Abstract
Vehicle-IT convergence technology is a rapidly rising paradigm of modern vehicles, in which an electronic control unit (ECU) is used to control the vehicle electrical systems, and the controller area network (CAN), an in-vehicle network, is commonly used to construct an efficient network of ECUs. Unfortunately, security issues have not been treated properly in CAN, although CAN control messages could be life-critical. With the appearance of the connected car environment, in-vehicle networks (e.g., CAN) are now connected to external networks (e.g., 3G/4G mobile networks), enabling an adversary to perform a long-range wireless attack using CAN vulnerabilities. In this paper we show that a long-range wireless attack is physically possible using a real vehicle and malicious smartphone application in a connected car environment. We also propose a security protocol for CAN as a countermeasure designed in accordance with current CAN specifications. We evaluate the feasibility of the proposed security protocol using CANoe software and a DSP-F28335 microcontroller. Our results show that the proposed security protocol is more efficient than existing security protocols with respect to authentication delay and communication load.
| Original language | English |
|---|---|
| Article number | 6894181 |
| Pages (from-to) | 993-1006 |
| Number of pages | 14 |
| Journal | IEEE Transactions on Intelligent Transportation Systems |
| Volume | 16 |
| Issue number | 2 |
| DOIs | |
| Publication status | Published - 2015 Apr 1 |
Bibliographical note
Publisher Copyright:© 2000-2011 IEEE.
Keywords
- Connected car
- controller area network (CAN)
- in-vehicle network security
- key management
ASJC Scopus subject areas
- Automotive Engineering
- Mechanical Engineering
- Computer Science Applications