A practical security architecture for in-vehicle CAN-FD

Samuel Woo, Hyo Jin Jo, In-Seok Kim, Dong Hoon Lee

Research output: Contribution to journalArticle

26 Citations (Scopus)

Abstract

The controller area network with flexible data rate (CAN-FD) is attracting attention as the next generation of in-vehicle network technology. However, security issues have not been completely taken into account when designing CAN-FD, although every bit of information transmitted could be critical to driver safety. If we fail to solve the security vulnerabilities of CAN-FD, we cannot expect Vehicle-Information and Communications Technology (Vehicle-ICT) convergence to continue to develop. Fortunately, secure in-vehicle CAN-FD communication environments can be constructed using the larger data payload of CAN-FD. In this paper, we propose a security architecture for in-vehicle CAN-FD as a countermeasure (designed in accordance with CAN-FD specifications). We considered the characteristics of the International Organization for Standardization (ISO) 26262 Automotive Safety Integrity Level and the in-vehicle subnetwork to design a practical security architecture. We also evaluated the feasibility of the proposed security architecture using three kinds of microcontroller unit and the CANoe software. Our evaluation findings may be used as an indicator of the performance level of electronic control units for manufacturing next-generation vehicles.

Original languageEnglish
Article number7435304
Pages (from-to)2248-2261
Number of pages14
JournalIEEE Transactions on Intelligent Transportation Systems
Volume17
Issue number8
DOIs
Publication statusPublished - 2016 Aug 1

Fingerprint

Controllers
Communication
Microcontrollers
Standardization
Specifications

Keywords

  • ASIL
  • CAN-FD
  • Controller area network
  • in-vehicle network security
  • ISO 26262
  • key management

ASJC Scopus subject areas

  • Automotive Engineering
  • Mechanical Engineering
  • Computer Science Applications

Cite this

A practical security architecture for in-vehicle CAN-FD. / Woo, Samuel; Jo, Hyo Jin; Kim, In-Seok; Lee, Dong Hoon.

In: IEEE Transactions on Intelligent Transportation Systems, Vol. 17, No. 8, 7435304, 01.08.2016, p. 2248-2261.

Research output: Contribution to journalArticle

Woo, Samuel ; Jo, Hyo Jin ; Kim, In-Seok ; Lee, Dong Hoon. / A practical security architecture for in-vehicle CAN-FD. In: IEEE Transactions on Intelligent Transportation Systems. 2016 ; Vol. 17, No. 8. pp. 2248-2261.
@article{14446a6c61f6459aaaed2f28307ed8f0,
title = "A practical security architecture for in-vehicle CAN-FD",
abstract = "The controller area network with flexible data rate (CAN-FD) is attracting attention as the next generation of in-vehicle network technology. However, security issues have not been completely taken into account when designing CAN-FD, although every bit of information transmitted could be critical to driver safety. If we fail to solve the security vulnerabilities of CAN-FD, we cannot expect Vehicle-Information and Communications Technology (Vehicle-ICT) convergence to continue to develop. Fortunately, secure in-vehicle CAN-FD communication environments can be constructed using the larger data payload of CAN-FD. In this paper, we propose a security architecture for in-vehicle CAN-FD as a countermeasure (designed in accordance with CAN-FD specifications). We considered the characteristics of the International Organization for Standardization (ISO) 26262 Automotive Safety Integrity Level and the in-vehicle subnetwork to design a practical security architecture. We also evaluated the feasibility of the proposed security architecture using three kinds of microcontroller unit and the CANoe software. Our evaluation findings may be used as an indicator of the performance level of electronic control units for manufacturing next-generation vehicles.",
keywords = "ASIL, CAN-FD, Controller area network, in-vehicle network security, ISO 26262, key management",
author = "Samuel Woo and Jo, {Hyo Jin} and In-Seok Kim and Lee, {Dong Hoon}",
year = "2016",
month = "8",
day = "1",
doi = "10.1109/TITS.2016.2519464",
language = "English",
volume = "17",
pages = "2248--2261",
journal = "IEEE Transactions on Intelligent Transportation Systems",
issn = "1524-9050",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
number = "8",

}

TY - JOUR

T1 - A practical security architecture for in-vehicle CAN-FD

AU - Woo, Samuel

AU - Jo, Hyo Jin

AU - Kim, In-Seok

AU - Lee, Dong Hoon

PY - 2016/8/1

Y1 - 2016/8/1

N2 - The controller area network with flexible data rate (CAN-FD) is attracting attention as the next generation of in-vehicle network technology. However, security issues have not been completely taken into account when designing CAN-FD, although every bit of information transmitted could be critical to driver safety. If we fail to solve the security vulnerabilities of CAN-FD, we cannot expect Vehicle-Information and Communications Technology (Vehicle-ICT) convergence to continue to develop. Fortunately, secure in-vehicle CAN-FD communication environments can be constructed using the larger data payload of CAN-FD. In this paper, we propose a security architecture for in-vehicle CAN-FD as a countermeasure (designed in accordance with CAN-FD specifications). We considered the characteristics of the International Organization for Standardization (ISO) 26262 Automotive Safety Integrity Level and the in-vehicle subnetwork to design a practical security architecture. We also evaluated the feasibility of the proposed security architecture using three kinds of microcontroller unit and the CANoe software. Our evaluation findings may be used as an indicator of the performance level of electronic control units for manufacturing next-generation vehicles.

AB - The controller area network with flexible data rate (CAN-FD) is attracting attention as the next generation of in-vehicle network technology. However, security issues have not been completely taken into account when designing CAN-FD, although every bit of information transmitted could be critical to driver safety. If we fail to solve the security vulnerabilities of CAN-FD, we cannot expect Vehicle-Information and Communications Technology (Vehicle-ICT) convergence to continue to develop. Fortunately, secure in-vehicle CAN-FD communication environments can be constructed using the larger data payload of CAN-FD. In this paper, we propose a security architecture for in-vehicle CAN-FD as a countermeasure (designed in accordance with CAN-FD specifications). We considered the characteristics of the International Organization for Standardization (ISO) 26262 Automotive Safety Integrity Level and the in-vehicle subnetwork to design a practical security architecture. We also evaluated the feasibility of the proposed security architecture using three kinds of microcontroller unit and the CANoe software. Our evaluation findings may be used as an indicator of the performance level of electronic control units for manufacturing next-generation vehicles.

KW - ASIL

KW - CAN-FD

KW - Controller area network

KW - in-vehicle network security

KW - ISO 26262

KW - key management

UR - http://www.scopus.com/inward/record.url?scp=84961782619&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84961782619&partnerID=8YFLogxK

U2 - 10.1109/TITS.2016.2519464

DO - 10.1109/TITS.2016.2519464

M3 - Article

VL - 17

SP - 2248

EP - 2261

JO - IEEE Transactions on Intelligent Transportation Systems

JF - IEEE Transactions on Intelligent Transportation Systems

SN - 1524-9050

IS - 8

M1 - 7435304

ER -