Alessio Buscemi scite author profile

Modern connected vehicles are equipped with a large number of sensors, which enable a wide range of services that can improve overall traffic safety and efficiency. However, remote access to connected vehicles also introduces new security issues affecting both inter and intra-vehicle communications. In fact, existing intra-vehicle communication systems, such as Controller Area Network (CAN), lack security features, such as encryption and secure authentication for Electronic Control Units (ECUs). Instead, Original Equipment Manufacturers (OEMs) seek security through obscurity by keeping secret the proprietary format with which they encode the information. Recently, it has been shown that the reuse of CAN frame IDs can be exploited to perform CAN bus reverse engineering without physical access to the vehicle, thus raising further security concerns in a connected environment. This work investigates whether anonymizing the frames of each newly released vehicle is sufficient to prevent CAN bus reverse engineering based on frame ID matching. The results show that, by adopting Machine Learning techniques, anonymized CAN frames can still be fingerprinted and identified in an unknown vehicle with an accuracy of up to 80 %.

show abstract

A Data-Driven Minimal Approach for CAN Bus Reverse Engineering

Buscemi

Castignani

Engel

et al. 2020

View full text Add to dashboard Cite

Current in-vehicle communication systems lack security features, such as encryption and secure authentication. The approach most commonly used by car manufacturers is to achieve security through obscurity-keep the proprietary format used to encode the information secret. However, it is still possible to decode this information via reverse engineering. Existing reverse engineering methods typically require physical access to the vehicle and are time consuming. In this paper, we present a Machine Learning-based method that performs automated Controller Area Network (CAN) bus reverse engineering while requiring minimal time, hardware equipment, and potentially no physical access to the vehicle. Our results demonstrate high accuracy in identifying critical vehicle functions just from analysing raw traces of CAN data.

show abstract

Assessing the Impact of Attacks on an Automotive Ethernet Time Synchronization Testbed

Fotouhi

Buscemi

Boualouache

et al. 2023

View full text Add to dashboard Cite

Time Sensitive Network (TSN) standards are gaining traction in the scientific community and automotive Original Equipment Manufacturers (OEMs) due their promise of deterministic Ethernet networking. Among these standards, Generalized Precision Time Protocol (gPTP) -IEEE 802.1ASallows network devices to be synchronized with a precision far higher than other synchronization standards, such as Network Time Protocol (NTP). gPTP is a profile of Precision Time Protocol (PTP) which, due to its robustness to delay variations, has been designated for automotive applications. Nonetheless, gPTP was designed without security controls, which makes it vulnerable to a number of attacks. This work reveals a critical vulnerability caused by a common implementation practice that opens the door to spoofing attacks on gPTP. To assess the impact of this vulnerability, we built two real gPTP-capable testbeds. Our results show high risks of this vulnerability destabilizing the system functionality.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Alessio Buscemi

CANMatch: A Fully Automated Tool for CAN Bus Reverse Engineering Based on Frame Matching

On Frame Fingerprinting and Controller Area Networks Security in Connected Vehicles

A Data-Driven Minimal Approach for CAN Bus Reverse Engineering

Assessing the Impact of Attacks on an Automotive Ethernet Time Synchronization Testbed

Contact Info

Product

Resources

About