A Survey on Controller Area Network Reverse Engineering

Controller Area Network (CAN) is a masterless serial bus designed and widely used for the exchange of mission and time-critical information within commercial vehicles. In-vehicle communication is based on messages sent and received by Electronic Control Units (ECUs) connected to this serial bus network. Although unencrypted, CAN messages are not easy to interpret. In fact, Original Equipment Manufacturers (OEMs) attempt to achieve security through obscurity by encoding the data in their proprietary format, which is kept secret from the general public. As a result, the only way to obtain clear data is to reverse engineer CAN messages. Driven by the need for in-vehicle message interpretation, which is highly valuable in the automotive industry, researchers and companies have been working to make this process automated, fast, and standardized. In this paper, we provide a comprehensive review of the state of the art and summarize the major advances in CAN bus reverse engineering. We are the first to provide a taxonomy of CAN tokenization and translation techniques. Based on the reviewed literature, we highlight an important issue: the lack of a public and standardized dataset for the quantitative evaluation of translation algorithms. In response, we define a complete set of requirements for standardizing the data collection process. We also investigate the risks associated with the automation of CAN reverse engineering, in particular with respect to the security network and the safety and privacy of drivers and passengers. Finally, we discuss future research directions in CAN reverse engineering.

[1]  Daxin Tian,et al.  In-Vehicle CAN Bus Tampering Attacks Detection for Connected and Autonomous Vehicles Using an Improved Isolation Forest Method , 2023, IEEE Transactions on Intelligent Transportation Systems.

[2]  Mert D. Pesé,et al.  DETROIT: Data Collection, Translation and Sharing for Rapid Vehicular App Development , 2022, 2022 19th Annual IEEE International Conference on Sensing, Communication, and Networking (SECON).

[3]  T. Engel,et al.  Preventing Frame Fingerprinting in Controller Area Network Through Traffic Mutation , 2022, 2022 IEEE International Conference on Communications Workshops (ICC Workshops).

[4]  K. Kirkpatrick Still waiting for self-driving cars , 2022, Commun. ACM.

[5]  I. Moerman,et al.  Designing a 5G architecture to overcome the challenges of the teleoperated transport and logistics , 2022, 2022 IEEE 19th Annual Consumer Communications & Networking Conference (CCNC).

[6]  T. Engel,et al.  On Frame Fingerprinting and Controller Area Networks Security in Connected Vehicles , 2022, 2022 IEEE 19th Annual Consumer Communications & Networking Conference (CCNC).

[7]  Gedare Bloom,et al.  Reverse Engineering Controller Area Network Messages Using Unsupervised Machine Learning , 2022, IEEE Consumer Electronics Magazine.

[8]  Kang G. Shin,et al.  S2-CAN: Sufficiently Secure Controller Area Network , 2021, ACSAC.

[9]  Thomas Engel,et al.  CANMatch: A Fully Automated Tool for CAN Bus Reverse Engineering Based on Frame Matching , 2021, IEEE Transactions on Vehicular Technology.

[10]  T. Engel,et al.  Poster: A Methodology for Semi-Automated CAN Bus Reverse Engineering , 2021, 2021 IEEE Vehicular Networking Conference (VNC).

[11]  H. Vincent Poor,et al.  6G Internet of Things: A Comprehensive Survey , 2021, IEEE Internet of Things Journal.

[12]  Hyo Jin Jo,et al.  A Survey of Attacks on Controller Area Networks and Corresponding Countermeasures , 2021, IEEE Transactions on Intelligent Transportation Systems.

[13]  Sherali Zeadally,et al.  Trust in VANET: A Survey of Current Solutions and Future Research Opportunities , 2021, IEEE Transactions on Intelligent Transportation Systems.

[14]  Noor O. Ahmed,et al.  Detection of Message Injection Attacks Onto the CAN Bus Using Similarities of Successive Messages-Sequence Graphs , 2021, IEEE Transactions on Information Forensics and Security.

[15]  Huy Kang Kim,et al.  Cybersecurity for autonomous vehicles: Review of attacks and defense , 2021, Comput. Secur..

[16]  Dong Hoon Lee,et al.  An Enhanced Method for Reverse Engineering CAN Data Payload , 2021, IEEE Transactions on Vehicular Technology.

[17]  Mate Boban,et al.  A Tutorial on 5G NR V2X Communications , 2021, IEEE Communications Surveys & Tutorials.

[18]  Ziwei Huang,et al.  Vehicular communication channel measurement, modelling, and application for beyond 5G and 6G , 2020, IET Commun..

[19]  German Castignani,et al.  A Data-Driven Minimal Approach for CAN Bus Reverse Engineering , 2020, 2020 IEEE 3rd Connected and Automated Vehicles Symposium (CAVS).

[20]  Travis Atkison,et al.  VANET applications: Past, present, and future , 2020, Veh. Commun..

[21]  Miaowen Wen,et al.  Emerging Technologies for 5G-IoV Networks: Applications, Trends and Opportunities , 2020, IEEE Network.

[22]  Michael D. Iannacone,et al.  CAN-D: A Modular Four-Step Pipeline for Comprehensively Decoding Controller Area Network Data , 2020, IEEE Transactions on Vehicular Technology.

[23]  Joseph Zambreno,et al.  Towards Reverse Engineering Controller Area Network Messages Using Machine Learning , 2020, 2020 IEEE 6th World Forum on Internet of Things (WF-IoT).

[24]  Stefan Nürnberger,et al.  I Know Where You Parked Last Summer : Automated Reverse Engineering and Privacy Analysis of Modern Cars , 2020, 2020 IEEE Symposium on Security and Privacy (SP).

[25]  Mohammad Samie,et al.  Evaluation of CAN Bus Security Challenges † , 2020, Sensors.

[26]  Alois Švec Vector , 2020, Definitions.

[27]  Nei Kato,et al.  Future Intelligent and Secure Vehicular Network Toward 6G: Machine-Learning Approaches , 2020, Proceedings of the IEEE.

[28]  Nadra Guizani,et al.  Autonomous Driving Cars in Smart Cities: Recent Advances, Requirements, and Challenges , 2020, IEEE Network.

[29]  Abu Talib Bin Othman,et al.  Intrusion detection system for automotive Controller Area Network (CAN) bus system: a review , 2019, EURASIP J. Wirel. Commun. Netw..

[30]  Kang G. Shin,et al.  LibreCAN: Automated CAN Message Translator , 2019, CCS.

[31]  Robert A. Bridges,et al.  Data-Driven Extraction of Vehicle States From CAN Bus Traffic for Cyberprotection and Safety , 2019, IEEE Consumer Electronics Magazine.

[32]  Yongqiang Lyu,et al.  LEAP: A Lightweight Encryption and Authentication Protocol for In-Vehicle Communications , 2019, 2019 IEEE Intelligent Transportation Systems Conference (ITSC).

[33]  Jerry den Hartog,et al.  A Survey of Network Intrusion Detection Systems for Controller Area Network , 2019, 2019 IEEE International Conference of Vehicular Electronics and Safety (ICVES).

[34]  Sergio Barbarossa,et al.  6G: The Next Frontier: From Holographic Messaging to Artificial Intelligence Using Subterahertz and Visible Light Communication , 2019, IEEE Vehicular Technology Magazine.

[35]  P. Fan,et al.  6G Wireless Networks: Vision, Requirements, Architecture, and Key Technologies , 2019, IEEE Vehicular Technology Magazine.

[36]  Weisong Shi,et al.  Edge Computing for Autonomous Driving: Opportunities and Challenges , 2019, Proceedings of the IEEE.

[37]  Agostino Cortesi,et al.  Static analysis of Android Auto infotainment and on‐board diagnostics II apps , 2019, Softw. Pract. Exp..

[38]  Bogdan Groza,et al.  Efficient Intrusion Detection With Bloom Filtering in Controller Area Networks , 2019, IEEE Transactions on Information Forensics and Security.

[39]  Hafedh Trabelsi,et al.  Cryptographic and Intrusion Detection System for automotive CAN bus: Survey and contributions , 2019, 2019 16th International Multi-Conference on Systems, Signals & Devices (SSD).

[40]  Walid Saad,et al.  A Vision of 6G Wireless Systems: Applications, Trends, Technologies, and Open Research Problems , 2019, IEEE Network.

[41]  Gergely Ács,et al.  Extracting Vehicle Sensor Signals from CAN Logs for Driver Re-identification , 2019, ICISSP.

[42]  Gedare Bloom,et al.  Survey of Automotive Controller Area Network Intrusion Detection Systems , 2019, IEEE Design & Test.

[43]  Dong Hoon Lee,et al.  Enhanced Android App-Repackaging Attack on In-Vehicle Network , 2019, Wirel. Commun. Mob. Comput..

[44]  G. Currie,et al.  Understanding autonomous vehicles: A systematic literature review on capability, impact, planning and policy , 2019, Journal of Transport and Land Use.

[45]  Songcan Chen,et al.  Recent Advances in Open Set Recognition: A Survey , 2018, IEEE Transactions on Pattern Analysis and Machine Intelligence.

[46]  Robert A. Bridges,et al.  ACTT: Automotive CAN Tokenization and Translation , 2018, 2018 International Conference on Computational Science and Computational Intelligence (CSCI).

[47]  Minseok Kim,et al.  Real-time Driver Identification using Vehicular Big Data and Deep Learning , 2018, 2018 21st International Conference on Intelligent Transportation Systems (ITSC).

[48]  Hassan Artail,et al.  A Lightweight Synchronous Cryptographic Hash Chain Solution to Securing the Vehicle CAN bus , 2018, 2018 IEEE International Multidisciplinary Conference on Engineering Technology (IMCET).

[49]  Adam Torok,et al.  Automatization in road transport: a review , 2018, Production Engineering Archives.

[50]  Gang Qu,et al.  An Entropy Analysis Based Intrusion Detection System for Controller Area Network in Vehicles , 2018, 2018 31st IEEE International System-on-Chip Conference (SOCC).

[51]  Barry E. Mullins,et al.  Unsupervised Time Series Extraction from Controller Area Network Payloads , 2018, 2018 IEEE 88th Vehicular Technology Conference (VTC-Fall).

[52]  Huy Kang Kim,et al.  GIDS: GAN based Intrusion Detection System for In-Vehicle Network , 2018, 2018 16th Annual Conference on Privacy, Security and Trust (PST).

[53]  Mohammad Samie,et al.  A Survey on CAN Bus Protocol: Attacks, Challenges, and Potential Solutions , 2018, 2018 International Conference on Computing, Electronics & Communications Engineering (iCCECE).

[54]  Hiroshi Ueda,et al.  Anomaly-Based Intrusion Detection Using the Density Estimation of Reception Cycle Periods for In-Vehicle Networks , 2018 .

[55]  M. Ghogho,et al.  Who is behind the wheel? Driver identification and fingerprinting , 2018, Journal of Big Data.

[56]  Myung-Sup Kim,et al.  A Survey of Automatic Protocol Reverse Engineering Approaches, Methods, and Tools on the Inputs and Outputs View , 2018, Secur. Commun. Networks.

[57]  Hafiz Malik,et al.  State-of-the-Art Survey on In-Vehicle Network Communication (CAN-Bus) Security and Vulnerabilities , 2018, ArXiv.

[58]  Bogdan Groza,et al.  Security Solutions for the Controller Area Network: Bringing Authentication to In-Vehicle Networks , 2018, IEEE Vehicular Technology Magazine.

[59]  Frank Piessens,et al.  VulCAN: Efficient Component Authentication and Software Isolation for Automotive Control Networks , 2017, ACSAC.

[60]  Peter Hellinckx,et al.  Automatic Reverse Engineering of CAN Bus Data Using Machine Learning Techniques , 2017, 3PGCIC.

[61]  Paolo Santi,et al.  Driving Behavior Analysis through CAN Bus Data in an Uncontrolled Environment , 2017, IEEE Transactions on Intelligent Transportation Systems.

[62]  Radha Poovendran,et al.  Cloaking the Clock: Emulating Clock Skew in Controller Area Networks , 2017, 2018 ACM/IEEE 9th International Conference on Cyber-Physical Systems (ICCPS).

[63]  Huy Kang Kim,et al.  OTIDS: A Novel Intrusion Detection System for In-vehicle Network by Using Remote Frame , 2017, 2017 15th Annual Conference on Privacy, Security and Trust (PST).

[64]  James F. Plusquellic,et al.  Secure communication over CANBus , 2017, 2017 IEEE 60th International Midwest Symposium on Circuits and Systems (MWSCAS).

[65]  Li Zhao,et al.  Vehicle-to-Everything (v2x) Services Supported by LTE-Based Systems and 5G , 2017, IEEE Communications Standards Magazine.

[66]  Stefano Zanero,et al.  A Stealth, Selective, Link-Layer Denial-of-Service Attack Against Automotive Networks , 2017, DIMVA.

[67]  Lionel Nkenyereye,et al.  Integration of big data for querying CAN bus data from connected car , 2017, 2017 Ninth International Conference on Ubiquitous and Future Networks (ICUFN).

[68]  Avishai Wool,et al.  Field classification, modeling and anomaly detection in unknown CAN bus networks , 2017, Veh. Commun..

[69]  Jürgen Jasperneite,et al.  Approaches for In-vehicle Communication - An Analysis and Outlook , 2017, CN.

[70]  Bo Wang,et al.  Driver Identification Using Vehicle Telematics Data , 2017 .

[71]  Subramaniam Ganesan,et al.  CAN Crypto FPGA Chip to Secure Data Transmitted Through CAN FD Bus Using AES-128 and SHA-1 Algorithms with A Symmetric Key , 2017 .

[72]  Dong Hoon Lee,et al.  Vulnerabilities of Android OS-Based Telematics System , 2017, Wirel. Pers. Commun..

[73]  Ram Dantu,et al.  Automating ECU Identification for Vehicle Security , 2016, 2016 15th IEEE International Conference on Machine Learning and Applications (ICMLA).

[74]  Bruce Kraemer,et al.  Automotive Ethernet , 2016, IEEE Commun. Mag..

[75]  Huy Kang Kim,et al.  Know your master: Driver profiling-based anti-theft method , 2016, 2016 14th Annual Conference on Privacy, Security and Trust (PST).

[76]  Rok Sosic,et al.  Driver identification using automobile sensor data from a single turn , 2016, 2016 IEEE 19th International Conference on Intelligent Transportation Systems (ITSC).

[77]  Javier Echanobe,et al.  Driver identification and impostor detection based on driving behavior signals , 2016, 2016 IEEE 19th International Conference on Intelligent Transportation Systems (ITSC).

[78]  David Starobinski,et al.  Protocol-Compliant DoS Attacks on CAN: Demonstration and Mitigation , 2016, 2016 IEEE 84th Vehicular Technology Conference (VTC-Fall).

[79]  Christian Rossow,et al.  - vatiCAN - Vetted, Authenticated CAN Bus , 2016, CHES.

[80]  Kang G. Shin,et al.  Fingerprinting Electronic Control Units for Vehicle Intrusion Detection , 2016, USENIX Security Symposium.

[81]  Aaron Hunter,et al.  A Security Analysis of an In-Vehicle Infotainment and App Platform , 2016, WOOT.

[82]  Martin Sysel,et al.  Design and Implementation of an Integrated System with Secure Encrypted Data Transmission , 2016, CSOC.

[83]  Emilio Frazzoli,et al.  A Survey of Motion Planning and Control Techniques for Self-Driving Urban Vehicles , 2016, IEEE Transactions on Intelligent Vehicles.

[84]  Gregory D. Abowd,et al.  Driver Classification Based on Driving Behaviors , 2016, IUI.

[85]  Craig A. Smith,et al.  The Car Hacker's Handbook: A Guide for the Penetration Tester , 2016 .

[86]  Hiroaki Takada,et al.  CaCAN: Centralized Authentication System in CAN (Controller Area Network) , 2016 .

[87]  Thomas Engel,et al.  A Car Hacking Experiment: When Connectivity Meets Vulnerability , 2015, 2015 IEEE Globecom Workshops (GC Wkshps).

[88]  Nathalie Japkowicz,et al.  Frequency-based anomaly detection for the automotive CAN bus , 2015, 2015 World Congress on Industrial Control Systems Security (WCICSS).

[89]  Qing Li,et al.  Unknown network protocol classification method based on semi-supervised learning , 2015, 2015 IEEE International Conference on Computer and Communications (ICCC).

[90]  Daniel J. Fagnant,et al.  Preparing a Nation for Autonomous Vehicles: Opportunities, Barriers and Policy Recommendations , 2015 .

[91]  Dong Hoon Lee,et al.  A Practical Wireless Attack on the Connected Car and Security Protocol for In-Vehicle CAN , 2015, IEEE Transactions on Intelligent Transportation Systems.

[92]  Myoungho Sunwoo,et al.  Development of Autonomous Car—Part II: A Case Study on the Implementation of an Autonomous Driving System Based on Distributed Architecture , 2015, IEEE Transactions on Industrial Electronics.

[93]  Micah Sherr,et al.  Multi-class Traffic Morphing for Encrypted VoIP Communication , 2015, Financial Cryptography.

[94]  Qiyan Wang,et al.  VeCure: A practical security framework to protect the CAN bus of vehicles , 2014, 2014 International Conference on the Internet of Things (IOT).

[95]  Alejandro Quintero,et al.  VANET security surveys , 2014, Comput. Commun..

[96]  Julio R. Banga,et al.  Reverse engineering and identification in systems biology: strategies, perspectives and challenges , 2014, Journal of The Royal Society Interface.

[97]  Yves Deswarte,et al.  Survey on security threats and protection mechanisms in embedded automotive networks , 2013, 2013 43rd Annual IEEE/IFIP Conference on Dependable Systems and Networks Workshop (DSN-W).

[98]  James T. Kwok,et al.  Efficient Multi-label Classification with Many Labels , 2013, ICML.

[99]  Armin Wasicek,et al.  Enhancing security in CAN systems using a star coupling router , 2012, 7th IEEE International Symposium on Industrial Embedded Systems (SIES'12).

[100]  Mónica Aguilar-Igartua,et al.  Smart city for VANETs using warning messages, traffic statistics and intelligent traffic lights , 2012, 2012 IEEE Intelligent Vehicles Symposium.

[101]  Christoph Treude,et al.  An Exploratory Study of Software Reverse Engineering in a Security Context , 2011, 2011 18th Working Conference on Reverse Engineering.

[102]  Paulo Veríssimo,et al.  Reverse Engineering of Protocols from Network Traces , 2011, 2011 18th Working Conference on Reverse Engineering.

[103]  John B. Kenney,et al.  Dedicated Short-Range Communications (DSRC) Standards in the United States , 2011, Proceedings of the IEEE.

[104]  Shane Borrowman,et al.  The Fall of Carthage: The Punic Wars 265–146 BC, Adrian Goldsworthy The Trojan War: A New History, Barry Strauss , 2008 .

[105]  D.K. Nilsson,et al.  An approach to specification-based attack detection for in-vehicle networks , 2008, 2008 IEEE Intelligent Vehicles Symposium.

[106]  Helen J. Wang,et al.  Discoverer: Automatic Protocol Reverse Engineering from Network Traces , 2007, USENIX Security Symposium.

[107]  Volkan Sezer,et al.  Data collection with "UYANIK": too much pain; but gains are coming , 2007 .

[108]  A. Goldsworthy The Fall of Carthage: The Punic Wars 265-146 BC , 2003 .

[109]  Mirco Marchetti,et al.  READ: Reverse Engineering of Automotive Data Frames , 2003, IEEE Transactions on Information Forensics and Security.

[110]  Hans-Peter Kriegel,et al.  A Density-Based Algorithm for Discovering Clusters in Large Spatial Databases with Noise , 1996, KDD.

[111]  H. Edelsbrunner,et al.  Efficient algorithms for agglomerative hierarchical clustering methods , 1984 .

[112]  C. Mallows,et al.  A Method for Comparing Two Hierarchical Clusterings , 1983 .

[113]  Xiapu Luo,et al.  Towards Automatically Reverse Engineering Vehicle Diagnostic Protocols , 2022, USENIX Security Symposium.

[114]  Rose Qingyang Hu,et al.  Challenges and Solutions for Cellular Based V2X Communications , 2021, IEEE Communications Surveys & Tutorials.

[115]  Qi Alfred Chen,et al.  Automated Cross-Platform Reverse Engineering of CAN Bus Commands From Mobile Apps , 2020, NDSS.

[116]  Qi Alfred Chen,et al.  Plug-N-Pwned: Comprehensive Vulnerability Analysis of OBD-II Dongles as A New Over-the-Air Attack Surface in Automotive IoT , 2020, USENIX Security Symposium.

[117]  J. Stein Automotive software and electronics 2030 , 2019 .

[118]  Kenji Ishida,et al.  Spoofing attack using bus-off attacks against a specific ECU of the CAN bus , 2018, 2018 15th IEEE Annual Consumer Communications & Networking Conference (CCNC).

[119]  L. V. Dijk Future Vehicle Networks and ECUs Architecture and Technology considerations , 2017 .

[120]  Xiang Zhang,et al.  A Survey on Platoon-Based Vehicular Cyber-Physical Systems , 2016, IEEE Communications Surveys & Tutorials.

[121]  Tadayoshi Kohno,et al.  Automobile Driver Fingerprinting , 2016, Proc. Priv. Enhancing Technol..

[122]  Flavio D. Garcia,et al.  University of Birmingham LeiA: A Lightweight Authentication Protocol for CAN , 2016 .

[123]  Engin Erzin,et al.  Driver Status Identification from Driving Behavior Signals , 2012 .

[124]  Ingrid Verbauwhede,et al.  CANAuth - A Simple, Backward Compatible Broadcast Authentication Protocol for CAN bus , 2011 .

[125]  Matti Valovirta,et al.  Experimental Security Analysis of a Modern Automobile , 2011 .

[126]  S. Nakamoto,et al.  Bitcoin: A Peer-to-Peer Electronic Cash System , 2008 .

[127]  Duc Truong Pham,et al.  Reverse engineering: An industrial perspective , 2008 .

[128]  Eldad Eilam,et al.  Reversing: Secrets of Reverse Engineering , 2005 .

[129]  Linda M. Wills,et al.  Reverse Engineering , 1996, Springer US.

[130]  Hausi A. Müller,et al.  Structural Redocumentation: A Case Study , 1995, IEEE Softw..

[131]  Ian Pyle,et al.  Software Reuse and Reverse Engineering in Practice , 1993 .

[132]  James H. Cross,et al.  Reverse engineering and design recovery: a taxonomy , 1990, IEEE Software.

[133]  R. Koschke Journal of Software Maintenance and Evolution: Research and Practice Software Visualization in Software Maintenance, Reverse Engineering, and Re-engineering: a Research Survey , 2022 .