MAuth-CAN: Masquerade-Attack-Proof Authentication for In-Vehicle Networks

Hyo Jin Jo; Jin Hyun Kim; Hyon Young Choi; Wonsuk Choi; Dong Hoon Lee; Insup Lee

doi:10.1109/TVT.2019.2961765

MAuth-CAN: Masquerade-Attack-Proof Authentication for In-Vehicle Networks

Hyo Jin Jo, Jin Hyun Kim, Hyon Young Choi, Wonsuk Choi, Dong Hoon Lee, Insup Lee

Research output: Contribution to journal › Article › peer-review

65 Citations (Scopus)

Abstract

Numerous hacking attempts on modern vehicles have recently demonstrated that an adversary can remotely control a vehicle using vulnerable telematics services. In these attempts, a masquerade attack impersonating some safety-critical electronic control units (ECUs) is usually performed to control a vehicle. In the last decade, several message authentication protocols for controller area network (CAN) have been proposed to protect vehicles from masquerade attacks. However, some message authentication protocols are not enough to protect a vehicle from masquerade attacks by compromised ECUs. Other protocols that are secure against masquerade attacks fill the network capacity of CAN up to 100% or require hardware modifications of the CAN-controller, dedicated hardware used for CAN communications. In this paper, we propose a new authentication protocol, MAuth-CAN, that is secure against masquerade attacks. MAuth-CAN neither fills up to 100% of the network capacity nor requires hardware modifications of a CAN-controller. In addition, we propose a technique that protects ECUs from bus-off attacks, and apply the technique to MAuth-CAN for handling bus-off attacks.

Original language	English
Article number	8939382
Pages (from-to)	2204-2218
Number of pages	15
Journal	IEEE Transactions on Vehicular Technology
Volume	69
Issue number	2
DOIs	https://doi.org/10.1109/TVT.2019.2961765
Publication status	Published - 2020 Feb

Bibliographical note

Funding Information:
Manuscript received July 24, 2018; revised February 22, 2019 and June 23, 2019; accepted December 18, 2019. Date of publication December 23, 2019; date of current version February 12, 2020. This work was supported in part by the Global Research Laboratory Program 2013K1A1A2A02078326 through NRF, and the DGIST Research and Development Program (CPS Global Center) funded by the Ministry of Science, ICT & Future Planning. The review of this article was coordinated by Prof. R. Q. Hu. (Corresponding author: Insup Lee.) H. J. Jo is with the School of Software, Hallym University, Chuncheon 24252, Republic of Korea (e-mail: [email protected]).

Publisher Copyright:
© 1967-2012 IEEE.

Keywords

Authentication
Controller Area Network
Dual CAN-controller
Masquerade attack

ASJC Scopus subject areas

Aerospace Engineering
Electrical and Electronic Engineering
Computer Networks and Communications
Automotive Engineering

Access to Document

10.1109/TVT.2019.2961765

Cite this

@article{768c88a3032d4be789fa4d04c17253df,

title = "MAuth-CAN: Masquerade-Attack-Proof Authentication for In-Vehicle Networks",

abstract = "Numerous hacking attempts on modern vehicles have recently demonstrated that an adversary can remotely control a vehicle using vulnerable telematics services. In these attempts, a masquerade attack impersonating some safety-critical electronic control units (ECUs) is usually performed to control a vehicle. In the last decade, several message authentication protocols for controller area network (CAN) have been proposed to protect vehicles from masquerade attacks. However, some message authentication protocols are not enough to protect a vehicle from masquerade attacks by compromised ECUs. Other protocols that are secure against masquerade attacks fill the network capacity of CAN up to 100% or require hardware modifications of the CAN-controller, dedicated hardware used for CAN communications. In this paper, we propose a new authentication protocol, MAuth-CAN, that is secure against masquerade attacks. MAuth-CAN neither fills up to 100% of the network capacity nor requires hardware modifications of a CAN-controller. In addition, we propose a technique that protects ECUs from bus-off attacks, and apply the technique to MAuth-CAN for handling bus-off attacks.",

keywords = "Authentication, Controller Area Network, Dual CAN-controller, Masquerade attack",

author = "Jo, {Hyo Jin} and Kim, {Jin Hyun} and Choi, {Hyon Young} and Wonsuk Choi and Lee, {Dong Hoon} and Insup Lee",

note = "Funding Information: Manuscript received July 24, 2018; revised February 22, 2019 and June 23, 2019; accepted December 18, 2019. Date of publication December 23, 2019; date of current version February 12, 2020. This work was supported in part by the Global Research Laboratory Program 2013K1A1A2A02078326 through NRF, and the DGIST Research and Development Program (CPS Global Center) funded by the Ministry of Science, ICT & Future Planning. The review of this article was coordinated by Prof. R. Q. Hu. (Corresponding author: Insup Lee.) H. J. Jo is with the School of Software, Hallym University, Chuncheon 24252, Republic of Korea (e-mail: [email protected]). Publisher Copyright: {\textcopyright} 1967-2012 IEEE.",

year = "2020",

month = feb,

doi = "10.1109/TVT.2019.2961765",

language = "English",

volume = "69",

pages = "2204--2218",

journal = "IEEE Transactions on Vehicular Technology",

issn = "0018-9545",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

number = "2",

}

TY - JOUR

T1 - MAuth-CAN

T2 - Masquerade-Attack-Proof Authentication for In-Vehicle Networks

AU - Jo, Hyo Jin

AU - Kim, Jin Hyun

AU - Choi, Hyon Young

AU - Choi, Wonsuk

AU - Lee, Dong Hoon

AU - Lee, Insup

N1 - Funding Information: Manuscript received July 24, 2018; revised February 22, 2019 and June 23, 2019; accepted December 18, 2019. Date of publication December 23, 2019; date of current version February 12, 2020. This work was supported in part by the Global Research Laboratory Program 2013K1A1A2A02078326 through NRF, and the DGIST Research and Development Program (CPS Global Center) funded by the Ministry of Science, ICT & Future Planning. The review of this article was coordinated by Prof. R. Q. Hu. (Corresponding author: Insup Lee.) H. J. Jo is with the School of Software, Hallym University, Chuncheon 24252, Republic of Korea (e-mail: [email protected]). Publisher Copyright: © 1967-2012 IEEE.

PY - 2020/2

Y1 - 2020/2

N2 - Numerous hacking attempts on modern vehicles have recently demonstrated that an adversary can remotely control a vehicle using vulnerable telematics services. In these attempts, a masquerade attack impersonating some safety-critical electronic control units (ECUs) is usually performed to control a vehicle. In the last decade, several message authentication protocols for controller area network (CAN) have been proposed to protect vehicles from masquerade attacks. However, some message authentication protocols are not enough to protect a vehicle from masquerade attacks by compromised ECUs. Other protocols that are secure against masquerade attacks fill the network capacity of CAN up to 100% or require hardware modifications of the CAN-controller, dedicated hardware used for CAN communications. In this paper, we propose a new authentication protocol, MAuth-CAN, that is secure against masquerade attacks. MAuth-CAN neither fills up to 100% of the network capacity nor requires hardware modifications of a CAN-controller. In addition, we propose a technique that protects ECUs from bus-off attacks, and apply the technique to MAuth-CAN for handling bus-off attacks.

AB - Numerous hacking attempts on modern vehicles have recently demonstrated that an adversary can remotely control a vehicle using vulnerable telematics services. In these attempts, a masquerade attack impersonating some safety-critical electronic control units (ECUs) is usually performed to control a vehicle. In the last decade, several message authentication protocols for controller area network (CAN) have been proposed to protect vehicles from masquerade attacks. However, some message authentication protocols are not enough to protect a vehicle from masquerade attacks by compromised ECUs. Other protocols that are secure against masquerade attacks fill the network capacity of CAN up to 100% or require hardware modifications of the CAN-controller, dedicated hardware used for CAN communications. In this paper, we propose a new authentication protocol, MAuth-CAN, that is secure against masquerade attacks. MAuth-CAN neither fills up to 100% of the network capacity nor requires hardware modifications of a CAN-controller. In addition, we propose a technique that protects ECUs from bus-off attacks, and apply the technique to MAuth-CAN for handling bus-off attacks.

KW - Authentication

KW - Controller Area Network

KW - Dual CAN-controller

KW - Masquerade attack

UR - http://www.scopus.com/inward/record.url?scp=85079777424&partnerID=8YFLogxK

U2 - 10.1109/TVT.2019.2961765

DO - 10.1109/TVT.2019.2961765

M3 - Article

AN - SCOPUS:85079777424

SN - 0018-9545

VL - 69

SP - 2204

EP - 2218

JO - IEEE Transactions on Vehicular Technology

JF - IEEE Transactions on Vehicular Technology

IS - 2

M1 - 8939382

ER -

MAuth-CAN: Masquerade-Attack-Proof Authentication for In-Vehicle Networks

Abstract

Bibliographical note

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this