Prevention of Controller Area Network (CAN) Attacks on Electric Autonomous Vehicles

Abstract

The importance of vehicle security has increased in recent years in the automotive field, drawing the attention of both the industry and academia. This is due to the rise in cybersecurity threats caused by (1) the increase in vehicle connectivity schemes, such as the Internet of Things, vehicle-to-x communication, and over-the-air updates, and (2) the increased impact of such threats because of the added functionalities that are controlled by vehicle software. These causes and threats are further amplified in autonomous vehicles, which are generally equipped with more electronic control units (ECUs) that are connected through controller area networks (CANs). Due to the holistic nature of CANs, attacks on the networks can affect the functionality of all vehicle ECUs and the whole system. This can lead to a breach of privacy, denial of services, alteration of vehicle performance, and exposure to safety threats. Although cryptographic encryption and authentication algorithms and intrusion detection systems (IDS) are currently being used to detect and prevent CAN bus attacks, they have certain limitations. Therefore, this study proposed a mitigation scheme that can detect and prevent such attacks at the ECU level, which could address the limitations of existing algorithms. This study proposed the usage of a secure boot scheme to detect and prevent the execution of malicious codes, as the presence of one or more ECUs with a malicious code is the root cause of most CAN bus attacks. Secure boot schemes apply cryptographic data integrity algorithms to ensure that only authentic and untampered software can run on the vehicle’s ECUs. The selection of an appropriate cryptographic algorithm is important because it affects the secure boot schemes’ security level and performance. Therefore, this study also tested and compared the performance of the proposed secure boot scheme with five different data security algorithms implemented using the hardware security module (HSM) of the TC399 32-bit AURIX™ TriCore™ microcontroller through an electric autonomous vehicle’s control unit. The tests showed that the two most favorable schemes with the selected hardware are the secure boot scheme with the cipher-based message authentication code (CMAC), because it possesses the highest performance with an execution rate of 26.07 (ms/MB), and the secure boot scheme with the elliptic curve digital signature algorithm (ECDSA), because it provides a higher security level with an acceptable compromise in speed. This study also introduced and tested a novel variation of the ECDSA algorithm based on the CMAC algorithm, which was found to have a 19% performance gain over the standard ECDSA-based secure boot scheme.