Skip to main content

Advertisement

SpringerLink
Log in

Securing the controller area network with covert voltage channels

  • Regular Contribution
  • Published:
International Journal of Information Security Aims and scope Submit manuscript

Abstract

The Controller Area Network (CAN) is the most widely employed communication protocol for in-vehicle applications. While many of its features qualify it as a suitable candidate for future use in automotive networking, the lack of security mechanisms makes it problematic for safety-critical applications. Recently, both the research community and the industry have proposed a large number of solutions for securing CAN, but most of these solutions put additional strain on the already limited 8 byte CAN payload or require more expensive hardware. In this work, we propose the use of a covert voltage channel that can be used for the transmission of additional data required by specific security mechanisms. We achieve this with the help of additional transceivers by encoding additional bits as different voltage levels in the existing CAN dominant bits without affecting regular CAN traffic decoding. We demonstrate the application of our approach on both low-end and high-end automotive embedded platforms and prove its suitability for implementing authentication mechanisms and key exchange protocols over CAN while maintaining backward compatibility.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13

Similar content being viewed by others

References

  1. Amrani, O., Rubin, A.: Contention detection and resolution for multiple-access power-line communications. IEEE Trans. Vehicul. Technol. 56(6), 3879–3887 (2007)

    Article  Google Scholar 

  2. AUTOSAR: Specification of secure onboard communication (2017)

  3. Berk, V., Giani, A., Cybenko, G., Hanover, N.: Detection of covert channel encoding in network packet delays. Rapport technique TR536, de lUniversité de Dartmouth 19 (2005)

  4. Cabuk, S., Brodley, CE., Shields, C.: IP covert timing channels: design and detection. In: Proceedings of the 11th ACM conference on Computer and communications security, pp 178–187 (2004)

  5. Cena, G., Bertolotti, I.C., Hu, T., Valenzano, A.: A mechanism to prevent stuff bits in CAN for achieving jitterless communication. IEEE Trans. Ind. Inf. 11(1), 83–93 (2014)

    Article  Google Scholar 

  6. Cena, G., Bertolotti, I.C., Hu, T., Valenzano, A.: On a software-defined CAN controller for embedded systems. Comput. Standards Interfaces 63, 43–51 (2019)

    Article  Google Scholar 

  7. Checkoway, S., McCoy, D., Kantor, B., Anderson, D., Shacham, H., Savage, S., Koscher, K., Czeskis, A., Roesner ,F., Kohno, T., et al.: Comprehensive experimental analyses of automotive attack surfaces. In: USENIX Security Symposium, San Francisco, pp 77–92 (2011)

  8. Choi, E., Han, S., Lee, J., Lee, S., Kang, S., Choi, J.W.: Compatibility analysis of the turbo controller area network (turbo CAN). IEEE Trans. Vehicul. Technol. 67(6), 5146–5157 (2018)

    Article  Google Scholar 

  9. Dolev, S., Krzywiecki, Ł., Panwar, N., Segal, M.: Optical puf for non-forwardable vehicle authentication. Comput. Commun. 93, 52–67 (2016)

    Article  Google Scholar 

  10. Fernandes, E., Crispo, B., Conti, M.: FM 99.9, radio virus: exploiting FM radio broadcasts for malware deployment. IEEE Trans. Inf. Foren. Secur. 8(6), 1027–1037 (2013)

    Article  Google Scholar 

  11. Ferreira, J., Oliveira, A., Fonseca, P., Fonseca, JA.: An experiment to assess bit error rate in CAN. In: Proceedings of 3rd International Workshop of Real-Time Networks (RTN2004), pp. 15–18 (2004)

  12. Groza, B., Murvay, P.S.: Security solutions for the controller area network: bringing authentication to in-vehicle networks. IEEE Vehicul. Technol. Mag. 13(1), 40–47 (2018)

    Article  Google Scholar 

  13. Groza, B., Popa, L., Murvay, P.: TRICKS-time triggered covert key sharing for controller area networks. IEEE Access 7, 104294–104307 (2019)

    Article  Google Scholar 

  14. Groza, B., Popa, L., Murvay, P.S.: INCANTA-intrusion detection in controller area networks with time-covert authentication. Security and Safety Interplay of Intelligent Software Systems, pp. 94–110. Springer International Publishing, Cham (2019)

    Chapter  Google Scholar 

  15. Groza, B., Popa, L., Murvay, P.S.: Canto-covert authentication with timing channels over optimized traffic flows for can. IEEE Trans. Inf. Foren. Secur. 16, 601–616 (2021). https://doi.org/10.1109/TIFS.2020.3017892

  16. Guerrieri, L., Masera, G., Stievano, I.S., Bisaglia, P., Garcia Valverde, W.R., Concolato, M.: Automotive power-line communication channels: mathematical characterization and hardware emulator. IEEE Trans. Ind. Electron. 63(5), 3081–3090 (2016)

    Article  Google Scholar 

  17. Han, J., Lin, YH., Perrig, A., Bai, F.: Short paper: Mvsec: secure and easy-to-use pairing of mobile devices with vehicles. In: Proceedings of the 2014 ACM conference on Security and privacy in wireless & mobile networks, pp. 51–56 (2014)

  18. Van den Herrewegen, J., Garcia, F.D.: Beneath the bonnet: a breakdown of diagnostic security. Computer Security, pp. 305–324. Springer International Publishing, Cham (2018)

    Chapter  Google Scholar 

  19. Hussain, R., Kim, D., Tokuta, AO., Melikyan, HM., Oh, H.: Covert communication based privacy preservation in mobile vehicular networks. In: MILCOM 2015- 2015 IEEE Military Communications Conference, pp. 55–60 (2015)

  20. ISO: 11898-1-Road vehicles-Controller area network (CAN)-Part 1: Data link layer and physical signalling. Technical report, International Organization for Standardization (2003a)

  21. ISO: 11898–2, Road vehicles Controller area network (CAN) Part 2: High-speed medium access unit. Technical report, International Organization for Standardization (2003b)

  22. ISO: 11898–3, Road vehicles Controller area network (CAN) Part 3: Part 3: Low-speed, fault-tolerant, medium-dependent interface. Technical report, International Organization for Standardization (2006)

  23. Jain, S., Wang, Q., Arafin ,MT., Guajardo, J.: Probing attacks on physical layer key agreement for automotive controller area networks. In: 2018 Asian Hardware Oriented Security and Trust Symposium (AsianHOST), pp. 7–12 (2018)

  24. Jousse, J., Ginot, N., Batard, C., Lemaire, E.: Power line communication management of battery energy storage in a small-scale autonomous photovoltaic system. IEEE Trans. Smart Grid 8(5), 2129–2137 (2017)

    Article  Google Scholar 

  25. Koscher, K., Czeskis, A., Roesner, F., Patel, S., Kohno, T., Checkoway, S., McCoy, D., Kantor, B., Anderson, D., Shacham, H., et al.: (2010) Experimental security analysis of a modern automobile. In: IEEE Symposium on Security and Privacy (SP), pp. 447–462. IEEE (2010)

  26. Liu, Y., Ghosal, D., Armknecht, F., Sadeghi, AR., Schulz, S., Katzenbeisser, S.: Hide and seek in time-robust covert timing channels. In: European Symposium on Research in Computer Security, Springer, pp. 120–135 (2009)

  27. Lodi, GA., Ott, A., Cheema, SA., Haardt, M., Freitag, T.: Power Line Communication in automotive harness on the example of Local Interconnect Network. In: International Symposium on Power Line Communications and its Applications (ISPLC), pp. 212–217 (2016)

  28. Miller, C., Valasek, C.: Remote exploitation of an unaltered passenger vehicle. Black Hat USA 2015, 91 (2015)

    Google Scholar 

  29. Mueller, A., Lothspeich, T.: Plug-and-secure communication for CAN. CAN Newsletter pp. 10–14 (2015)

  30. Pico Technology.: CAN and CAN FD bus decoding. https://www.picotech.com/library/oscilloscopes/can-bus-serial-protocol-decoding. Accessed 20 April 2020(2020)

  31. Robert Bosch GmbH.: Can specification, version 2.0 (1991)

  32. Rowan, S., Clear, M., Gerla, M., Huggard, M., Goldrick, CM.: Securing vehicle to vehicle communications using blockchain through visible light and acoustic side-channels (2017). arXiv preprint arXiv:1704.02553

  33. Strobl, M., Waas, T., Moehne, S., Kucera, M., Rath, A., Balbierer, N., Schingale, A.: Using Ethernet over powerline communication in automotive networks. In: Proceedings of the 10th International Workshop on Intelligent Solutions in Embedded Systems, pp. 39–44 (2012)

  34. Sung, G., Huang, C., Wang, C.: A PLC transceiver design of in-vehicle power line in FlexRay-based automotive communication systems. In: 2012 IEEE International Conference on Consumer Electronics (ICCE), pp. 309–310 (2012)

  35. Tektronix.: Debugging CAN, LIN, and FlexRay Automotive Buses with an Oscilloscope, application note. https://download.tek.com/document/Automotive-Bus_App-Note_55W-61098-3.pdf. Accessed 20 April 2020 (2019)

  36. Wolf, M., Weimerskirch, A., Paar, C.: Security in automotive bus systems. In: Workshop on Embedded Security in Cars (2004)

  37. Ying, X., Bernieri, G., Conti, M., Poovendran, R.: TACAN: transmitter authentication through covert channels in controller area networks. In: Proceedings of the 10th ACM/IEEE International Conference on Cyber-Physical Systems, ICCPS 2019, Montreal, QC, Canada, April 16–18, 2019, pp 23–34 (2019)

  38. Ziermann, T., Wildermann, S., Teich, J.: CAN+: A new backward-compatible Controller Area Network (CAN) protocol with up to 16x higher data rates. In: Proceedings of the Conference on Design, Automation and Test in Europe, European Design and Automation Association, pp. 1088–1093 (2009)

Download references

Author information

Authors and Affiliations

  1. The Department of Automation and Applied Informatics, Politehnica University of Timisoara, Timisoara, Romania

    Pal-Stefan Murvay, Lucian Popa & Bogdan Groza

Authors
  1. Pal-Stefan Murvay
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Lucian Popa
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Bogdan Groza
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Pal-Stefan Murvay.

Ethics declarations

Conflicts of interest:

The authors declare that they have no conflict of interest.

Funding:

This work was supported by a grant of Ministry of Research and Innovation, CNCS-UEFISCDI, Project Number PN-III-P1-1.1-TE-2016-1317, within PNCDI III (2018-2020).

Ethical approval:

This article does not contain any studies with human participants or animals performed by any of the authors.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Murvay, PS., Popa, L. & Groza, B. Securing the controller area network with covert voltage channels. Int. J. Inf. Secur. 20, 817–831 (2021). https://doi.org/10.1007/s10207-020-00532-5

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10207-020-00532-5

Keywords

Search

Navigation