Visible to the public Message Source Identification in Controller Area Network by Utilizing Diagnostic Communications and an Intrusion Detection System

TitleMessage Source Identification in Controller Area Network by Utilizing Diagnostic Communications and an Intrusion Detection System
Publication TypeConference Paper
Year of Publication2022
AuthorsMatsubayashi, Masaru, Koyama, Takuma, Tanaka, Masashi, Okano, Yasushi, Miyajima, Asami
Conference Name2022 IEEE 96th Vehicular Technology Conference (VTC2022-Fall)
KeywordsCAN Intrusion Detection System, Companies, controller area network, Controller area network (CAN), Diagnostic communication, Human Behavior, human factors, Intrusion detection, Network topology, Planning, pubcrawl, Regulation, resilience, Resiliency, security, Source identification, Topology, Vehicle configuration identification, Vehicular and wireless technologies
AbstractInternational regulations specified in WP.29 and international standards specified in ISO/SAE 21434 require security operations such as cyberattack detection and incident responses to protect vehicles from cyberattacks. To meet these requirements, many vehicle manufacturers are planning to install Intrusion Detection Systems (IDSs) in the Controller Area Network (CAN), which is a primary component of in-vehicle networks, in the coming years. Besides, many vehicle manufacturers and information security companies are developing technologies to identify attack paths related to IDS alerts to respond to cyberattacks appropriately and quickly. To develop the IDSs and the technologies to identify attack paths, it is essential to grasp normal communications performed on in-vehicle networks. Thus, our study aims to develop a technology that can easily grasp normal communications performed on in-vehicle networks. In this paper, we propose the first message source identification method that easily identifies CAN-IDs used by each Electronic Control Unit (ECU) connected to the CAN for message transmissions. We realize the proposed method by utilizing diagnostic communications and an IDS installed in the CAN (CAN-IDS). We evaluate the proposed method using an ECU installed in an actual vehicle and four kinds of simulated CAN-IDSs based on typical existing intrusion detection methods for the CAN. The evaluation results show that the proposed method can identify the CAN-ID used by the ECU for CAN message transmissions if a suitable simulated CAN-IDS for the proposed method is connected to the vehicle.
NotesISSN: 2577-2465
DOI10.1109/VTC2022-Fall57202.2022.10013027
Citation Keymatsubayashi_message_2022