Catch ID if You CAN: Dynamic ID Virtualization Mechanism for the Controller Area Network

Hyunjin Sun; Se Young Lee; Kyungho Joo; Hongjoo Jin; Dong Hoon Lee

doi:10.1109/ACCESS.2019.2950373

Catch ID if You CAN: Dynamic ID Virtualization Mechanism for the Controller Area Network

Hyunjin Sun, Se Young Lee, Kyungho Joo, Hongjoo Jin, Dong Hoon Lee

School of Cybersecurity

Research output: Contribution to journal › Article › peer-review

6 Citations (Scopus)

Abstract

The controller area network (CAN) is the most widely used in-vehicle network to communicate among electronic control units. However, the CAN does not provide security functionalities, such as encryption or message authentication. Attackers can analyze CAN logs and inject valid messages based on the analysis to cause malfunctions. Thus, security functions appropriate to the CAN environment are required to prevent attacks. In this paper, we propose a dynamic identifier (ID) virtualization method that prevents CAN logs from being analyzed and makes it difficult for attackers to generate valid messages. We implement a virtualization module to perform dynamic ID virtualization and measure the delay and computational overhead caused by the proposed method. Additionally, we demonstrate the security of the proposed method.

Original language	English
Article number	8886494
Pages (from-to)	158237-158249
Number of pages	13
Journal	IEEE Access
Volume	7
DOIs	https://doi.org/10.1109/ACCESS.2019.2950373
Publication status	Published - 2019

Bibliographical note

Funding Information:
This work was supported by the Samsung Research Funding & Incubation Center for Future Technology under Project SRFC-TB1403-51.

Publisher Copyright:
© 2019 IEEE.

Keywords

Controller area network
in-vehicle network
network security
vehicular security

ASJC Scopus subject areas

Computer Science(all)
Materials Science(all)
Engineering(all)

Access to Document

10.1109/ACCESS.2019.2950373

Cite this

@article{026a1f5f6ddb4e24a109a7357c23090d,

title = "Catch ID if You CAN: Dynamic ID Virtualization Mechanism for the Controller Area Network",

abstract = "The controller area network (CAN) is the most widely used in-vehicle network to communicate among electronic control units. However, the CAN does not provide security functionalities, such as encryption or message authentication. Attackers can analyze CAN logs and inject valid messages based on the analysis to cause malfunctions. Thus, security functions appropriate to the CAN environment are required to prevent attacks. In this paper, we propose a dynamic identifier (ID) virtualization method that prevents CAN logs from being analyzed and makes it difficult for attackers to generate valid messages. We implement a virtualization module to perform dynamic ID virtualization and measure the delay and computational overhead caused by the proposed method. Additionally, we demonstrate the security of the proposed method.",

keywords = "Controller area network, in-vehicle network, network security, vehicular security",

author = "Hyunjin Sun and Lee, {Se Young} and Kyungho Joo and Hongjoo Jin and Lee, {Dong Hoon}",

note = "Funding Information: This work was supported by the Samsung Research Funding & Incubation Center for Future Technology under Project SRFC-TB1403-51. Publisher Copyright: {\textcopyright} 2019 IEEE.",

year = "2019",

doi = "10.1109/ACCESS.2019.2950373",

language = "English",

volume = "7",

pages = "158237--158249",

journal = "IEEE Access",

issn = "2169-3536",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

}

TY - JOUR

T1 - Catch ID if You CAN

T2 - Dynamic ID Virtualization Mechanism for the Controller Area Network

AU - Sun, Hyunjin

AU - Lee, Se Young

AU - Joo, Kyungho

AU - Jin, Hongjoo

AU - Lee, Dong Hoon

PY - 2019

Y1 - 2019

N2 - The controller area network (CAN) is the most widely used in-vehicle network to communicate among electronic control units. However, the CAN does not provide security functionalities, such as encryption or message authentication. Attackers can analyze CAN logs and inject valid messages based on the analysis to cause malfunctions. Thus, security functions appropriate to the CAN environment are required to prevent attacks. In this paper, we propose a dynamic identifier (ID) virtualization method that prevents CAN logs from being analyzed and makes it difficult for attackers to generate valid messages. We implement a virtualization module to perform dynamic ID virtualization and measure the delay and computational overhead caused by the proposed method. Additionally, we demonstrate the security of the proposed method.

AB - The controller area network (CAN) is the most widely used in-vehicle network to communicate among electronic control units. However, the CAN does not provide security functionalities, such as encryption or message authentication. Attackers can analyze CAN logs and inject valid messages based on the analysis to cause malfunctions. Thus, security functions appropriate to the CAN environment are required to prevent attacks. In this paper, we propose a dynamic identifier (ID) virtualization method that prevents CAN logs from being analyzed and makes it difficult for attackers to generate valid messages. We implement a virtualization module to perform dynamic ID virtualization and measure the delay and computational overhead caused by the proposed method. Additionally, we demonstrate the security of the proposed method.

KW - Controller area network

KW - in-vehicle network

KW - network security

KW - vehicular security

UR - http://www.scopus.com/inward/record.url?scp=85077965247&partnerID=8YFLogxK

U2 - 10.1109/ACCESS.2019.2950373

DO - 10.1109/ACCESS.2019.2950373

M3 - Article

AN - SCOPUS:85077965247

SN - 2169-3536

VL - 7

SP - 158237

EP - 158249

JO - IEEE Access

JF - IEEE Access

M1 - 8886494

ER -

Catch ID if You CAN: Dynamic ID Virtualization Mechanism for the Controller Area Network

Abstract

Bibliographical note

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this