A System to Recognize Intruders in Controller Area Network (CAN)

Carsten, Paul; Andel, Todd R.; Yampolskiy, Mark; McDonald, J. Todd; Russ, Samuel H.

doi:10.14236/ewic/ics2015.15

Cited by 9 publications

(12 citation statements)

References 2 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…CAN does not provide any message or device authentication in order to identify the sender of a particular message or to determine the identity of an ECU [2] - [5], [7], [8], [13] and [14]. This means that the CAN protocol is not capable of distinguishing between a legitimate ECU and a malicious one [7] and [14].…”

Section: A Lack Of Authenticationmentioning

confidence: 99%

“…This means that the CAN protocol is not capable of distinguishing between a legitimate ECU and a malicious one [7] and [14]. This security weakness makes replay attacks and transmission of spoofed messages possible since an unauthorized device can be easily connected to the CAN-Bus [2], [4], [5], [7], [13] and [14].…”

Section: A Lack Of Authenticationmentioning

confidence: 99%

“…One issue with CAN is that security was not even considered during its design stages since it was thought that vehicles would remain closed systems [7] and [8]. When vehicles were purely mechanical, the only way how one could gain access to a car is by physical access.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Security issues in controller area networks in automobiles

Buttigieg

Farrugia

Meli

2017

2017 18th International Conference on Sciences and Techniques of Automatic Control and Computer Engineering (STA)

View full text Add to dashboard Cite

Modern vehicles may contain a considerable number of ECUs (Electronic Control Units) which are connected through various means of communication, with the CAN (Controller Area Network) protocol being the most widely used. However, several vulnerabilities such as the lack of authentication and the lack of data encryption have been pointed out by several authors, which ultimately render vehicles unsafe to their users and surroundings. Moreover, the lack of security in modern automobiles has been studied and analyzed by other researchers as well as several reports about modern car hacking have (already) been published. The contribution of this work aimed to analyze and test the level of security and how resilient is the CAN protocol by taking a BMW E90 (3-series) instrument cluster as a sample for a proof of concept study. This investigation was carried out by building and developing a rogue device using cheap commercially available components while being connected to the same CAN-Bus as a man in the middle device in order to send spoofed messages to the instrument cluster.

show abstract

Section: A Lack Of Authenticationmentioning

confidence: 99%

Section: A Lack Of Authenticationmentioning

confidence: 99%

See 1 more Smart Citation

Security issues in controller area networks in automobiles

Buttigieg

Farrugia

Meli

2017

2017 18th International Conference on Sciences and Techniques of Automatic Control and Computer Engineering (STA)

View full text Add to dashboard Cite

show abstract

“…E os demais pinos, cada montadora implementa para os protocolos de comunicação. No entanto, existe um problema de vulnerabilidade no protocolo CAN que pode dar acesso ao intruso no sistema de computador de bordo do veículo [6][7][8][9].…”

Section: Figura 1 -Alguns Sinais Indicadores De Mau Funcionamentounclassified

OBD-III: Tendências e Perspectivas

Tomioka¹,

Souza²

2016

Anais Do XXIV Simpósio Internacional De Engenharia Automotiva

View full text Add to dashboard Cite

Um dos dispositivos mais relevantes no sistema embarcado em seguimento automotivo pode ser atribuído a porta OBD (On-Board Diagnostic) que foi desenvolvido por volta de 1980 para controle e monitoramento de emissões de gases veiculares. Atualmente a versão é conhecida como OBD II entre as montadoras e suas variantes são adotadas em vários países. Com uma variedade de leituras de dados sobre o veículo que podem ser coletados com equipamentos e softwares específicos. Já versão que propõe a transmissão de dados é denominado como OBD III, podendo ser dotado com sensores, tais como, GPS (Global Positioning System), bússolas, giroscópios e acesso à Internet via WIFI (Wireless Fidelity) ou telefonia, abre uma grande possibilidade de recursos que podem ser implementados. Neste trabalho são apresentados os acessos de intrusos em computador a bordo automotivo em redes convencionais como CAN (Controller Area Network) acessado localmente ou remotamente. Sobre o uso da porta OBD com acesso à Internet foi pesquisada em bancos de dados de patentes onde se observa número crescente depósitos de patentes a cada ano. Sobre tendências e perspectivas, a versão OBD III poderá ser o próximo dispositivo em conjunto com computador central esta já consolidado na indústria automobilística poderá ser aplicado em sistemas automotivo autônomo. Atualmente, observa-se pesquisa e desenvolvimento na busca de interação: entre veículos V2V (Vehicle-to-vehicle), veículo-infraestrutura V2I ou V2X (Vehicle-to-Infrastructure), onde envolvem diversos recursos de protocolos de comunicação. O uso deste dispositivo pode gerar diversos tipos aplicativos e serviços, não somente ofertada pela montadora. No entanto, é importante elaborar sistema que garanta a questão da segurança computacional (Cyber Security).

show abstract

“…1) is used for prioritizing messages on the bus and avoids collisions by design. However, security issues were ignored during designing since people took it for granted that a vehicle would be a closed system [5], [6]. Unfortunately, messages are broadcast on the CAN bus, and external devices, such as onboard diagnostics readers, are able to access the CAN bus in modern vehicles.…”

Section: Introductionmentioning

confidence: 99%

Fast Stream Cipher based Chaos Neural Network for Data Security in CAN Bus

Liu¹,

Murakami²,

Kawamura³

et al. 2020

Adv. sci. technol. eng. syst. j.

View full text Add to dashboard Cite

Vehicle systems are controlled by embedded electronic devices called electronic control units (ECUs). These ECUs are connected together with network protocols. The Controller Area Network (CAN) protocol is widely implemented due to its high fault tolerance. However, the CAN is a serial broadcast bus, and it has no protection against security threats. In this paper, we propose a fast stream cipher based on a chaos neural network (CNN) that is able to generate pseudo-random numbers at a high speed, faster than that of the Advanced Encryption Standard, to protect ECUs on the CAN bus by encrypting CAN messages. We discuss the chaotic orbit of the CNN and statistical properties of pseudo-random numbers from the CNN. For a stream cipher, it is very important to share the symmetric key. We designed a symmetric key that is shared with ID-based encryption without the need to use digital certificates. We evaluated our method's performance with embedded boards and showed that the stream cipher is efficient for the embedded software of the ECU. Further, it does not need a hardware security module to accelerate the encryption.

show abstract

A System to Recognize Intruders in Controller Area Network (CAN)

Cited by 9 publications

References 2 publications

Security issues in controller area networks in automobiles

Security issues in controller area networks in automobiles

OBD-III: Tendências e Perspectivas

Fast Stream Cipher based Chaos Neural Network for Data Security in CAN Bus

Contact Info

Product

Resources

About