Volume 9 - Issue 2
Practical Methodology for In-Vehicle CAN Security Evaluation
- Hyun-Bae Park
Korea Automotive Technology Institute, Cheonan, Korea
hbpark@katech.re.kr
- Yongeun Kim
Korea Automotive Technology Institute, Cheonan, Korea
kimye@katech.re.kr
- Jaeseok Jeon
Korea Automotive Technology Institute, Cheonan, Korea
jsjeon@katech.re.kr
- Hee Seok Moon
Korea Automotive Technology Institute, Cheonan, Korea
hsmoon@katech.re.kr
- Samuel Woo
Electronics and Telecommunications Research Institute, Daejeon, Korea
samuelwoo@etri.re.kr
Keywords: in-vehicle CAN security, security evaluation, automotive security, in-vehicle CAN penetration test
Abstract
Modern vehicles are equipped with a variety of Electrical and Electronic (E/E) systems for the convenience
of a driver. However, with the increasing use of Electronic Control Units (ECU) to mount
vehicular E/E systems, the cyber threats are also increasing. Vehicular security is a very important
function which is directly connected to lives of drivers and passengers. Hence, modern vehicles
should be provided with an information security function. In case that autonomous vehicles are
commercialized in the future, an evaluation methodology will be needed to check if vehicles are normally
provided with an information security function. In this paper, we propose a security evaluation
methodology and tool that can analyze the security level of In-vehicle network without the information
provided by the vehicle manufacturer. The proposed evaluation methodology is designed based
on four types of attacks that can be performed on In-vehicle Controller Area Network (CAN). In
addition, we design and develop the evaluation tool that can measure changes in vehicle conditions
using various sensors. Finally, we conduct experiments using actual vehicles to evaluate the effectiveness
and accuracy of the proposed method. The proposed methodology and tool enable us to
analyze security level of In-vehicle network very easily and fast.