State-of-the-Art Survey on In-Vehicle Network Communication (CAN-Bus) Security and Vulnerabilities

TL;DR

This survey reviews the security vulnerabilities of the CAN-Bus protocol in modern vehicles, highlighting its inherent security flaws and discussing various proposed solutions to enhance in-vehicle network security.

Contribution

It provides a comprehensive overview of CAN-Bus security issues and summarizes recent research efforts to address these vulnerabilities across different layers.

Findings

CAN-Bus lacks message authentication by design.

External interfaces increase attack surface.

Multiple solutions proposed for security enhancement.

Abstract

Nowadays with the help of advanced technology, modern vehicles are not only made up of mechanical devices but also consist of highly complex electronic devices and connections to the outside world. There are around 70 Electronic Control Units (ECUs) in modern vehicle which are communicating with each other over the standard communication protocol known as Controller Area Network (CAN-Bus) that provides the communication rate up to 1Mbps. There are different types of in-vehicle network protocol and bus system namely Controlled Area Network (CAN), Local Interconnected Network (LIN), Media Oriented System Transport (MOST), and FlexRay. Even though CAN-Bus is considered as de-facto standard for in-vehicle network communication, it inherently lacks the fundamental security features by design like message authentication. This security limitation has paved the way for adversaries to penetrate into the vehicle network and do malicious activities which can pose a dangerous situation for both driver and passengers. In particular, nowadays vehicular networks are not only closed systems, but also they are open to different external interfaces namely Bluetooth, GPS, to the outside world. Therefore, it creates new opportunities for attackers to remotely take full control of the vehicle. The objective of this research is to survey the current limitations of CAN-Bus protocol in terms of secure communication and different solutions that researchers in the society of automotive have provided to overcome the CAN-Bus limitation on different layers.