A Scalable Security Protocol for Intravehicular Controller Area Network

Security and Communication Networks ◽

10.1155/2021/2314520 ◽

2021 ◽

Vol 2021 ◽

pp. 1-13

Author(s):

Zi-An Zhao ◽

Yu Sun ◽

Dawei Li ◽

Jian Cui ◽

Zhenyu Guan ◽

...

Keyword(s):

Secure Communication ◽

Large Scale ◽

Controller Area Network ◽

Security Protocol ◽

Area Network ◽

Computation Efficiency ◽

Control Units ◽

Security Properties ◽

New Type ◽

Wireless Interfaces

Intravehicular communication relies on controller area network (CAN) protocol to deliver messages and instructions among different electronic control units (ECU). Unfortunately, inherent defects in CAN include the absence of confidentiality and integrity mechanism, enabling adversaries to launch attacks from wired or wireless interfaces. Although various CAN cryptographic protocols have been proposed for entity authentication and secure communication, the redundancy in the key establishment phase weakens their availability in large-scale CAN. In this paper, we propose a scalable security protocol suite for intravehicular networks and reduce the communication costs significantly. A new type of attack, suspension attack, is identified for the existing protocols and mitigated in our protocol by leveraging a global counter scheme. We formally verify the security properties of the proposed protocol suite through the AVISPA tool. The simulation results indicate that the communication and computation efficiency are improved in our protocol.

Download Full-text

Hybrid FlexRay/CAN Automotive Networks

Embedded Computing Systems ◽

10.4018/978-1-4666-3922-5.ch016 ◽

2013 ◽

pp. 323-342

Author(s):

Rodrigo Lange ◽

Rômulo Silva de Oliveira

Keyword(s):

Communication Networks ◽

Exponential Growth ◽

Information Exchange ◽

Controller Area Network ◽

Area Network ◽

Vehicular Communication ◽

Control Units ◽

Vehicular Communication Networks ◽

Automotive Networks ◽

Embedded Applications

In recent years, the automotive industry has witnessed an exponential growth in the number of vehicular embedded applications, leading to the adoption of distributed implementations for systems in the powertrain and chassis domains. The Controller Area Network (CAN) protocol has been a de facto standard for intra-vehicular communications, while the FlexRay Communication System is being promoted as the future de facto standard for network interconnections of applications related to X-by-wire systems. Due to the characteristics of CAN and FlexRay, the coexistence of both protocols in the same vehicle is expected, leading to the use of gateways to manage the information exchange between electronic control units connected to different network segments. This chapter describes the main characteristics of CAN and FlexRay protocols, surveying the literature addressing schedulability and time analysis in both FlexRay and CAN protocols. The chapter also outlines the state-of-the-art in research about gateways for intra-vehicular communication networks.

Download Full-text

Development of Automatic Verification Environment for In-Vehicle Controller Area Network

International Journal on Recent and Innovation Trends in Computing and Communication ◽

10.17762/ijritcc.v7i5.5298 ◽

2019 ◽

Vol 7 (5) ◽

pp. 05-10

Author(s):

Tain-Lieng Kao ◽

San-Yuan Wang ◽

Ming-Hua Wu

Keyword(s):

High Performance ◽

Controller Area Network ◽

Automatic Verification ◽

Area Network ◽

Automotive Systems ◽

Control Units ◽

Management Function ◽

Vehicle Networks ◽

Verification Process ◽

Autopilot Systems

Due to the development of modern techniques, in the recent years, electronic vehicles and autopilot systems have beensignificant emerged in automobile and IT industrial. This leads the electronics automotive systems and auto-control systems consistedof a lot of high performance Electronic Control Units(ECUs) connected by controller area network (CAN). For realizing morecomplicated design in ECUs, this work integrates real-time OS and network management function. The results improve the CANbusnodes' designing level to as a gateway to interconnect CANbus nodes. As the number of CANbus nodes increase, the verification processis more and more complicated and takes much time. For speeding up the verification process, this work uses CANoe package toprogram the testing script for automotive verification environment. Then the engineer can connect the testing device by CAN to theenvironment for automatic verification. The engineer can define the network messages of the CANbus nodes and tune the design asthe validating progress. The testing results present as XML format and can be transferred to HTML pages for readability. Hence, thiswork realizes an automatic verification environment for CANbus in-vehicle networks.

Download Full-text

Development of a new calibration and monitoring system for in-vehicle electronic control units based on controller area network calibration protocol

Proceedings of the Institution of Mechanical Engineers Part D Journal of Automobile Engineering ◽

10.1243/095440705x35044 ◽

2005 ◽

Vol 219 (12) ◽

pp. 1381-1389 ◽

Cited By ~ 5

Author(s):

J-X Wang ◽

J Feng ◽

X-J Mao ◽

L Yang ◽

B Zhou

Keyword(s):

Real Time ◽

Monitoring System ◽

Monitoring Program ◽

Controller Area Network ◽

Present System ◽

Area Network ◽

Electronic Control ◽

Control Units ◽

Calibration Protocol ◽

Calibration Program

An interactive user-friendly calibration and monitoring system is critical for the development of electronic control units (ECU). In this study, a controller area network (CAN) driver, CAN calibration protocol (CCP) driver, monitoring program, and calibration program in the ECU were designed with the assembly language. The inquiry mode was used in monitoring the program and the interrupt mode was used in the calibration program, which ensured the real-time, simultaneous communication and interruption for the main control program. Mirror memory and the random access memory (RAM) calibration technique were used to reduce the write and read accesses to ECU, and, with the mapping of calibration RAM, calibration parameters could be changed online and used instantly. An efficient database management was used to achieve an accurate dynamic link between PC and ECU. The present system provides reliable, accurate, and quick CAN communication between ECU and PC, with a baud rate up to 500K bit/s. It also provides a friendly, compatible, and flexible calibration interface, and the functions of online calibration and real-time monitoring. This system has been used successfully in high-pressure, common rail, electronically controlled diesel engines and pure electrical vehicles (after a small modification).

Download Full-text

Collecting Big Data from Automotive ECUs beyond the CAN Bandwidth for Fault Visualization

Mobile Information Systems ◽

10.1155/2017/4395070 ◽

2017 ◽

Vol 2017 ◽

pp. 1-13 ◽

Cited By ~ 2

Author(s):

Jeong-Woo Lee ◽

Ki-Yong Choi ◽

Jung-Won Lee

Keyword(s):

Big Data ◽

Controller Area Network ◽

Area Network ◽

Cumulative Number ◽

Hardware In The Loop ◽

Electronic Control ◽

Automotive Electronic ◽

Control Units ◽

Multiple Regions

A hardware-in-the-loop (HiL) test is performed to verify the software functions mounted on automotive electronic control units (ECUs). However, the characteristics of HiL test limit the usage of common debugging techniques. Meanwhile, the logs of how the program uses memory can be utilized as debugging information collected by the controller area network (CAN). However, when the 32 KB memory is observed with 10 ms period, about 96% of the data on each cycle is lost, since the CAN only can transfer 1.25 KB of data at each cycle. Therefore, to overcome the above limitations, in this study, the memory is divided into multiple regions to transmit generated data via CAN. Next, the simulation is repeated for the each divided regions to obtain the different areas in each simulation. The collected data can be visualized as update information in each cycle and the cumulative number of updates. Through the proposed method, the ECU memory information during the HiL test was successfully collected using the CAN; the transmission is completed without any loss of data. In addition, the data was visualized in images containing the update information of the memory. These images contribute to shortening the debugging time for developers and testers.

Download Full-text

CA-CRE: Classification Algorithm-Based Controller Area Network Payload Format Reverse-Engineering Method

Electronics ◽

10.3390/electronics10192442 ◽

2021 ◽

Vol 10 (19) ◽

pp. 2442

Author(s):

Cheongmin Ji ◽

Taehyoung Ko ◽

Manpyo Hong

Keyword(s):

Reverse Engineering ◽

Controller Area Network ◽

Third Party ◽

Area Network ◽

Electronic Control ◽

Plain Text ◽

Security Research ◽

Control Units ◽

Vehicle Networks ◽

Gain Access

In vehicles, dozens of electronic control units are connected to one or more controller area network (CAN) buses to exchange information and send commands related to the physical system of the vehicles. Furthermore, modern vehicles are connected to the Internet via telematics control units (TCUs). This leads to an attack vector in which attackers can control vehicles remotely once they gain access to in-vehicle networks (IVNs) and can discover the formats of important messages. Although the format information is kept secret by car manufacturers, CAN is vulnerable, since payloads are transmitted in plain text. In contrast, the secrecy of message formats inhibits IVN security research by third-party researchers. It also hinders effective security tests for in-vehicle networks as performed by evaluation authorities. To mitigate this problem, a method of reverse-engineering CAN payload formats is proposed. The method utilizes classification algorithms to predict signal boundaries from CAN payloads. Several features were uniquely chosen and devised to quantify the type-specific characteristics of signals. The method is evaluated on real-world and synthetic CAN traces, and the results show that our method can predict at least 10% more signal boundaries than the existing methods.

Download Full-text

Advanced Temperature-Varied ECU Fingerprints for Source Identification and Intrusion Detection in Controller Area Networks

Security and Communication Networks ◽

10.1155/2020/8834845 ◽

2020 ◽

Vol 2020 ◽

pp. 1-17

Author(s):

Miaoqing Tian ◽

Ruobing Jiang ◽

Haipeng Qu ◽

Qian Lu ◽

Xiaoyun Zhou

Keyword(s):

Intrusion Detection ◽

Source Identification ◽

Experimental Studies ◽

Physical Feature ◽

Area Network ◽

Temperature Changes ◽

Controller Area Networks ◽

Control Units ◽

And Performance ◽

Wireless Interfaces

External wireless interfaces and the lack of security design of controller area network (CAN) standards make it vulnerable to CAN-targeting attacks. Unfortunately, various defense solutions have been proposed merely to detect CAN intrusion attacks, while only a few works are devoted to intrusion source identification. Demonstrated by our experimental studies, the most advanced IDS with intrusion source identification, which is based on the physical feature fingerprints of the in-vehicle Electronic Control Units (ECUs), will fail when the temperature changes. In this paper, we innovatively propose temperature-varied fingerprinting, called TVF, for CAN intrusion detection and intrusion source identification. Motivated by the remarkable observation that the physical feature of an ECU, i.e., its clock offset, changes linearly with the temperature of ECUs, the concept of temperature-varied fingerprints is proposed. Then, for a severe intrusion case, we provide an advanced TVF for further supplemented and expanded. The proposed advanced temperature-varied fingerprinting is implemented, and extensive performance evaluation experiments are conducted in both CAN bus prototype and real vehicles. The experimental results illustrate the effectiveness and performance of advanced TVF.

Download Full-text

Fortifying Vehicular Security through Low Overhead Physically Unclonable Functions

ACM Journal on Emerging Technologies in Computing Systems ◽

10.1145/3442443 ◽

2022 ◽

Vol 18 (1) ◽

pp. 1-18

Author(s):

Carson Labrado ◽

Himanshu Thapliyal ◽

Saraju P. Mohanty

Keyword(s):

Secure Communication ◽

Area Network ◽

Critical Systems ◽

Smart Vehicles ◽

Physically Unclonable Functions ◽

Control Units ◽

Efficient Communication ◽

Security Operations ◽

The Individual ◽

Gain Access

Within vehicles, the Controller Area Network (CAN) allows efficient communication between the electronic control units (ECUs) responsible for controlling the various subsystems. The CAN protocol was not designed to include much support for secure communication. The fact that so many critical systems can be accessed through an insecure communication network presents a major security concern. Adding security features to CAN is difficult due to the limited resources available to the individual ECUs and the costs that would be associated with adding the necessary hardware to support any additional security operations without overly degrading the performance of standard communication. Replacing the protocol is another option, but it is subject to many of the same problems. The lack of security becomes even more concerning as vehicles continue to adopt smart features. Smart vehicles have a multitude of communication interfaces an attacker could exploit to gain access to the networks. In this work, we propose a security framework that is based on physically unclonable functions (PUFs) and lightweight cryptography (LWC). The framework does not require any modification to the standard CAN protocol while also minimizing the amount of additional message overhead required for its operation. The improvements in our proposed framework result in major reduction in the number of CAN frames that must be sent during operation. For a system with 20 ECUs, for example, our proposed framework only requires 6.5% of the number of CAN frames that is required by the existing approach to successfully authenticate every ECU.

Download Full-text

Group authentication and key distribution for sensors in wireless body area network

International Journal of Distributed Sensor Networks ◽

10.1177/15501477211044338 ◽

2021 ◽

Vol 17 (9) ◽

pp. 155014772110443

Author(s):

Yong Ding ◽

Hui Xu ◽

Meng Zhao ◽

Hai Liang ◽

Yujue Wang

Keyword(s):

Secure Communication ◽

Mutual Authentication ◽

Wireless Body Area Network ◽

Key Distribution ◽

Experimental Comparison ◽

Body Area Network ◽

Area Network ◽

Body Area ◽

Computation Efficiency ◽

Group Authentication

Wireless body area network can be employed to collect patient’s electronic health data. To guarantee the reliability and confidentiality of the collected data, secure data transmission in wireless body area network is required. In wireless body area network, a mutual authentication process has to be carried out between the controller and sensors to ensure their legitimacy, and a key distribution mechanism is required to secure communication after successful mutual authentication. Li et al. proposed a cryptographic solution, which allows group device pairing authentication and key agreement but has low authentication efficiency and key leakage problems. To address these issues, a group authentication and key distribution scheme is proposed in this article. It enables effectively mutual authentication between controller and sensors, supports all signatures of sensors in the group to be checked by the controller through aggregation verification to achieve efficient authentication, and allows key distribution during authentication to improve the computation efficiency. Security analysis indicates that the proposed scheme enjoys existentially unforgeability, and theoretical and experimental comparison demonstrates its practicality in terms of computation and communication cost.

Download Full-text