Cyber security of vehicle CAN bus

Abstract

There are currently many research projects underway concerning the intelligent transport system (ITS), with the intent to develop a variety of communication solutions between vehicles, roadside stations and services. In the near future, the roll-out of 5G networks will improve short-range vehicle-to-vehicle traffic and vehicle-to-infrastructure communications. More extensive services can be introduced due to almost non-delayed response time. Cyber security is central for the usability of the services and, most importantly, for car safety. The Controller Area Network (CAN) is an automation bus that was originally designed for real-time data transfer of distributed control systems to cars. Later, the CAN bus was developed as a universal automation system for many automation solutions. One of its characteristics is that bus traffic is not supervised in any way due to the lack of timing of control. In other words there are no authentication mechanism. This article highlights different approaches and their usability to reveal the car’s CAN bus malfunctions. The study complements earlier studies on the safety of vehicles in the CAN bus. Based on the test results, practical methods can be evaluated to detect changes in CAN bus traffic, such as targeted cyber-attacks. The article is based on the results of a study on the cybersecurity of cars conducted at the University of Jyväskylä (AaTi study). Initially, the AaTi study attempted to identify the message content of the bus and to detect interferences via the Neural network solution. However, the problem with the neural network was the computational performance required and the lack of prediction accuracy. After that the study was focused on experiments that were based on the arrival times of control messages, that is, their timing-based intrusion detection. In this sense the research did concentrate on kernel density estimation, one-class support vector machine solution, absolute deviation method and categorization. Due to methodological challenges, a method for detecting intrusions based on statistical processing of message traffic was ultimately developed as an outcome of the study.