Cyber security attacks to modern vehicular systems

Abstract Security is a fundamental concern in modern vehicular systems. The advancement in modern vehicular systems provides many benefits such as reducing traffic congestion and improving safety and fuel economy via vehicular networks. However, many vehicular experts in industry take it for granted that Controller Area Network (CAN) bus being the most important part of a vehicle is secured and cannot be easily hacked; furthermore, cyber security experts have limited exposure to CAN bus. This paper provides in-depth explanation of CAN bus and feasible scenarios where a vehicle is no longer safe after its CAN bus is compromised. Furthermore, the inclusion of CAN bus attacking codes in a mobile malware is cost-effective for the malicious attackers but very challenging for vehicle engineers to mitigate the security risks. Based on a variety of security attacks, we analyze potential attacks and their impact on the safety of the vehicle users. A number of vulnerabilities and attack scenarios are exposed which allows malicious attackers to hamper the vehicular control systems and cause harm to the vehicle even the passengers. In this paper, we do not report on our own implementation of attacks on real vehicles; our aim is to motivate further research to improve the security of the modern vehicular systems.

[1]  Kang G. Shin,et al.  Error Handling of In-vehicle Networks Makes Them Vulnerable , 2016, CCS.

[2]  Erland Jonsson,et al.  Efficient In-Vehicle Delayed Data Authentication Based on Compound Message Authentication Codes , 2008, 2008 IEEE 68th Vehicular Technology Conference.

[3]  G.J. Holzmann,et al.  Using SPIN model checking for flight software verification , 2002, Proceedings, IEEE Aerospace Conference.

[4]  R. Makowitz,et al.  Flexray - A communication network for automotive control systems , 2006, 2006 IEEE International Workshop on Factory Communication Systems.

[5]  Mukund Ghangurde Ford SYNC and Microsoft Windows Embedded Automotive Make Digital Lifestyle a Reality on the Road , 2010 .

[6]  M. Yampolskiy,et al.  In-Vehicle Networks: Attacks, Vulnerabilities, and Proposed Solutions , 2015, CISR.

[7]  Mianxiong Dong,et al.  Control Plane Optimization in Software-Defined Vehicular Ad Hoc Networks , 2016, IEEE Transactions on Vehicular Technology.

[8]  Ozan K. Tonguz,et al.  On the Security of Intra-Car Wireless Sensor Networks , 2009, 2009 IEEE 70th Vehicular Technology Conference Fall.

[9]  Huy Kang Kim,et al.  Intrusion detection system based on the analysis of time intervals of CAN messages for in-vehicle network , 2016, 2016 International Conference on Information Networking (ICOIN).

[10]  Christoph Ruland,et al.  Secure and authentic communication on existing in-vehicle networks , 2009, 2009 IEEE Intelligent Vehicles Symposium.

[11]  André Weimerskirch,et al.  State of the Art: Embedding Security in Vehicles , 2007, EURASIP J. Embed. Syst..

[12]  Phu H. Phung,et al.  A model for safe and secure execution of downloaded vehicle applications , 2010 .

[13]  Dongqin Feng,et al.  An Algorithm for Detection of Malicious Messages on CAN Buses , 2012, ITCS 2012.

[14]  Tao Li,et al.  From Offline toward Real Time: A Hybrid Systems Model Checking and CPS Codesign Approach for Medical Device Plug-and-Play Collaborations , 2014, IEEE Transactions on Parallel and Distributed Systems.

[15]  Alberto L. Sangiovanni-Vincentelli,et al.  Cyber-Security for the Controller Area Network (CAN) Communication Protocol , 2012, 2012 International Conference on Cyber Security.

[16]  Marko Wolf,et al.  Design, Implementation, and Evaluation of a Vehicular Hardware Security Module , 2011, ICISC.

[17]  Lutz Eckstein,et al.  The New BMW iDrive - Applied Processes and Methods to Assure High Usability , 2009, HCI.

[18]  Hideki Imai,et al.  New Attestation Based Security Architecture for In-Vehicle Communication , 2008, IEEE GLOBECOM 2008 - 2008 IEEE Global Telecommunications Conference.

[19]  Jana Dittmann,et al.  Security threats to automotive CAN networks - Practical examples and selected short-term countermeasures , 2008, Reliab. Eng. Syst. Saf..

[20]  Stephen Parker,et al.  Design and Analysis of a Robust Real-Time Engine Control Network , 2002, IEEE Micro.

[21]  Vasilis Fthenakis,et al.  Hazard and operability (HAZOP) analysis. A literature review. , 2010, Journal of hazardous materials.

[22]  Gunter Saake,et al.  On the Need of Data Management in Automotive Systems , 2009, BTW.

[23]  W. Hamberger,et al.  Audi Multi Media Interface (MMI): von der Idee zum Produkt Interdisziplinär - Prozessorientiert Modellreihenübergreifend , 2003 .

[24]  Mianxiong Dong,et al.  MMCD: Cooperative Downloading for Highway VANETs , 2015, IEEE Transactions on Emerging Topics in Computing.

[25]  Matti Valovirta,et al.  Experimental Security Analysis of a Modern Automobile , 2011 .

[26]  Hanxing Chen,et al.  Research on the Controller Area Network , 2009, 2009 International Conference on Networking and Digital Society.

[27]  Dong Hoon Lee,et al.  A Practical Wireless Attack on the Connected Car and Security Protocol for In-Vehicle CAN , 2015, IEEE Transactions on Intelligent Transportation Systems.

[28]  Hovav Shacham,et al.  Comprehensive Experimental Analyses of Automotive Attack Surfaces , 2011, USENIX Security Symposium.

[29]  Mianxiong Dong,et al.  Private and Flexible Urban Message Delivery , 2016, IEEE Transactions on Vehicular Technology.

[30]  Qiyan Wang,et al.  VeCure: A practical security framework to protect the CAN bus of vehicles , 2014, 2014 International Conference on the Internet of Things (IOT).