ISSN: 2182-2069 (printed) / ISSN: 2182-2077 (online)
Practical Methodology for In-Vehicle CAN Security Evaluation
Modern vehicles are equipped with a variety of Electrical and Electronic (E/E) systems for the convenience of a driver. However, with the increasing use of Electronic Control Units (ECU) to mount vehicular E/E systems, the cyber threats are also increasing. Vehicular security is a very important function which is directly connected to lives of drivers and passengers. Hence, modern vehicles should be provided with an information security function. In case that autonomous vehicles are commercialized in the future, an evaluation methodology will be needed to check if vehicles are normally provided with an information security function. In this paper, we propose a security evaluation methodology and tool that can analyze the security level of In-vehicle network without the information provided by the vehicle manufacturer. The proposed evaluation methodology is designed based on four types of attacks that can be performed on In-vehicle Controller Area Network (CAN). In addition, we design and develop the evaluation tool that can measure changes in vehicle conditions using various sensors. Finally, we conduct experiments using actual vehicles to evaluate the effectiveness and accuracy of the proposed method. The proposed methodology and tool enable us to analyze security level of In-vehicle network very easily and fast.