Biblio

International regulations specified in WP.29 and international standards specified in ISO/SAE 21434 require security operations such as cyberattack detection and incident responses to protect vehicles from cyberattacks. To meet these requirements, many vehicle manufacturers are planning to install Intrusion Detection Systems (IDSs) in the Controller Area Network (CAN), which is a primary component of in-vehicle networks, in the coming years. Besides, many vehicle manufacturers and information security companies are developing technologies to identify attack paths related to IDS alerts to respond to cyberattacks appropriately and quickly. To develop the IDSs and the technologies to identify attack paths, it is essential to grasp normal communications performed on in-vehicle networks. Thus, our study aims to develop a technology that can easily grasp normal communications performed on in-vehicle networks. In this paper, we propose the first message source identification method that easily identifies CAN-IDs used by each Electronic Control Unit (ECU) connected to the CAN for message transmissions. We realize the proposed method by utilizing diagnostic communications and an IDS installed in the CAN (CAN-IDS). We evaluate the proposed method using an ECU installed in an actual vehicle and four kinds of simulated CAN-IDSs based on typical existing intrusion detection methods for the CAN. The evaluation results show that the proposed method can identify the CAN-ID used by the ECU for CAN message transmissions if a suitable simulated CAN-IDS for the proposed method is connected to the vehicle.

Modern cars are becoming more accessible targets for cyberattacks due to the proliferation of wireless communication channels. The intra-vehicle Controller Area Network (CAN) bus lacks authentication, which exposes critical components to interference from less secure, wirelessly compromised modules. To address this issue, we propose vProfile, a sender authentication system based on voltage fingerprints of Electronic Control Units (ECUs). vProfile exploits the physical properties of ECU output voltages on the CAN bus to determine the authenticity of bus messages, which enables the detection of both hijacked ECUs and external devices connected to the bus. We show the potential of vProfile using experiments on two production vehicles with precision and recall scores of over 99.99%. The improved identification rates and more straightforward design of vProfile make it an attractive improvement over existing methods.

In recent years, the security of automotive Cyber-Physical Systems (CPSs) is facing urgent threats due to the widespread use of legacy in-vehicle communication systems. As a representative legacy bus system, the Controller Area Network (CAN) hosts Electronic Control Units (ECUs) that are crucial for the vehicles functioning. In this scenario, malicious actors can exploit the CAN vulnerabilities, such as the lack of built-in authentication and encryption schemes, to launch CAN bus attacks. In this paper, we present TACAN (Transmitter Authentication in CAN), which provides secure authentication of ECUs on the legacy CAN bus by exploiting the covert channels. TACAN turns upside-down the originally malicious concept of covert channels and exploits it to build an effective defensive technique that facilitates transmitter authentication. TACAN consists of three different covert channels: 1) Inter-Arrival Time (IAT)-based, 2) Least Significant Bit (LSB)-based, and 3) hybrid covert channels. In order to validate TACAN, we implement the covert channels on the University of Washington (UW) EcoCAR (Chevrolet Camaro 2016) testbed. We further evaluate the bit error, throughput, and detection performance of TACAN through extensive experiments using the EcoCAR testbed and a publicly available dataset collected from Toyota Camry 2010.

Controller area network is the serial communication protocol, which broadcasts the message on the CAN bus. The transmitted message is read by all the nodes which shares the CAN bus. The message can be eavesdropped and can be re-used by some other node by changing the information or send it by duplicate times. The message reused after some delay is replay attack. In this paper, the CAN network with three CAN nodes is implemented using the universal verification components and the replay attack is demonstrated by creating the faulty node. Two types of replay attack are implemented in this paper, one is to replay the entire message and the other one is to replay only the part of the frame. The faulty node uses the first replay attack method where it behaves like the other node in the network by duplicating the identifier. CAN frame except the identifier is reused in the second method which is hard to detect the attack as the faulty node uses its own identifier and duplicates only the data in the CAN frame.

Automotive systems are currently undergoing a rapid evolution through the integration of the Internet of Things (IoT) and Software Defined Networking (SDN) technologies. The main focus of this evolution is to improve the driving experience, including automated controls, intelligent navigation and safety systems. Moreover, the extremely rapid pace that such technologies are brought into the vehicles, necessitates the presence of adequate testing of new features to avoid operational errors. Apart from testing though, IoT and SDN technologies also widen the threat landscape of cyber-security risks due to the amount of connectivity interfaces that are nowadays exposed in vehicles. In this paper we present a new method, based on OMNET++, for testing new in-vehicle features and assessing security risks through network simulation. The method is demonstrated through a case-study on a Toyota Prius, whose network data are analyzed for the detection of anomalies caused from security threats or operational errors.

Fully connected autonomous vehicles are more vulnerable than ever to hacking and data theft. The controller area network (CAN) protocol is used for communication between in-vehicle control networks (IVN). The absence of basic security features of this protocol, like message authentication, makes it quite vulnerable to a wide range of attacks including spoofing attacks. As traditional cybersecurity methods impose limitations in ensuring confidentiality and integrity of transmitted messages via CAN, a new technique has emerged among others to approve its reliability in fully authenticating the CAN messages. At the physical layer of the communication system, the method of fingerprinting the messages is implemented to link the received signal to the transmitting electronic control unit (ECU). This paper introduces a new method to implement the security of modern electric vehicles. The lumped element model is used to characterize the channel-specific step response. ECU and channel imperfections lead to a unique transfer function for each transmitter. Due to the unique transfer function, the step response for each transmitter is unique. In this paper, we use control system parameters as a feature-set, afterward, a neural network is used transmitting node identification for message authentication. A dataset collected from a CAN network with eight-channel lengths and eight ECUs to evaluate the performance of the suggested method. Detection results show that the proposed method achieves an accuracy of 97.4% of transmitter detection.

The Controller Area Network (CAN) is a widely used industry-standard intra-vehicle broadcast network that connects the Electronic Control Units (ECUs) which control most car systems. The CAN contains substantial vulnerabilities that can be exploited by attackers to gain control of the vehicle, due to its lack of security measures. To prevent an attacker from sending malicious messages through the CAN bus to take over a vehicle, we propose the addition of a secure hardware-based module, or Security ECU (SECU), onto the CAN bus. The SECU can perform key distribution and message verification, as well as corrupting malicious messages before they are fully received by an ECU. Only software modification is needed for existing ECUs, without changing the CAN protocol. This provides backward compatibility with existing CAN systems. Furthermore, we collect 6.673 million CAN bus messages from various cars, and find that the CAN messages collectively have low entropy, with an average of 11.915 bits. This finding motivates our proposal for CAN bus message compression, which allows us to significantly reduce message size to fit the message and its message authentication code (MAC) within one CAN frame, enabling fast authentication. Since ECUs only need to generate the MACs (and not verify them), the delay and computation overhead are also reduced compared to traditional authentication mechanisms. Our authentication mechanism is implemented on a realistic testbed using industry standard MCP2551 CAN transceivers and Raspberry Pi embedded systems. Experimental results demonstrate that our mechanism can achieve real-time message authentication on the CAN bus with minimal latency.