An Enhanced Method for Reverse Engineering CAN Data Payload

Wonsuk Choi, Seyoung Lee, Kyungho Joo, Hyo Jin Jo, Dong Hoon Lee

Research output: Contribution to journalArticlepeer-review

21 Citations (Scopus)

Abstract

Recently, numerous electronic components are installed in vehicles, providing drivers and passengers with increased safety and convenience. The electronic components construct an in-vehicle network that internally shares relevant status information about the vehicle. As modern vehicles become more computerized, the potential for automotive cyber-security threats also increases a fact that has been illustrated clearly by various car-hacking demonstrations. Using the controller area network (CAN), the de facto standard protocol in the automotive industry that facilitates in-vehicle network communication, car-hacking demonstrations inject critical CAN messages to control vehicular functions. In efforts to address this security issue, car manufacturers, in turn, have made confidential the CAN database (i.e., DBC format file), where signal information assigned in the CAN data payload is specified. However, it has since become known that this policy does not hermetically seal a vehicular network against cyber attacks. On the contrary, in-depth automotive security research has been hindered significantly because of the limited information accessible by researchers. For example, automotive intrusion detection systems (IDS) identify and alert when there is a vehicular break-in, and this technology is a major area of study in automotive cyber security research. For the automotive IDS that analyzes CAN traffic, information in the DBC format file greatly improves detection veracity. However, most IDS technologies to date have been independently developed without the confidential CAN DB information and, as a result, do not mitigate threats to a satisfactory standard. In this paper, we propose an enhanced method that identifies signal boundaries in a CAN data payload, which is specified in the DBC format file. Unlike an existing method that is designed based on total bit-flip rates, our method analyzes bit-flip time series not total bit-flip rates so that signal boundaries can be more clearly identified. In this paper, we use a publicly available DBC format file called OpenDBC as a reference, and show that our method outperforms the existing method.

Original languageEnglish
Article number9369078
Pages (from-to)3371-3381
Number of pages11
JournalIEEE Transactions on Vehicular Technology
Volume70
Issue number4
DOIs
Publication statusPublished - 2021 Apr

Bibliographical note

Funding Information:
Manuscript received March 27, 2020; revised November 14, 2020; accepted February 18, 2021. Date of publication March 3, 2021; date of current version May 5, 2021. This work was supported in part by the Samsung Research Funding, and Incubation Center for Future Technology under Project No. SRFC-TB1403-51, and in part by the National Research Foundation of Korea (NRF) grant funded by the Korea government (MSIT) (NRF-2020R1C1C1007446). The review of this article was coordinated by Prof. F. Lavagetto. (Corresponding author: Dong Hoon Lee.) Wonsuk Choi is with the Division of IT Convergence Engineering, Hansung University, Seoul 02876, South Korea (e-mail: [email protected]).

Publisher Copyright:
© 1967-2012 IEEE.

Keywords

  • Automotive security
  • CAN DBC format file
  • controller area network (CAN)
  • reverse engineering

ASJC Scopus subject areas

  • Automotive Engineering
  • Aerospace Engineering
  • Electrical and Electronic Engineering
  • Applied Mathematics

Fingerprint

Dive into the research topics of 'An Enhanced Method for Reverse Engineering CAN Data Payload'. Together they form a unique fingerprint.

Cite this