This content is not included in your SAE MOBILUS subscription, or you are not logged in.
A Method for Disabling Malicious CAN Messages by Using a CMI-ECU
ISSN: 0148-7191, e-ISSN: 2688-3627
Published April 5, 2016 by SAE International in United States
Annotation ability available
Controller area network (CAN) technology is widely adopted in vehicles, but attention has been drawn recently to its lack of security mechanisms. Numerous countermeasures have been proposed, but none can be regarded as a generic solution, in part because all the proposed countermeasures require extensive modifications to existing in-vehicle systems.
To arrive at a solution to this problem, we propose a new method of protecting CAN without the need to modify existing systems. In this paper, we explain the principle of our proposed method and the architecture of the electronic control unit (ECU) that implements it. We report the result of our experiments and show its efficacy against typical security threats faced by CAN.
CitationUjiie, Y., Kishikawa, T., Haga, T., Matsushima, H. et al., "A Method for Disabling Malicious CAN Messages by Using a CMI-ECU," SAE Technical Paper 2016-01-0068, 2016, https://doi.org/10.4271/2016-01-0068.
- ISO 11898-1 Road vehicles -- Controller area network (CAN) --Part 1: Data link layer and physical signaling.
- Koscher K., Czeskis A., Roesner F., Patel S., Kohno T., Checkoway S., McCoy D., Kantor B., Anderson D., Shacham H., and Savage S., “Experimental security analysis of a modern automobile,” IEEE Symposium on Security and Privacy 2010, pp. 447-462, 2010.
- Checkoway S., McCoy D., Kantor B., Anderson D., Shacham H., Savage S., Koscher K., Czeskis A., Roesner F., and Kohno T., “Comprehensive experimental analyses of automotive attack surfaces,” USENIX Security Symposium, 2011.
- Glas B., Guajardo J., Hacioglu H., Ihle M., Wehefritz K., and Yavuz, A, “Signal-based Automotive Communication Security and Its Interplay with Safety Requirements,” in Embedded Security in Cars, 2012.
- Hartkopp O., Reuber C., and Schilling R., “MaCAN - Message Authenticated CAN,” in Embedded Security in Cars, 2012.
- Nilsson D. K., Larson U. E., and Jonsson E., “Efficient In-Vehicle Delayed Data Authentication Based on Compound Message Authentication Codes,” Vehicular Technology Conference, 2008.
- Hoppe T., Kiltz S., and Dittmann J., “Security threats to automotive CAN networks - Practical examples and selected short-term countermeasures,” Computer Safety, Reliability and Security, SAFECOMP ’08, pp. 235-248, 2008.
- Müter M., Groll A., and Freiling F., “Anomaly Detection for In-Vehicle Networks Using a Sensor-Based Approach,” Journal of Information Assurance and Security, Vol. 6, 2, 2011, pp. 132-140, 2011.
- Otsuka S., Ishigooka T., “Intrusion Detection for In-vehicle Networks without Modifying Legacy ECUs,” IPSJ SIG Technical Report 2013.
- Matsumoto T., Hata M., Tanabe M., Yoshioka K., and Oishi K., “A Method of Preventing Unauthorized Data Transmission in Controller Area Network,” Vehicular Technology Conference, 2012.
- Kurachi R., Matsubara Y., Takada H., Adachi N., Miyashita Y., and Horihata S., “CaCAN - Centralized Authentication System in CAN (Controller Area Network), ” in Embedded Security in Cars, 2014.
- RENESAS,RL78/F12, http://japan.renesas.com/products/mpumcu/rl78/rl78f1x/rl78f12/
- Vector, CANoe, https://vector.com/vj_canoe_jp.html
- PSI, SX-Card6, http://www.prime-sys.co.jp/products/sxcard6.htm
- Microchip, MCP2515, http://www.microchip.jp/docs/DS21801D_JP.pdf
- Atmel, ATmega162, http://www.atmel.com/devices/ATMEGA162.aspx