Discovering CAN specification using On-Board Diagnostics

Hyun Min Song; Huy Kang Kim

doi:10.1109/MDAT.2020.3011036

Discovering CAN specification using On-Board Diagnostics

Hyun Min Song, Huy Kang Kim

Graduate School of Information Study

Research output: Contribution to journal › Article › peer-review

1 Citation (Scopus)

Abstract

Controller area network (CAN) is a de facto standard for in-vehicle network (IVN) that provides an efficient communication channel between electronic control units (ECUs). As the external connectivity of modern vehicles increase, concerns about cyber threats to in-vehicle networks are increasing. However, since global vehicle manufacturers do not release CAN specifications, it is difficult to know which CAN ID carries which vehicle parameter data and actually affects the operation of the vehicle. To solve this problem, this research proposes a method to discover CAN specification that related to major vehicle parameters using on-board diagnostics (OBD). The proposed algorithm is designed to analyze CAN bus messages by comparing with the OBD-II diagnostic responses to identify the CAN ID and their specific data field information that contains the same vehicle parameter data as the diagnostic responses. Experimental results performed on a real vehicle manufactured by a global car manufacturer show that the proposed algorithm can find CAN information related to major vehicle parameters including engine RPM, vehicle speed and throttle position and its effectiveness in vehicle security research.

Original language	English
Journal	IEEE Design and Test
DOIs	https://doi.org/10.1109/MDAT.2020.3011036
Publication status	Accepted/In press - 2020

Keywords

Automobiles
CAN Translation
Car Security
Controller Area Network
Data mining
Engines
In-vehicle networks
Payloads
Reverse Engineering
Reverse engineering
Security
Standards

ASJC Scopus subject areas

Software
Hardware and Architecture
Electrical and Electronic Engineering

Access to Document

10.1109/MDAT.2020.3011036

Fingerprint Dive into the research topics of 'Discovering CAN specification using On-Board Diagnostics'. Together they form a unique fingerprint.

Cite this

@article{75c19a8217b844bc8c46da4370177c2e,

title = "Discovering CAN specification using On-Board Diagnostics",

abstract = "Controller area network (CAN) is a de facto standard for in-vehicle network (IVN) that provides an efficient communication channel between electronic control units (ECUs). As the external connectivity of modern vehicles increase, concerns about cyber threats to in-vehicle networks are increasing. However, since global vehicle manufacturers do not release CAN specifications, it is difficult to know which CAN ID carries which vehicle parameter data and actually affects the operation of the vehicle. To solve this problem, this research proposes a method to discover CAN specification that related to major vehicle parameters using on-board diagnostics (OBD). The proposed algorithm is designed to analyze CAN bus messages by comparing with the OBD-II diagnostic responses to identify the CAN ID and their specific data field information that contains the same vehicle parameter data as the diagnostic responses. Experimental results performed on a real vehicle manufactured by a global car manufacturer show that the proposed algorithm can find CAN information related to major vehicle parameters including engine RPM, vehicle speed and throttle position and its effectiveness in vehicle security research.",

keywords = "Automobiles, CAN Translation, Car Security, Controller Area Network, Data mining, Engines, In-vehicle networks, Payloads, Reverse Engineering, Reverse engineering, Security, Standards",

author = "Song, {Hyun Min} and Kim, {Huy Kang}",

year = "2020",

doi = "10.1109/MDAT.2020.3011036",

language = "English",

journal = "IEEE Design and Test",

issn = "2168-2356",

publisher = "IEEE Computer Society",

}

TY - JOUR

T1 - Discovering CAN specification using On-Board Diagnostics

AU - Song, Hyun Min

AU - Kim, Huy Kang

PY - 2020

Y1 - 2020

N2 - Controller area network (CAN) is a de facto standard for in-vehicle network (IVN) that provides an efficient communication channel between electronic control units (ECUs). As the external connectivity of modern vehicles increase, concerns about cyber threats to in-vehicle networks are increasing. However, since global vehicle manufacturers do not release CAN specifications, it is difficult to know which CAN ID carries which vehicle parameter data and actually affects the operation of the vehicle. To solve this problem, this research proposes a method to discover CAN specification that related to major vehicle parameters using on-board diagnostics (OBD). The proposed algorithm is designed to analyze CAN bus messages by comparing with the OBD-II diagnostic responses to identify the CAN ID and their specific data field information that contains the same vehicle parameter data as the diagnostic responses. Experimental results performed on a real vehicle manufactured by a global car manufacturer show that the proposed algorithm can find CAN information related to major vehicle parameters including engine RPM, vehicle speed and throttle position and its effectiveness in vehicle security research.

AB - Controller area network (CAN) is a de facto standard for in-vehicle network (IVN) that provides an efficient communication channel between electronic control units (ECUs). As the external connectivity of modern vehicles increase, concerns about cyber threats to in-vehicle networks are increasing. However, since global vehicle manufacturers do not release CAN specifications, it is difficult to know which CAN ID carries which vehicle parameter data and actually affects the operation of the vehicle. To solve this problem, this research proposes a method to discover CAN specification that related to major vehicle parameters using on-board diagnostics (OBD). The proposed algorithm is designed to analyze CAN bus messages by comparing with the OBD-II diagnostic responses to identify the CAN ID and their specific data field information that contains the same vehicle parameter data as the diagnostic responses. Experimental results performed on a real vehicle manufactured by a global car manufacturer show that the proposed algorithm can find CAN information related to major vehicle parameters including engine RPM, vehicle speed and throttle position and its effectiveness in vehicle security research.

KW - Automobiles

KW - CAN Translation

KW - Car Security

KW - Controller Area Network

KW - Data mining

KW - Engines

KW - In-vehicle networks

KW - Payloads

KW - Reverse Engineering

KW - Reverse engineering

KW - Security

KW - Standards

UR - http://www.scopus.com/inward/record.url?scp=85089297161&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85089297161&partnerID=8YFLogxK

U2 - 10.1109/MDAT.2020.3011036

DO - 10.1109/MDAT.2020.3011036

M3 - Article

AN - SCOPUS:85089297161

JO - IEEE Design and Test

JF - IEEE Design and Test

SN - 2168-2356

ER -