Figure - available from: Security and Communication Networks
This content is subject to copyright. Terms and conditions apply.
Source publication
![The layered ISO 11898 standard architecture [14].](publication/363884148/figure/fig1/AS:11431281086812900@1664328023316/The-layered-ISO-11898-standard-architecture-14_Q320.jpg)
As automobiles become more electrified, more and more Electronic Control Units (ECU) are installed in vehicles. ECUs communicate with each other through dedicated protocols such as a controller area network (CAN), but these protocols do not have their own security measures. Many cyberattacks have exploited this weakness, but an intrusion detection...
Citations
... Upon receiving a CAN-FD message, each ECU arbitrates whether to accept the message based on its ID. However, the ID alone • DoS Attack: Crafted with the intent to impede authorized entities from accessing resources or to introduce delays in the operation of time-critical systems [32]. This disrupts the ability of other ECUs in the vehicle to process legitimate messages properly, potentially leading to interference, blockage, or paralysis of the CAN-FD bus. ...
The Controller Area Network with Flexible Data-Rate (CAN-FD) bus is the predominant in-vehicle network protocol, responsible for transmitting crucial application semantic signals. Due to the absence of security measures, CAN-FD is vulnerable to numerous cyber threats, particularly those altering its authentic physical values. This paper introduces Physical Semantics-Enhanced Anomaly Detection (PSEAD) for CAN-FD networks. Our framework effectively extracts and standardizes the genuine physical meaning features present in the message data fields. The implementation involves a Long Short-Term Memory (LSTM) network augmented with a self-attention mechanism, thereby enabling the unsupervised capture of temporal information within high-dimensional data. Consequently, this approach fully exploits contextual information within the physical meaning features. In contrast to the non-physical semantics-aware whole frame combination detection method, our approach is more adept at harnessing the physical significance inherent in each segment of the message. This enhancement results in improved accuracy and interpretability of anomaly detection. Experimental results demonstrate that our method achieves a mere 0.64% misclassification rate for challenging-to-detect replay attacks and zero misclassifications for DoS, fuzzing, and spoofing attacks. The accuracy has been enhanced by over 4% in comparison to existing methods that rely on byte-level data field characterization at the data link layer.
... As described in Section 2.A, the differential voltage is obtained by subtracting the voltage of CAN_L from the voltage of CAN_H and calculating using Formula(1). [28] ...
Modern vehicles are rapidly converging with information technology (IT) to improve their performance and the driver’s convenience. As autonomous vehicles and connected cars become more popular, software is increasingly added to vehicles, and connections with outside vehicles are also increasing. As a result, cyberattacks, which occur in the traditional IT environment, are rapidly appearing in the automotive environment. Therefore, various security measures have been studied and applied to protect drivers and pedestrians from cyberattacks. An intrusion-detection system (IDS) detects in-vehicle network attacks and is a representative security measure. However, the success of IDS systems is limited due to the low performance of in-vehicle systems and limitations of in-vehicle network protocols such as CAN (Controller-Area Network). In this study, we propose an enhanced authentication technique using a differential voltage uniquely assigned to each electronic control unit (ECU) as well as the CAN identifier. This technique uses hardware-based characteristics and can be implemented inexpensively with little change to existing systems. It can also detect attacks such as spoofing, replay, and impersonation, which are most frequently used in vehicle cyberattacks, without complex and expensive IDS.
... The powertrain domain oversees real-time functions that carry critical safety implications and are at risk of being targeted by Denial of Service (DoS) attacks [22] triggered by physical attacks. It is worth noting that such attacks do not pose a significant threat beyond CAL2 security status, which indicates a medium-low level of security emphasis. ...
As more cars connect to the internet and other devices, the automotive market has become a lucrative target for cyberattacks. This has made the industry more vulnerable to security threats. As a result, car manufacturers and governments are working together to reduce risks and prevent cyberattacks in the automotive sector. However, existing attack feasibility models derived from the information technology field may not always provide accurate assessments of the potential risks faced by Vehicle Electronic Control Units in different operating conditions and domains. This paper introduces the PUNCH Softronix and Politecnico di Torino (PSP) framework to address this issue. This framework is designed to provide accurate assessments compatible with the attack feasibility models defined by the automotive product security standards. The PSP framework utilizes social sentiment analysis to evaluate the real threat risk levels.
... These security flaws make the CAN bus vulnerable to cyberattacks. Recent experiments have demonstrated that it is possible to attack modern automobiles by compromising the CAN bus [3]. This can be achieved through obtaining access to OBD-II port [4], over the air (OTA) updates or communication channels such as Bluetooth, Wi-Fi and cellular networks. ...
The advent of Industry 4.0, characterized by the integration of digital technology into mechanical and electronic sectors, has led to the development of autonomous vehicles as a notable innovation. Despite their advanced driver assistance systems, these vehicles present potential security vulnerabilities, rendering them susceptible to cyberattacks. To address this, the study emphasized investigating these attack methodologies, underlining the need for robust safeguarding strategies for autonomous vehicles. Existing preventive or detection mechanisms encompass intrusion detection systems for Controller Area Networks and Vehicle-to-Vehicle communication, coupled with AI-driven attack identification. The critical role of artificial intelligence, specifically machine learning and deep learning subdomains, was emphasized, given their ability to dissect vehicular communications for attack detection. In this study, a mini autonomous vehicle served as the test environment, where the network was initially scanned, followed by the execution of Man-in-the-Middle, Deauthentication, DDoS, and Replay attacks. Network traffic was logged across all stages, enabling a comprehensive analysis of the attack impacts. Utilizing these recorded network packets, an AI system was trained to develop an attack detection mechanism. The resultant AI model was tested by transmitting new network packets, and its detection efficiency was subsequently evaluated. The study confirmed successful identification of the attacks, signifying the effectiveness of the AI-based model. Though the focus remained on autonomous vehicles, the study proposes that the derived methodology can be extended to other IoT systems, adhering to the steps delineated herein.
The CAN (Controller Area Network) protocol is widely adopted for in-vehicle networks due to its cost efficiency and reliable transmission. However, despite its popularity, the protocol lacks built-in security mechanisms, making it vulnerable to attacks such as flooding, fuzzing, and DoS. These attacks can exploit vulnerabilities and disrupt the expected behavior of the in-vehicle network. One of the main reasons for these security concerns is that the protocol relies on broadcast frames for communication between ECUs (Electronic Control Units) within the network. To tackle this issue, we present an intrusion detection system that leverages multiple LSTM-Autoencoders. The proposed system utilizes diverse features, including transmission interval and payload value changes, to capture various characteristics of normal network behavior. The system effectively detects anomalies by analyzing different types of features separately using the LSTM-Autoencoder model. In our evaluation, we conducted experiments using real vehicle network traffic, and the results demonstrated the system’s high precision with a 99% detection rate in identifying anomalies.
The vulnerabilities of controller area network (CAN) are often targeted by various types of vehicle hacking. To this end, conventional cyber attacks have used a frame injection and a dominant bit injection. However, these two techniques cannot modify data frames sent from an electronic control unit (ECU) in real time. Thus, the frame injection cannot perfectly control the target system. The dominant bit injection can only perform denial of service (DoS) attacks, which means that it cannot perfectly control the ECU. In this paper, we propose a new attack technique for modifying either dominant or recessive bits represented in a CAN bus as the attacker intends. This technique is called perfect bit modification (PBM). We introduce two attack models using the PBM technique, the bus possession attack (BPA) and the target ID attack (TIA). The BPA can perform an attack without breaking the communication pattern of the CAN bus, and the TIA can perfectly seize control of a specific ECU. In addition, we produce an attack tool with the PBM functionality using the SN65HVD230 (CAN transceiver) and the FDS8949 (MOSFET). Both SN65HVD230 and FDS8949 are components that are commonly used to build ECUs, which cost less than two dollars. This means that our attack models are likely to be utilized for supply chain attacks. To demonstrate the feasibility of BPA and TIA, we conduct attack experiments using two real vehicles. Finally, we analyze the characteristics of existing attack techniques including PBM and suggest countermeasures to construct a secure CAN environment.
