Litcius/Paper detail

<i>CANeleon</i>: Protecting CAN Bus With Frame ID Chameleon

Kun Cheng, Yuebin Bai, Yuan Zhou, Yun Tang, David Sanán, Yang Liu

2020IEEE Transactions on Vehicular Technology25 citationsDOI

Abstract

The Controller Area Network (CAN) has been widely used in the automotive and industrial automation for over two decades. However, due to the lack of security mechanisms, CAN is vulnerable to attacks. In this paper, we propose a novel protection scheme called CANeleon. It can defend CAN against a smart attacker who might inject malicious frames with legitimate frame IDs, which cannot be mitigated by existing countermeasures. Inspired by the idea of moving target defense technologies, CANeleon equips each legitimate CAN node with the ability to shift the spoofed frame ID. In this way, the IDs of malicious frames are exposed and can be further filtered by legitimate nodes. Moreover, CANeleon neither inserts new information to the frame, nor requires any modification to the CAN protocol, so it is in compliance with the existing standards. CANeleon is a decentralized mechanism guaranteeing that the protection could be done simultaneously without additional communication. Experiments on a CAN bus prototype and a real self-driving vehicle prove the effectiveness of CANeleon.

Topics & Concepts

Frame (networking)CAN busComputer scienceScheme (mathematics)Spoofing attackComputer securityComputer networkNode (physics)Protocol (science)Automotive industryEmbedded systemEngineeringMathematicsPathologyMathematical analysisStructural engineeringAerospace engineeringMedicineAlternative medicineVehicular Ad Hoc Networks (VANETs)Security and Verification in ComputingCryptographic Implementations and Security
<i>CANeleon</i>: Protecting CAN Bus With Frame ID Chameleon | Litcius