Nowadays with the help of advanced technology, modern vehicles are not only made up of mechanical devices
but also consist of highly complex electronic devices and connections to the outside world. There are around 70 Electronic
Control Units (ECUs) in modern vehicle which are communicating with each other over the standard communication
protocol known as Controller Area Network (CAN-Bus) that provides the communication rate up to 1Mbps. There are
different types of in-vehicle network protocol and bus system namely Controlled Area Network (CAN), Local
Interconnected Network (LIN), Media Oriented System Transport (MOST), and FlexRay. Even though CAN-Bus is
considered as de-facto standard for in-vehicle network communication, it inherently lacks the fundamental security
features by design like message authentication. This security limitation has paved the way for adversaries to penetrate
into the vehicle network and do malicious activities which can pose a dangerous situation for both driver and passengers.
In particular, nowadays vehicular networks are not only closed systems, but also they are open to different external
interfaces namely Bluetooth, GPS, to the outside world. Therefore, it creates new opportunities for attackers to remotely
take full control of the vehicle. The objective of this research is to survey the current limitations of CAN-Bus protocol in
terms of secure communication and different solutions that researchers in the society of automotive have provided to
overcome the CAN-Bus limitation on different layers.
Omid Avatefipour : is currently pursuing his
Master’s program in Computer Engineering at
University of Michigan-Dearborn. His research
interests include in-vehicle network
communication protocol security, Embedded
Systems, Data mining, Intelligent Control
systems and Robotics. He has work experience
at Vector CANTech company as Embedded Software Engineer and at Valeo North Amercia company as System
Software Engineering in Advanced Engineering Research &
Development department. He has also worked as researcher in
Information System, Security, and Forensics (ISSF) laboratory at
Department of Electrical and Computer Engineering (ECE),
University of Michigan – Dearborn. Additionally, he was working as
primary researcher in the laboratory of Control and Robotics at
institute of Advanced Science and Technology, IRAN SSP Research
& Development center.
Hafiz Malik : is Associate Processor in the
Electrical and Computer Engineering (ECE)
Department at University of Michigan –
Dearborn. His research in
cybersecurity, multimedia forensics,
information security, wireless sensor networks,
steganography/steganalysis, pattern recognition,
information fusion, and biometric security is
funded by the National Academies, National
Science Foundation and other agencies. He has
published more than 70 papers in leading journals, conferences, and
workshops. He is serving as Associate Editor for the IEEE
Transactions on Information Forensics and Security since August
2014 and for the Springer Journal of Signal, Image, and Video
Processing (SIVP) May 2013 – present. He is also on the Review
Board Committee of IEEE Technical Committee on Multimedia
Communications (MMTC). He organized Special Track on Doctoral
Dissertation in Multimedia, in the 6th IEEE International Symposium
on Multimedia (ISM) 2006. He is also organizing a special session on
“Data Mining in Industrial Applications” within the IEEE Symposium
Series on Computational Intelligence (IEEE SSCI) 2013. He is
serving as vice chair of IEEE SEM, Chapter 16 since 2011. He is
also serving on several technical program committees, including the
IEEE AVSS, ICME ICIP, MINES, ISPA, CCNC, ICASSP, and ICC.
He is a senior IEEE member.
In this study, in-vehicle network communication protocol
CAN-Bus and its corresponding vulnerabilities are introduced. Several researchers have performed to show
its corresponding weaknesses in terms of penetrations to
the network. Although some researchers proposed security
solutions for the current protocol, most of the work in this
area are carried out to introduce the current problems and
their solutions are not comprehensive. Developing
security solution in physical layer security would have
more merits compared to transfer layer because one of the
challenges for developing security mechanism in the
transfer layer (applying message authentication code) is
the limitation of computational power and memory of the
microcontrollers which could be insufficient to develop a
cryptographic algorithm for CAN-Bus in real-time
environment.
[1] CAN-Bus Specifications Rep. Robert Bosch GmbH.
Postfach 50, D-7000. Stuttgart 1Print.
[2] Kaiser, J., & Mock, M. (1999). Implementing the realtime
publisher/subscriber model on the controller area
network (CAN). In Object-Oriented Real-Time
Distributed Computing, 1999.(ISORC'99) Proceedings.
2nd IEEE International Symposium on (pp. 172-181).
IEEE.
[3] Hafeez, A., Malik, H., Avatefipour, O., Rongali, P. et
al., "Comparative Study of CAN-Bus and FlexRay
Protocols for In-Vehicle Communication," SAE
Technical Paper 2017-01-0017, 2017.
[4] Corrigan, Steve. Introduction to the Controller Area
Network (CAN). Rep. Texas Instrument. Print.
[5] Farsi, M., Ratcliff, K., & Barbosa, M. (1999). An
overview of controller area network. Computing &
Control Engineering Journal, 10(3), 113-120.
[6] Hesse, Scott, William Nicolay, Hugh Adamson, and
John McDermid. "Can bus router for building
automation systems." U.S. Patent Application
11/216,685, filed August 31, 2005.
[7] Ran, P., Wang, B., & Wang, W. (2008, April). The
design of communication convertor based on CAN bus. In Industrial Technology, 2008. ICIT 2008. IEEE
International Conference on (pp. 1-5). IEEE.
[8] Shavit, M., Gryc, A., & Miucic, R. (2007). Firmware
update over the air (FOTA) for automotive industry (No.
2007-01-3523). SAE Technical Paper.
[9] Tindell, K., & Burns, A. (1994, September).
Guaranteeing message latencies on control area
network (CAN). In Proceedings of the 1st International
CAN Conference. Citeseer.
[10] Stallings, W., & Tahiliani, M. P. (2014). Cryptography
and network security: principles and practice (Vol. 6).
London: Pearson.
[11] Nilsson, D. K., Larson, U. E., Picasso, F., & Jonsson, E.
(2009). A first simulation of attacks in the automotive
network communications protocol flexray.
In Proceedings of the International Workshop on
Computational Intelligence in Security for Information
Systems CISIS’08 (pp. 84-91). Springer, Berlin,
Heidelberg.
[12] Lin, C. W., & Sangiovanni-Vincentelli, A. (2012,
December). Cyber-security for the Controller Area
Network (CAN) communication protocol. In Cyber
Security (CyberSecurity), 2012 International
Conference on (pp. 1-7). IEEE.
[13] Khalilian, A., Sahamijoo, G., Avatefipour, O., Piltan, F.,
& Nasrabad, M. R. S. (2014). Design high efficiencyminimum
rule base PID like fuzzy computed torque
controller. International Journal of Information
Technology and Computer Science (IJITCS), 6(7), 77.
[14] Khalilian, A., Piltan, F., Avatefipour, O., Nasrabad, M.
R. S., & Sahamijoo, G. (2014). Design New Online
Tuning Intelligent Chattering Free Fuzzy
Compensator. International Journal of Intelligent
Systems and Applications, 6(9), 75.
[15] Sahamijoo, G., Avatefipour, O., Nasrabad, M. R. S.,
Taghavi, M., & Piltan, F. (2015). Research on
minimum intelligent unit for flexible
robot. International Journal of Advanced Science and
Technology, 80, 79-104.
[16] Sinclair, C., Pierce, L., & Matzner, S. (1999). An
application of machine learning to network intrusion
detection. In Computer Security Applications
Conference, 1999.(ACSAC'99) Proceedings. 15th
Annual (pp. 371-377). IEEE.
[17] Avatefipour, O., Hafeez, A., Tayyab, M., & Malik, H.
(2017). Linking Received Packet to the Transmitter
Through Physical-Fingerprinting of Controller Area
Network . Information Forensics and Security (WIFS
Conference, Rennes, France.
[18] Shon, T., Kim, Y., Lee, C., & Moon, J. (2005, June). A
machine learning framework for network anomaly
detection using SVM and GA. In Information
Assurance Workshop, 2005. IAW'05. Proceedings from
the Sixth Annual IEEE SMC (pp. 176-183). IEEE.
[19] Mokhtar, M., Piltan, F., Mirshekari, M., Khalilian, A.,
& Avatefipour, O. (2014). Design minimum rule-base
fuzzy inference nonlinear controller for second order
nonlinear system. International Journal of Intelligent
Systems and Applications, 6(7), 79.
[20] Avatefipour, O., Piltan, F., Nasrabad, M. R. S.,
Sahamijoo, G., & Khalilian, A. (2014). Design New
Robust Self Tuning Fuzzy Backstopping
Methodology. International Journal of Information
Engineering and Electronic Business, 6(1), 49.
[21] Shahcheraghi, A., Piltan, F., Mokhtar, M., Avatefipour,
O., & Khalilian, A. (2014). Design a Novel SISO Offline
Tuning of Modified PID Fuzzy Sliding Mode
Controller. International Journal of Information
Technology and Computer Science (IJITCS), 6(2), 72.
[22] Ramadan, M. N., Al-Khedher, M. A., & Al-Kheder, S.
A. (2012). Intelligent anti-theft and tracking system for
automobiles. International Journal of Machine Learning
and Computing, 2(1), 83.
[23] Müter, M., & Asaj, N. (2011, June). Entropy-based
anomaly detection for in-vehicle networks. In Intelligent
Vehicles Symposium (IV), 2011 IEEE (pp. 1110-1115).
IEEE.
[24] Müter, M., Groll, A., & Freiling, F. C. (2010, August).
A structured approach to anomaly detection for invehicle
networks. In Information Assurance and
Security (IAS), 2010 Sixth International Conference
on (pp. 92-98). IEEE.[25] Narayanan, S. N., Mittal, S., & Joshi, A. (2015). Using
data analytics to detect anomalous states in
vehicles. arXiv preprint arXiv:1512.08048.
[26] Cho, Kyong-Tak, and Kang G. Shin. "Fingerprinting
electronic control units for vehicle intrusion
detection." 25th USENIX Security Symposium
(USENIX Security 16). USENIX Association, 2016.
[27] Q. Wang and S. Sawhney, "VeCure: A practical
security framework to protect the CAN bus of
vehicles," 2014 International Conference on the
Internet of Things (IOT), Cambridge, MA, 2014, pp.13-
18.doi: 10.1109/IOT.2014.7030108
[28] Experimental security analysis of a modern automobile
K Koscher, A Czeskis, F Roesner, S Patel, T Kohno -
2010 IEEE Symposium on Security and Privacy, 2010
[29] Eisenbarth, T. Kasper, A. Moradi, C. Paar, M.
Salmasizadeh and M. Manzuri Shalmani. On the
power of power analysis in the real world: A complete
break of the KeeLoq code hopping scheme. In D.
Wagner, editor, Proceedings of Crypto 2008, volume
5157 of LNCS, pages 203–20. Springer-Verlag, Aug.
2008.[30] Hoppe, T., Kiltz, S., & Dittmann, J. (2008). Security
threats to automotive CAN networks–practical
examples and selected short-term
countermeasures. Computer Safety, Reliability, and
Security, 235-248.
