Visible to the public Security issues in controller area networks in automobiles

TitleSecurity issues in controller area networks in automobiles
Publication TypeConference Paper
Year of Publication2017
AuthorsButtigieg, R., Farrugia, M., Meli, C.
Conference Name2017 18th International Conference on Sciences and Techniques of Automatic Control and Computer Engineering (STA)
Keywordsauthentication, automobiles, automotive electronics, Automotive engineering, BMW E90 instrument cluster, CAN (Controller Area Network), CAN protocol, CAN-bus, controller area network, controller area network security, controller area networks, cryptography, data encryption, ECU, ECU (Electronic Control Unit), electronic control units, instrument cluster, Instruments, modern automobiles, modern car hacking, modern vehicles, performance evaluation, Protocols, pubcrawl, render vehicles, resilience, Resiliency, Rogue device, Safety, security, security issues, security of data, spoofed messages, traffic engineering computing
AbstractModern vehicles may contain a considerable number of ECUs (Electronic Control Units) which are connected through various means of communication, with the CAN (Controller Area Network) protocol being the most widely used. However, several vulnerabilities such as the lack of authentication and the lack of data encryption have been pointed out by several authors, which ultimately render vehicles unsafe to their users and surroundings. Moreover, the lack of security in modern automobiles has been studied and analyzed by other researchers as well as several reports about modern car hacking have (already) been published. The contribution of this work aimed to analyze and test the level of security and how resilient is the CAN protocol by taking a BMW E90 (3-series) instrument cluster as a sample for a proof of concept study. This investigation was carried out by building and developing a rogue device using cheap commercially available components while being connected to the same CAN-Bus as a man in the middle device in order to send spoofed messages to the instrument cluster.
Citation Keybuttigieg_security_2017