CAN Bus Attack And Intrusion Detection Based On Intelligent And Connected Vehicles

As the mainstream of future automotive industry,Intelligent and Connected Vehicles(ICVs)have versatile connections between themselves and external devices,although able to provide more conveniences and better driving experiences for the users,also bring forward lots of intrusion portals for the malicious attackers.Increased connectivity increases the attack vector.This also applies to connected vehicles in which vulnerabilities not only threaten digital values but also humans and the environment.It is noticed that the final step of almost all attacks in available works,must be at the in-vehicle network,i.e.,the CAN bus.Typically,attackers try to exploit the Controller Area Network(CAN)bus,which is the most widely used standard for internal vehicle communication.Once an Electronic Control Unit(ECU)connected to the CAN bus is compromised,attackers can manipulate messages at will.Actually,the characteristics of CAN data,specifically,the broadcast transmission on the CAN bus,as well as the unencrypted authentication strategy make the CAN bus vulnerable to various attacks.Different from previous works about CAN bus,we present in this paper a comprehensive study on the in-vehicle network of a modern ICV(a Luxgen SUV),from the perspective of the vehicle auxiliary system.We first clarify the complicated communication process among the smart key,Body Control Module(BCM),and Key Control Unit(KCU),identify the loophole among the Luxgen auxiliary system,and then introduce a practical method to utilize this vulnerability.Data injection and remote transmission are used to attack the vehicle dashboard,car door lock,light wiper module,etc.In addition,the function of the vehicle system itself is used to attack the vehicle,resulting in the vehicle unable to work or limited function.Finally,extensive experiments have been conducted on the Luxgen SUV where a wireless diagnostic equipment was utilized to achieve successful remote invasion in road tests.Due to the lack of security protection mechanism of CAN bus,researchers have proposed some methods to detect CAN bus attack.Some methods add verification mechanism by modifying the bus protocol,but this will greatly increase the computational load,while vehicle network requires high computational rate.There are also ways to detect attacks by identifying fluctuations in the amount of data being transmitted,but this method does not identify the sender of the attack.To solve these problems,we propose an intrusion detection system based on fingerprint extraction of CAN data frames,which can not only identify the ECU sending data within the vehicle,but also identify attacks from unmonitored and other devices.We show that our method is able to identify the sender with an average probability of 98.9 %,during the evaluation on two series production cars.Due to the robust design of the system,the evaluation shows that all false positives were prevented.Compared to previous approaches,we have significantly reduced hardware costs and increased identification rates,which enables a broad application of this technology.