A Practical Wireless Attack on the Connected Car and Security Protocol for In-Vehicle CAN
Top Cited Papers
- 8 September 2014
- journal article
- Published by Institute of Electrical and Electronics Engineers (IEEE) in IEEE Transactions on Intelligent Transportation Systems
- Vol. 16 (2), 1-14
- https://doi.org/10.1109/tits.2014.2351612
Abstract
Vehicle-IT convergence technology is a rapidly rising paradigm of modern vehicles, in which an electronic control unit (ECU) is used to control the vehicle electrical systems, and the controller area network (CAN), an in-vehicle network, is commonly used to construct an efficient network of ECUs. Unfortunately, security issues have not been treated properly in CAN, although CAN control messages could be life-critical. With the appearance of the connected car environment, in-vehicle networks (e.g., CAN) are now connected to external networks (e.g., 3G/4G mobile networks), enabling an adversary to perform a long-range wireless attack using CAN vulnerabilities. In this paper we show that a long-range wireless attack is physically possible using a real vehicle and malicious smartphone application in a connected car environment. We also propose a security protocol for CAN as a countermeasure designed in accordance with current CAN specifications. We evaluate the feasibility of the proposed security protocol using CANoe software and a DSP-F28335 microcontroller. Our results show that the proposed security protocol is more efficient than existing security protocols with respect to authentication delay and communication load.Keywords
Funding Information
- Next-Generation Information Computing Development Program
- National Research Foundation of Korea
- Ministry of Science, ICT and Future Planning (2010-0020726)
This publication has 16 references indexed in Scilit:
- Efficient Protocols for Secure Broadcast in Controller Area NetworksIEEE Transactions on Industrial Informatics, 2013
- Cyber-Security for the Controller Area Network (CAN) Communication ProtocolPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2012
- Car2X Communication: Securing the Last Meter - A Cost-Effective Approach for Ensuring Trust in Car2X Applications Using In-Vehicle Symmetric CryptographyPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2011
- Security aspects of the in-vehicle network in the connected carPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2011
- Efficient In-Vehicle Delayed Data Authentication Based on Compound Message Authentication CodesPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2008
- Multilane HMAC— Security beyond the Birthday LimitPublished by Springer Science and Business Media LLC ,2007
- State of the Art: Embedding Security in VehiclesEURASIP Journal on Embedded Systems, 2007
- Vehicle Applications of Controller Area NetworkPublished by Springer Science and Business Media LLC ,2005
- Minimum area cost for a 30 to 70 Gbits/s AES processorPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2004
- A highly regular and scalable aes hardware architectureInternational Conference on Acoustics, Speech, and Signal Processing (ICASSP), 2003