Hoping CAN DB approach for enhanced security
2022-01-0126
03/29/2022
- Event
- Content
- Controller Area Network (CAN) is very popular data transportation mechanism in all modern vehicles. CAN bus by design is not security oriented. It is an open communication with transparent messaging. Messages transmitted on bus can be easily read/decoded/spoofed by intruder This paper explores specific method of in-vehicle network security for CAN. This paper presents new method which is based on principal of changing CAN message ID’s during vehicle run time. This method uses vehicle sensors to change CAN message ID on bus. This paper also describes various possible combinations in which network sensors can be connected to various ECU on system. Also covered are aspects of timelines when these messages are shifted, how all ECUs sync with each other and participates in the encoding process. Paper covers below 3 aspects (A) System design System will be based on N number of different CAN database (DB) each having same messages with different ordering inside. All ECU’s involved in CAN bus communication will have knowledge of the different DB’s being used in system. These messages are switched at periodic interval by all ECUs (B) DB switch triggering time Trigger or time to switch the database is proposed using a message embedded inside the actual data message from a master ECU. Another mechanism to initiate the DB switch may be to use GPS time as reference to calculate switching time like 5 seconds, 1 minute etc (C) Technology Benefits (1) More secured communication since difficult to reverse engineer changing messages on CAN bus (2) Since sequence of DB change is proprietary algorithm, predicting DB change is difficult (3) In the event of hacker injecting DB messages it can be detected due to different message ID’s (4) In case of system compromise, breach can be detected faster because of DB switch. Based on damage detection, prevention mechanism can be triggered faster
- Citation
- Kulkarni, A., "Hoping CAN DB approach for enhanced security," SAE Technical Paper 2022-01-0126, 2022, .