A Survey of Attacks Over Controller Area Networks and Potential Countermeasures
Automotive manufacturers have a specialized internal communication network, called vehicle bus which connects the Electronic Control Units (ECU) in a motor vehicle through a single or multiple bus architecture. This avoids heavy and complicated wiring structures for communication, and unifies the system into one centralized control and functionality operation. Controlled Area Network (CAN) is one of the standards for communication in these unified vehicular networks. The CAN bus protocol is designed to be lightweight, robust, fast and secure. However, the focus on centralization and simplicity for effective communications opens new and dangerous security issues. Handling these issues efficiently and effectively is essential for safety. This exploratory research gives a comprehensive survey of attacks on CAN buses, identification of potential vulnerabilities in a CAN, a summary of existing solutions, and recommendations for new solutions. The question that guides the research seeks to identify expectations for secure but functional requirements of an effective and efficient CAN: What is required to assure CAN vehicle security? The literature analysis suggests that there are many ways a CAN may be compromised and that many successful attempts have been made. Initially vehicles were stolen by hacking the electronic key systems that were used to secure access to a vehicle. Then hacking extended to access the full vehicle control system. The effects were malicious intervention into steering, breaking, and lighting functions. In each situation the legitimate control of the vehicle was taken by a hacker so that the vehicle could be stolen or the safe use of the vehicle compromised. Today tricking the artificial intelligence functions is a method used to compromise security. These findings suggest that more attention has to be paid to the protection of the CAN system and that counter measures have to be inbuilt in order to maintain the integrity of the system. The exploratory research proceeds by first identifying the various vulnerabilities and current security precautions used in CAN. A CAN simulator is used for software development is then mounted and tested for functionality. Diagnostic tools are also used and the limitations noted for attack vectors. The CAN is then subjected to a range of known communication attacks, and the performance noted. From the data analysis, patterns of vulnerability emerge, and the inbuilt security measures applied to check their effectiveness. The research findings show that the inbuilt security functions are effective on a limited range of attacks. Therefore the research recommends design changes and the implementation of further precautions to prevent similar attacks. The value of this research is to alert vehicle manufacturers to security requirements, and for maintenance and repair services to assure the testing equipment has detection capability. Fault codes currently detect some vulnerabilities but into the future these capabilities require continuous updating and patching by the manufacturers. Successful CAN security assurance relies on many stakeholders and the recent legislation for car hacking compliance, privacy, and vehicle automation (for autonomous control) standardization, are all beneficial to the aims of this thesis. Figure 5.3 summarizes the learning from this research and advocates methodology for building and maintaining secure CAN technologies. (Note: Some of the testing and exploratory work was not completed (see Chapter 6) because of the Covid-19 shut downs that caused delays in the testing equipment delivery and the closure of the research laboratories in Semester 1 and early Semester 2, 2020).