State-of-the-Art Survey on In-Vehicle Network Communication (CAN-Bus) Security and Vulnerabilities

Nowadays with the help of advanced technology, modern vehicles are not only made up of mechanical devices but also consist of highly complex electronic devices and connections to the outside world. There are around 70 Electronic Control Units (ECUs) in modern vehicle which are communicating with each other over the standard communication protocol known as Controller Area Network (CAN-Bus) that provides the communication rate up to 1Mbps. There are different types of in-vehicle network protocol and bus system namely Controlled Area Network (CAN), Local Interconnected Network (LIN), Media Oriented System Transport (MOST), and FlexRay. Even though CAN-Bus is considered as de-facto standard for in-vehicle network communication, it inherently lacks the fundamental security features by design like message authentication. This security limitation has paved the way for adversaries to penetrate into the vehicle network and do malicious activities which can pose a dangerous situation for both driver and passengers. In particular, nowadays vehicular networks are not only closed systems, but also they are open to different external interfaces namely Bluetooth, GPS, to the outside world. Therefore, it creates new opportunities for attackers to remotely take full control of the vehicle. The objective of this research is to survey the current limitations of CAN-Bus protocol in terms of secure communication and different solutions that researchers in the society of automotive have provided to overcome the CAN-Bus limitation on different layers.

[1]  Qiyan Wang,et al.  VeCure: A practical security framework to protect the CAN bus of vehicles , 2014, 2014 International Conference on the Internet of Things (IOT).

[2]  Wei Wang,et al.  The design of communication convertor based on CAN bus , 2008, 2008 IEEE International Conference on Industrial Technology.

[3]  Manuel Barbosa,et al.  An overview of controller area network , 1999 .

[4]  Yongdae Kim,et al.  A machine learning framework for network anomaly detection using SVM and GA , 2005, Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop.

[5]  Jörg Kaiser,et al.  Implementing the real-time publisher/subscriber model on the controller area network (CAN) , 1999, Proceedings 2nd IEEE International Symposium on Object-Oriented Real-Time Distributed Computing (ISORC'99) (Cat. No.99-61702).

[6]  Felix C. Freiling,et al.  A structured approach to anomaly detection for in-vehicle networks , 2010, 2010 Sixth International Conference on Information Assurance and Security.

[7]  Hafiz Malik,et al.  Linking received packet to the transmitter through physical-fingerprinting of controller area network , 2017, 2017 IEEE Workshop on Information Forensics and Security (WIFS).

[8]  Farzin Piltan,et al.  Design Minimum Rule-Base Fuzzy Inference Nonlinear Controller for Second Order Nonlinear System , 2014 .

[9]  Alan Burns,et al.  Guaranteeing message latencies on controller area network (can) , 1994 .

[10]  Sara Matzner,et al.  An application of machine learning to network intrusion detection , 1999, Proceedings 15th Annual Computer Security Applications Conference (ACSAC'99).

[11]  Jana Dittmann,et al.  Security threats to automotive CAN networks - Practical examples and selected short-term countermeasures , 2008, Reliab. Eng. Syst. Saf..

[12]  Farzin Piltan,et al.  Design New Online Tuning Intelligent Chattering Free Fuzzy Compensator , 2014 .

[13]  Farzin Piltan,et al.  Design High Efficiency-Minimum Rule Base PID Like Fuzzy Computed Torque Controller , 2014 .

[14]  William Stallings,et al.  Cryptography and network security - principles and practice (3. ed.) , 2014 .

[15]  Alberto L. Sangiovanni-Vincentelli,et al.  Cyber-Security for the Controller Area Network (CAN) Communication Protocol , 2012, 2012 International Conference on Cyber Security.

[16]  Farzin Piltan,et al.  Design New Robust Self Tuning Fuzzy Backstopping Methodology , 2014 .

[17]  Mohammad A. Al-Khedher,et al.  Intelligent Anti-Theft and Tracking System for Automobiles , 2012 .

[18]  Christof Paar,et al.  On the Power of Power Analysis in the Real World: A Complete Break of the KeeLoqCode Hopping Scheme , 2008, CRYPTO.

[19]  Radovan Miucic,et al.  Firmware Update Over The Air (FOTA) for Automotive Industry , 2007 .

[20]  Farzin Piltan,et al.  Design a Novel SISO Off-line Tuning of Modified PID Fuzzy Sliding Mode Controller , 2014 .

[21]  Hafiz Malik,et al.  Comparative Study of CAN-Bus and FlexRay Protocols for In-Vehicle Communication , 2017 .

[22]  Naim Asaj,et al.  Entropy-based anomaly detection for in-vehicle networks , 2011, 2011 IEEE Intelligent Vehicles Symposium (IV).

[23]  Erland Jonsson,et al.  A First Simulation of Attacks in the Automotive Network Communications Protocol FlexRay , 2008, CISIS.

[24]  Farzin Piltan,et al.  Research on Minimum Intelligent Unit for Flexible Robot , 2015 .

[25]  Kang G. Shin,et al.  Fingerprinting Electronic Control Units for Vehicle Intrusion Detection , 2016, USENIX Security Symposium.

[26]  William Stallings,et al.  Cryptography and Network Security: Principles and Practice , 1998 .

[27]  Anupam Joshi,et al.  Using Data Analytics to Detect Anomalous States in Vehicles , 2015, ArXiv.