A Practical Wireless Attack on the Connected Car and Security Protocol for In-Vehicle CAN

Samuel Woo, Hyo Jin Jo, Dong Hoon Lee

Research output: Contribution to journalArticle

112 Citations (Scopus)

Abstract

Vehicle-IT convergence technology is a rapidly rising paradigm of modern vehicles, in which an electronic control unit (ECU) is used to control the vehicle electrical systems, and the controller area network (CAN), an in-vehicle network, is commonly used to construct an efficient network of ECUs. Unfortunately, security issues have not been treated properly in CAN, although CAN control messages could be life-critical. With the appearance of the connected car environment, in-vehicle networks (e.g., CAN) are now connected to external networks (e.g., 3G/4G mobile networks), enabling an adversary to perform a long-range wireless attack using CAN vulnerabilities. In this paper we show that a long-range wireless attack is physically possible using a real vehicle and malicious smartphone application in a connected car environment. We also propose a security protocol for CAN as a countermeasure designed in accordance with current CAN specifications. We evaluate the feasibility of the proposed security protocol using CANoe software and a DSP-F28335 microcontroller. Our results show that the proposed security protocol is more efficient than existing security protocols with respect to authentication delay and communication load.

Original languageEnglish
Article number6894181
Pages (from-to)993-1006
Number of pages14
JournalIEEE Transactions on Intelligent Transportation Systems
Volume16
Issue number2
DOIs
Publication statusPublished - 2015 Apr 1

Fingerprint

Railroad cars
Network protocols
Controllers
Smartphones
Microcontrollers
Authentication
Wireless networks
Specifications
Communication

Keywords

  • Connected car
  • controller area network (CAN)
  • in-vehicle network security
  • key management

ASJC Scopus subject areas

  • Automotive Engineering
  • Mechanical Engineering
  • Computer Science Applications

Cite this

A Practical Wireless Attack on the Connected Car and Security Protocol for In-Vehicle CAN. / Woo, Samuel; Jo, Hyo Jin; Lee, Dong Hoon.

In: IEEE Transactions on Intelligent Transportation Systems, Vol. 16, No. 2, 6894181, 01.04.2015, p. 993-1006.

Research output: Contribution to journalArticle

@article{c2e12b2e82b34d53b6c5d9e052c9d642,
title = "A Practical Wireless Attack on the Connected Car and Security Protocol for In-Vehicle CAN",
abstract = "Vehicle-IT convergence technology is a rapidly rising paradigm of modern vehicles, in which an electronic control unit (ECU) is used to control the vehicle electrical systems, and the controller area network (CAN), an in-vehicle network, is commonly used to construct an efficient network of ECUs. Unfortunately, security issues have not been treated properly in CAN, although CAN control messages could be life-critical. With the appearance of the connected car environment, in-vehicle networks (e.g., CAN) are now connected to external networks (e.g., 3G/4G mobile networks), enabling an adversary to perform a long-range wireless attack using CAN vulnerabilities. In this paper we show that a long-range wireless attack is physically possible using a real vehicle and malicious smartphone application in a connected car environment. We also propose a security protocol for CAN as a countermeasure designed in accordance with current CAN specifications. We evaluate the feasibility of the proposed security protocol using CANoe software and a DSP-F28335 microcontroller. Our results show that the proposed security protocol is more efficient than existing security protocols with respect to authentication delay and communication load.",
keywords = "Connected car, controller area network (CAN), in-vehicle network security, key management",
author = "Samuel Woo and Jo, {Hyo Jin} and Lee, {Dong Hoon}",
year = "2015",
month = "4",
day = "1",
doi = "10.1109/TITS.2014.2351612",
language = "English",
volume = "16",
pages = "993--1006",
journal = "IEEE Transactions on Intelligent Transportation Systems",
issn = "1524-9050",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
number = "2",

}

TY - JOUR

T1 - A Practical Wireless Attack on the Connected Car and Security Protocol for In-Vehicle CAN

AU - Woo, Samuel

AU - Jo, Hyo Jin

AU - Lee, Dong Hoon

PY - 2015/4/1

Y1 - 2015/4/1

N2 - Vehicle-IT convergence technology is a rapidly rising paradigm of modern vehicles, in which an electronic control unit (ECU) is used to control the vehicle electrical systems, and the controller area network (CAN), an in-vehicle network, is commonly used to construct an efficient network of ECUs. Unfortunately, security issues have not been treated properly in CAN, although CAN control messages could be life-critical. With the appearance of the connected car environment, in-vehicle networks (e.g., CAN) are now connected to external networks (e.g., 3G/4G mobile networks), enabling an adversary to perform a long-range wireless attack using CAN vulnerabilities. In this paper we show that a long-range wireless attack is physically possible using a real vehicle and malicious smartphone application in a connected car environment. We also propose a security protocol for CAN as a countermeasure designed in accordance with current CAN specifications. We evaluate the feasibility of the proposed security protocol using CANoe software and a DSP-F28335 microcontroller. Our results show that the proposed security protocol is more efficient than existing security protocols with respect to authentication delay and communication load.

AB - Vehicle-IT convergence technology is a rapidly rising paradigm of modern vehicles, in which an electronic control unit (ECU) is used to control the vehicle electrical systems, and the controller area network (CAN), an in-vehicle network, is commonly used to construct an efficient network of ECUs. Unfortunately, security issues have not been treated properly in CAN, although CAN control messages could be life-critical. With the appearance of the connected car environment, in-vehicle networks (e.g., CAN) are now connected to external networks (e.g., 3G/4G mobile networks), enabling an adversary to perform a long-range wireless attack using CAN vulnerabilities. In this paper we show that a long-range wireless attack is physically possible using a real vehicle and malicious smartphone application in a connected car environment. We also propose a security protocol for CAN as a countermeasure designed in accordance with current CAN specifications. We evaluate the feasibility of the proposed security protocol using CANoe software and a DSP-F28335 microcontroller. Our results show that the proposed security protocol is more efficient than existing security protocols with respect to authentication delay and communication load.

KW - Connected car

KW - controller area network (CAN)

KW - in-vehicle network security

KW - key management

UR - http://www.scopus.com/inward/record.url?scp=85027931391&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85027931391&partnerID=8YFLogxK

U2 - 10.1109/TITS.2014.2351612

DO - 10.1109/TITS.2014.2351612

M3 - Article

AN - SCOPUS:85027931391

VL - 16

SP - 993

EP - 1006

JO - IEEE Transactions on Intelligent Transportation Systems

JF - IEEE Transactions on Intelligent Transportation Systems

SN - 1524-9050

IS - 2

M1 - 6894181

ER -