IVNPROTECT: Isolable and Traceable Lightweight CAN-Bus Kernel-Level Protection for Securing in-Vehicle Communication

Shuji Ohira; Kibrom Araya; Ismail Arai; Kazutoshi Fujikawa

doi:10.5220/0011605300003405

IVNPROTECT: Isolable and Traceable Lightweight CAN-Bus Kernel-Level Protection for Securing in-Vehicle Communication

Shuji Ohira, Kibrom Araya, Ismail Arai, Kazutoshi Fujikawa

2023

Abstract

Cyberattacks on In-Vehicle Networks (IVNs) are becoming the most urgent issue. The Controller Area Network (CAN), one of the IVNs, is a standard protocol for automotive networks. Many researchers have tackled the security issues of CAN, such as the vulnerability of Denial-of-Service (DoS) attacks and impersonation attacks. Though existing methods can prevent DoS attacks, they have problems in deployment cost, isolability of a compromised Electronic Control Unit (ECU), and traceability for the root cause of isolation. Thus, we tackle to prevent DoS attacks on CAN. To solve these problems of the existing methods, we propose an isolable and traceable CAN-bus kernel-level protection called IVNPROTECT. IVNPROTECT can be installed on an ECU, which has a wireless interface, just by the software updating because it is implemented in the CAN-bus kernel driver. We also confirm that our IVNPROTECT can mitigate two types of DoS attacks without distinguishing malicious/benign CAN identifiers. After mitigating DoS attacks, IVNPROTECT isolates a compromised ECU with a security error state mechanism, which handles security errors in IVNPROTECT. And, we evaluate the traceability that an ECU with IVNPROTECT can report warning messages to the other ECUs on the bus even while being forced to send DoS attacks by an attacker. In addition, the overhead of IVNPROTECT is 9.049 µs, so that IVNPROTECT can be installed on insecure ECUs with a slight side-effect.

Download

Paper Citation

in Harvard Style

Ohira S., Araya K., Arai I. and Fujikawa K. (2023). IVNPROTECT: Isolable and Traceable Lightweight CAN-Bus Kernel-Level Protection for Securing in-Vehicle Communication. In Proceedings of the 9th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP, ISBN 978-989-758-624-8, pages 17-28. DOI: 10.5220/0011605300003405

in Bibtex Style

@conference{icissp23,
author={Shuji Ohira and Kibrom Araya and Ismail Arai and Kazutoshi Fujikawa},
title={IVNPROTECT: Isolable and Traceable Lightweight CAN-Bus Kernel-Level Protection for Securing in-Vehicle Communication},
booktitle={Proceedings of the 9th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,},
year={2023},
pages={17-28},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0011605300003405},
isbn={978-989-758-624-8},
}

in EndNote Style

TY - CONF

JO - Proceedings of the 9th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,
TI - IVNPROTECT: Isolable and Traceable Lightweight CAN-Bus Kernel-Level Protection for Securing in-Vehicle Communication
SN - 978-989-758-624-8
AU - Ohira S.
AU - Araya K.
AU - Arai I.
AU - Fujikawa K.
PY - 2023
SP - 17
EP - 28
DO - 10.5220/0011605300003405