An Enhanced Method for Reverse Engineering CAN Data Payload
- Authors
- Choi, W.; Lee, S.; Joo, K.; Jo, H.J.; Lee, D.H.
- Issue Date
- 4월-2021
- Publisher
- Institute of Electrical and Electronics Engineers Inc.
- Keywords
- Automotive security; CAN DBC format file; controller area network (CAN); reverse engineering
- Citation
- IEEE Transactions on Vehicular Technology, v.70, no.4, pp.3371 - 3381
- Indexed
- SCIE
SCOPUS
- Journal Title
- IEEE Transactions on Vehicular Technology
- Volume
- 70
- Number
- 4
- Start Page
- 3371
- End Page
- 3381
- URI
- https://scholar.korea.ac.kr/handle/2021.sw.korea/129022
- DOI
- 10.1109/TVT.2021.3063261
- ISSN
- 0018-9545
- Abstract
- Recently, numerous electronic components are installed in vehicles, providing drivers and passengers with increased safety and convenience. The electronic components construct an in-vehicle network that internally shares relevant status information about the vehicle. As modern vehicles become more computerized, the potential for automotive cyber-security threats also increases a fact that has been illustrated clearly by various car-hacking demonstrations. Using the controller area network (CAN), the de facto standard protocol in the automotive industry that facilitates in-vehicle network communication, car-hacking demonstrations inject critical CAN messages to control vehicular functions. In efforts to address this security issue, car manufacturers, in turn, have made confidential the CAN database (i.e., DBC format file), where signal information assigned in the CAN data payload is specified. However, it has since become known that this policy does not hermetically seal a vehicular network against cyber attacks. On the contrary, in-depth automotive security research has been hindered significantly because of the limited information accessible by researchers. For example, automotive intrusion detection systems (IDS) identify and alert when there is a vehicular break-in, and this technology is a major area of study in automotive cyber security research. For the automotive IDS that analyzes CAN traffic, information in the DBC format file greatly improves detection veracity. However, most IDS technologies to date have been independently developed without the confidential CAN DB information and, as a result, do not mitigate threats to a satisfactory standard. In this paper, we propose an enhanced method that identifies signal boundaries in a CAN data payload, which is specified in the DBC format file. Unlike an existing method that is designed based on total bit-flip rates, our method analyzes bit-flip time series not total bit-flip rates so that signal boundaries can be more clearly identified. In this paper, we use a publicly available DBC format file called OpenDBC as a reference, and show that our method outperforms the existing method. © 1967-2012 IEEE.
- Files in This Item
- There are no files associated with this item.
- Appears in
Collections - School of Cyber Security > Department of Information Security > 1. Journal Articles
Items in ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.