Ensuring Safety and Security in CAN-Based Automotive Embedded Systems: A Combination of Design Optimization and Secure Communication

Hyeran Mun; Kyusuk Han; Dong Hoon Lee

doi:10.1109/TVT.2020.2989808

Ensuring Safety and Security in CAN-Based Automotive Embedded Systems: A Combination of Design Optimization and Secure Communication

Hyeran Mun, Kyusuk Han, Dong Hoon Lee

School of Cybersecurity

Research output: Contribution to journal › Article › peer-review

21 Citations (Scopus)

Abstract

As automotive embedded systems comprised of electronic control units (ECUs) connected via a controller area network (CAN) have continued to develop, the volume of information these systems are required to handle has also rapidly increased. Cyber attacks targeting vulnerable points of automotive embedded systems in particular are on the rise to hinder normal operation of a vehicle. However, adding security mechanisms to defend against attacks cannot neglect timing requirements in terms of vehicle safety. This is because it may lead to a violation of automobile safety. In short, both sides of this issue must be addressed from the outset of the system design stage to provide optimal security and safety. As a response to this pressing issue, we propose a novel and efficient scheme. The design optimization during the system design phase not only ensures all the real-time applications are executed within their deadline but also reduces the number of transmitted messages over the CAN bus. After optimization, we apply a hash message authentication code (HMAC) to specific messages, providing secure communication between ECUs and protecting against cyber attacks. Security analysis and experimental results prove that the proposed scheme can counter attacks on the CAN bus while meeting timing requirements. Therefore, our proposed scheme is effective in satisfying improvement of both safety and security.

Original language	English
Article number	9076873
Pages (from-to)	7078-7091
Number of pages	14
Journal	IEEE Transactions on Vehicular Technology
Volume	69
Issue number	7
DOIs	https://doi.org/10.1109/TVT.2020.2989808
Publication status	Published - 2020 Jul

Keywords

In-vehicle network
authentication
controller area network (CAN)
electronic control unit (ECU)
optimization of task allocation
safety
security

ASJC Scopus subject areas

Automotive Engineering
Aerospace Engineering
Electrical and Electronic Engineering
Applied Mathematics

Access to Document

10.1109/TVT.2020.2989808

Cite this

@article{c68b7e31579c431e97b2cc1b96285b1b,

title = "Ensuring Safety and Security in CAN-Based Automotive Embedded Systems: A Combination of Design Optimization and Secure Communication",

abstract = "As automotive embedded systems comprised of electronic control units (ECUs) connected via a controller area network (CAN) have continued to develop, the volume of information these systems are required to handle has also rapidly increased. Cyber attacks targeting vulnerable points of automotive embedded systems in particular are on the rise to hinder normal operation of a vehicle. However, adding security mechanisms to defend against attacks cannot neglect timing requirements in terms of vehicle safety. This is because it may lead to a violation of automobile safety. In short, both sides of this issue must be addressed from the outset of the system design stage to provide optimal security and safety. As a response to this pressing issue, we propose a novel and efficient scheme. The design optimization during the system design phase not only ensures all the real-time applications are executed within their deadline but also reduces the number of transmitted messages over the CAN bus. After optimization, we apply a hash message authentication code (HMAC) to specific messages, providing secure communication between ECUs and protecting against cyber attacks. Security analysis and experimental results prove that the proposed scheme can counter attacks on the CAN bus while meeting timing requirements. Therefore, our proposed scheme is effective in satisfying improvement of both safety and security.",

keywords = "In-vehicle network, authentication, controller area network (CAN), electronic control unit (ECU), optimization of task allocation, safety, security",

author = "Hyeran Mun and Kyusuk Han and Lee, {Dong Hoon}",

note = "Funding Information: Manuscript received April 9, 2019; revised August 14, 2019, September 24, 2019, and February 5, 2020; accepted April 7, 2020. Date of publication April 23, 2020; date of current version July 16, 2020. This work was supported in part by the Korea Agency for Infrastructure Technology Advancement and in part by the Ministry of Land, Infrastructure and Transport under Grant 20TLRP-B152761-02. The review of this article was coordinated by Dr. M. Kisacikoglu. (Corresponding author: Dong Hoon Lee.) Hyeran Mun and Dong Hoon Lee are with the Graduate School of Information Security, Korea University in Seoul, Seoul 02841, South Korea (e-mail: smartran@korea.ac.kr; donghlee@korea.ac.kr). Publisher Copyright: {\textcopyright} 1967-2012 IEEE.",

year = "2020",

month = jul,

doi = "10.1109/TVT.2020.2989808",

language = "English",

volume = "69",

pages = "7078--7091",

journal = "IEEE Transactions on Vehicular Technology",

issn = "0018-9545",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

number = "7",

}

TY - JOUR

T1 - Ensuring Safety and Security in CAN-Based Automotive Embedded Systems

T2 - A Combination of Design Optimization and Secure Communication

AU - Mun, Hyeran

AU - Han, Kyusuk

AU - Lee, Dong Hoon

N1 - Funding Information: Manuscript received April 9, 2019; revised August 14, 2019, September 24, 2019, and February 5, 2020; accepted April 7, 2020. Date of publication April 23, 2020; date of current version July 16, 2020. This work was supported in part by the Korea Agency for Infrastructure Technology Advancement and in part by the Ministry of Land, Infrastructure and Transport under Grant 20TLRP-B152761-02. The review of this article was coordinated by Dr. M. Kisacikoglu. (Corresponding author: Dong Hoon Lee.) Hyeran Mun and Dong Hoon Lee are with the Graduate School of Information Security, Korea University in Seoul, Seoul 02841, South Korea (e-mail: smartran@korea.ac.kr; donghlee@korea.ac.kr). Publisher Copyright: © 1967-2012 IEEE.

PY - 2020/7

Y1 - 2020/7

N2 - As automotive embedded systems comprised of electronic control units (ECUs) connected via a controller area network (CAN) have continued to develop, the volume of information these systems are required to handle has also rapidly increased. Cyber attacks targeting vulnerable points of automotive embedded systems in particular are on the rise to hinder normal operation of a vehicle. However, adding security mechanisms to defend against attacks cannot neglect timing requirements in terms of vehicle safety. This is because it may lead to a violation of automobile safety. In short, both sides of this issue must be addressed from the outset of the system design stage to provide optimal security and safety. As a response to this pressing issue, we propose a novel and efficient scheme. The design optimization during the system design phase not only ensures all the real-time applications are executed within their deadline but also reduces the number of transmitted messages over the CAN bus. After optimization, we apply a hash message authentication code (HMAC) to specific messages, providing secure communication between ECUs and protecting against cyber attacks. Security analysis and experimental results prove that the proposed scheme can counter attacks on the CAN bus while meeting timing requirements. Therefore, our proposed scheme is effective in satisfying improvement of both safety and security.

AB - As automotive embedded systems comprised of electronic control units (ECUs) connected via a controller area network (CAN) have continued to develop, the volume of information these systems are required to handle has also rapidly increased. Cyber attacks targeting vulnerable points of automotive embedded systems in particular are on the rise to hinder normal operation of a vehicle. However, adding security mechanisms to defend against attacks cannot neglect timing requirements in terms of vehicle safety. This is because it may lead to a violation of automobile safety. In short, both sides of this issue must be addressed from the outset of the system design stage to provide optimal security and safety. As a response to this pressing issue, we propose a novel and efficient scheme. The design optimization during the system design phase not only ensures all the real-time applications are executed within their deadline but also reduces the number of transmitted messages over the CAN bus. After optimization, we apply a hash message authentication code (HMAC) to specific messages, providing secure communication between ECUs and protecting against cyber attacks. Security analysis and experimental results prove that the proposed scheme can counter attacks on the CAN bus while meeting timing requirements. Therefore, our proposed scheme is effective in satisfying improvement of both safety and security.

KW - In-vehicle network

KW - authentication

KW - controller area network (CAN)

KW - electronic control unit (ECU)

KW - optimization of task allocation

KW - safety

KW - security

UR - http://www.scopus.com/inward/record.url?scp=85088518704&partnerID=8YFLogxK

U2 - 10.1109/TVT.2020.2989808

DO - 10.1109/TVT.2020.2989808

M3 - Article

AN - SCOPUS:85088518704

VL - 69

SP - 7078

EP - 7091

JO - IEEE Transactions on Vehicular Technology

JF - IEEE Transactions on Vehicular Technology

SN - 0018-9545

IS - 7

M1 - 9076873

ER -

Ensuring Safety and Security in CAN-Based Automotive Embedded Systems: A Combination of Design Optimization and Secure Communication

Abstract

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this