Abstract

Security in automotive in-vehicle networks is an increasing problem with the growing connectedness of road vehicles. This article proposes a security-aware priority assignment for automotive controller area network (CAN) platforms with the aim of mitigating scaling effects of attacks on vehicle fleets. CAN is the dominating field bus in the automotive domain due to its simplicity, low cost, and robustness. While messages might be encrypted to enhance the security of CAN systems, their priorities are usually identical for automotive platforms, comprising generally a large number of vehicle models. As a result, the identifier uniquely defines which message is sent, allowing attacks to scale across a fleet of vehicles with the same platform. As a remedy, we propose a methodology that is capable of determining obfuscated message identifiers for each individual vehicle. Since identifiers directly represent message priorities, the approach has to take the resulting response time variations into account while satisfying application deadlines for each vehicle schedule separately. Our approach relies on Quadratically Constrained Quadratic Program (QCQP) solving in two stages, specifying first a set of feasible fixed priorities and subsequently bounded priorities for each message. With the obtained bounds, obfuscated identifiers are determined, using a very fast randomized sampling. The experimental results, consisting of a large set of synthetic test cases and a realistic case study, give evidence of the efficiency of the proposed approach in terms of scalability. The results also show that the diversity of obtained identifiers is effectively optimized with our approach, resulting in a very good obfuscation of CAN messages in in-vehicle communication.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.