A Practical Wireless Attack on the Connected Car and Security Protocol for In-Vehicle CAN

Samuel Woo, Hyo Jin Jo, Dong Hoon Lee

Research output: Contribution to journalArticlepeer-review

369 Citations (Scopus)


Vehicle-IT convergence technology is a rapidly rising paradigm of modern vehicles, in which an electronic control unit (ECU) is used to control the vehicle electrical systems, and the controller area network (CAN), an in-vehicle network, is commonly used to construct an efficient network of ECUs. Unfortunately, security issues have not been treated properly in CAN, although CAN control messages could be life-critical. With the appearance of the connected car environment, in-vehicle networks (e.g., CAN) are now connected to external networks (e.g., 3G/4G mobile networks), enabling an adversary to perform a long-range wireless attack using CAN vulnerabilities. In this paper we show that a long-range wireless attack is physically possible using a real vehicle and malicious smartphone application in a connected car environment. We also propose a security protocol for CAN as a countermeasure designed in accordance with current CAN specifications. We evaluate the feasibility of the proposed security protocol using CANoe software and a DSP-F28335 microcontroller. Our results show that the proposed security protocol is more efficient than existing security protocols with respect to authentication delay and communication load.

Original languageEnglish
Article number6894181
Pages (from-to)993-1006
Number of pages14
JournalIEEE Transactions on Intelligent Transportation Systems
Issue number2
Publication statusPublished - 2015 Apr 1

Bibliographical note

Publisher Copyright:
© 2000-2011 IEEE.


  • Connected car
  • controller area network (CAN)
  • in-vehicle network security
  • key management

ASJC Scopus subject areas

  • Automotive Engineering
  • Mechanical Engineering
  • Computer Science Applications


Dive into the research topics of 'A Practical Wireless Attack on the Connected Car and Security Protocol for In-Vehicle CAN'. Together they form a unique fingerprint.

Cite this