Vulnerability of FlexRay and Countermeasures

Published May 23, 2019 by SAE International in United States
Vulnerability of FlexRay and Countermeasures
Sector:
Citation: Kishikawa, T., Hirano, R., Ujiie, Y., Haga, T. et al., "Vulnerability of FlexRay and Countermeasures," SAE Int. J. Transp. Cyber. & Privacy 2(1):2019, https://doi.org/10.4271/11-02-01-0002.
Language: English

Abstract:

The importance of in-vehicle network security has increased with an increase in automated and connected vehicles. Hence, many attacks and countermeasures have been proposed to secure the controller area network (CAN), which is an existent in-vehicle network protocol. At the same time, new protocols-such as FlexRay and Ethernet-which are faster and more reliable than CAN have also been proposed. European OEMs have adopted FlexRay as a control network that can perform the fundamental functions of a vehicle. However, there are few studies regarding FlexRay security. In particular, studies on attacks against FlexRay are limited to theoretical studies or simulation-based experiments. Hence, the vulnerability of FlexRay is unclear. Understanding this vulnerability is necessary for the application of countermeasures and improving the security of future vehicles.
In this article, we highlight the vulnerability of FlexRay found in the experiments conducted on a real FlexRay network. Consequently, we clarify the conditions under which attackers masquerade as legitimate electronic control units (ECUs) and transmit spoofed FlexRay frames. We also confirm that a consumer vehicle’s functions such as steering, braking, and acceleration can be controlled maliciously using spoofing attacks. Furthermore, we discuss countermeasures against spoofing attacks on FlexRay networks.