Controller area network (CAN) is one of the most popular in-vehicle networks. CAN allows electronic control units (ECUs) to communicate with each other. ECUs control various function of vehicle systems such as engine and transmission control. Therefore, CAN and ECUs are the high priority targets by hackers. If the CAN and the connected components are attacked, the vehicle may cause serious malfunction and fatal accidents. However, it is hard to find out the exact CAN messages to send and control the vehicle as intended by hackers. Likewise, vehicle security researchers have the same problem to find out the exact meaning of CAN messages to detect sophisticated attacks as well as attackers. It is relatively easy to detect the simple pattern of attacks such as denial of service (DoS) attack. However, CAN specification information is private information of car OEMs, to reveal the exact meaning of CAN messages, we need to analyze the messages by reverse engineering techniques, which is time-consuming and laborious tasks. To solve this problem, we developed the Automated CAN Analyzer (ACA). The ACA has automated reverse engineering functions which can help to analyze the relationship between the response data from a diagnostic query of on-board diagnostics II (OBD-II) and the related CAN traffic data. Furthermore, it supports the automated attack function that can inject fake messages into CAN bus based on pre-analyzed CAN message information. Researchers can easily confirm whether the reverse engineering results are correctly working or not through the provided automated attack function. As a result, the ACA could lower the barriers to entry to in-vehicle network research. To evaluate the ACA, we applied our approach to two real vehicles, Hyundai YF Sonata (2010 model) and KIA Soul (2014 model). In this paper, we can find out the meaning of CAN messages on both vehicles with the help of the ACA. Additionally, since modern vehicles are all equipped with OBD-II, our approach can be applied to most vehicle widely.
[1]
Stephen Yurkovich,et al.
Fuzzy learning control for antiskid braking systems
,
1993,
IEEE Trans. Control. Syst. Technol..
[2]
Jason Staggs.
How to Hack Your Mini Cooper: Reverse Engineering CAN Messages on Passenger Automobiles
,
2013
.
[3]
Wenyuan Xu,et al.
Security and Privacy Vulnerabilities of In-Car Wireless Networks: A Tire Pressure Monitoring System Case Study
,
2010,
USENIX Security Symposium.
[4]
Francisco Javier Quiles-Latorre,et al.
Complete hardware and software bench for the CAN bus
,
2016,
2016 IEEE International Conference on Consumer Electronics (ICCE).
[5]
Junmin Wang,et al.
Coordinated and Reconfigurable Vehicle Dynamics Control
,
2009,
IEEE Transactions on Control Systems Technology.
[6]
Dong Hoon Lee,et al.
A Practical Wireless Attack on the Connected Car and Security Protocol for In-Vehicle CAN
,
2015,
IEEE Transactions on Intelligent Transportation Systems.
[7]
Huy Kang Kim,et al.
Intrusion detection system based on the analysis of time intervals of CAN messages for in-vehicle network
,
2016,
2016 International Conference on Information Networking (ICOIN).
[8]
Petros A. Ioannou,et al.
Autonomous intelligent cruise control
,
1993
.
[9]
Fan Shuai,et al.
Study and design of gateway engine immobilizer based on CAN-bus
,
2011,
2011 International Conference on Consumer Electronics, Communications and Networks (CECNet).
[10]
J. Anthonis,et al.
Decoding of data on a CAN powertrain network
,
2009
.