (IoMT), to se- cure hyper-local routing and social networking, to privacy and censorship resistance on a global scale. GEORGE T AMARIUCAI was born and raised in Romania. He received his PhD in electrical and computer engineering from Louisiana State University (2009). Amariucai is currently with the Department of Computer Science at Kansas State University. His research interests are focused on cyber security and its intersections with probability and infor- mation theory, applied and theoretical machine learning, wireless communication networks, cryp- tography, and social sciences. He is the director of the PITS Lab.

Related papers

State-of-the-Art Survey on In-Vehicle Network Communication (CAN-Bus) Security and Vulnerabilities
Hafiz Malik

ArXiv, 2018

Nowadays with the help of advanced technology, modern vehicles are not only made up of mechanical devices but also consist of highly complex electronic devices and connections to the outside world. There are around 70 Electronic Control Units (ECUs) in modern vehicle which are communicating with each other over the standard communication protocol known as Controller Area Network (CAN-Bus) that provides the communication rate up to 1Mbps. There are different types of in-vehicle network protocol and bus system namely Controlled Area Network (CAN), Local Interconnected Network (LIN), Media Oriented System Transport (MOST), and FlexRay. Even though CAN-Bus is considered as de-facto standard for in-vehicle network communication, it inherently lacks the fundamental security features by design like message authentication. This security limitation has paved the way for adversaries to penetrate into the vehicle network and do malicious activities which can pose a dangerous situation for both...

View PDFchevron_right
Review of the Security of Backward-Compatible Automotive Inter-ECU Communication
CHANDRA SHARMA

IEEE Access, 2021

Advanced electronic units inside modern vehicles have enhanced the driving experience, but also introduced a myriad of security problems due to the inherent limitations of the internal communication protocol. In the last two decades, a number of security threats have been identified and accordingly, security measures have been proposed. While a large body of research on the vehicular security domain is focused on exposing vulnerabilities and proposing counter measures, there is an apparent paucity of research aimed at reviewing existing works on automotive security and at extracting insights. This paper provides a systematic review of security threats and countermeasures for the ubiquitous CAN bus communication protocol. It further exposes the limitations of the existing security measures, and discusses a seeminglyoverlooked, simple, cost-effective and incrementally deployable solution which can provide a reasonable defense against a major class of packet injection attacks and many denial of service attacks.

View PDFchevron_right
A Survey on CAN Bus Protocol: Attacks, Challenges, and Potential Solutions
Mohammad Samie

2018 International Conference on Computing, Electronics & Communications Engineering (iCCECE), 2018

The vehicles are equipped with electronic control units that control their functions. These units communicate with each other via in-vehicle communication protocols like CAN bus. Although CAN is the most common in-vehicle communication protocol, the lack of encryption and authentication causes series security shortcomings. There are many attacks reported and the number is estimated to increase with the rising connectivity of the cars. In this paper, we present CAN protocol and analyze its security vulnerabilities. Then we survey the implemented attacks and proposed solutions in the literature.

View PDFchevron_right
Security Challenges in Controller Area Network (CAN) in Smart Vehicles
Grenze International Journal of Engineering and Technology GIJET

In the past couple of years, the automotive industry has seen some big changes. With all the devices that we know and use in our day to day lives, getting smarter and smarter, it shall be no surprise that the automotive industry is also trying to achieve the same. Although this change has brought connectivity, comfort and functionality, it has also created new ways and opportunities to get attacked. These security challenges should be well studied as this industry is constantly getting updated. The in-vehicle architecture of these vehicles neglects security of the vehicle. We see that the CAN Bus, used to transfer information from one ECU to another, has many vulnerabilities that may turn out to be fatal for the consumer and the manufacturer. In this paper we will discuss the working of the CAN bus, possible vulnerabilities of the CAN bus and different kinds of attacks and ways to mitigate them. This paper will try to draft possible solutions to make the CAN Communication protocol more secure and safe.

View PDFchevron_right
Implementing Security Mechanism for Automotive Can Bus
mabrouka gmiden

2018

The design of cryptographic mechanisms in automotive systems has been a major focus over the last ten years as the increase of cyber attacks against in-vehicle networks. The integration of these protocols into CAN bus networks is an efficient solution for leaving security level, but features of CAN bus make the performance requirements within cryptographic schemes very challenging. In the literature most of academic researches focused on designing security mechanisms for the CAN bus. Yet, very few research proposals are interested in analyzing performances requirements by using cryptographic protocols. In this paper, we investigate effects of implementing cryptographic approaches on performance by proposing an analysis methodology for implementing cryptographic approach in CAN bus communication and measuring real-time performances. Next, we propose our system which presents a tool for determining the impact of implementing of cryptographic solutions. On the other hand we have propos...

View PDFchevron_right

Related topics

  • Computer Science
  • Computer Security
  • Security Service
  • Denial of Service Attack
    • 580 California St., Suite 400
    San Francisco, CA, 94104
    © 2025 Academia. All rights reserved