Browse > Article
http://dx.doi.org/10.9708/jksci.2013.18.11.039

Studies of the possibility of external threats of the automotive ECU through simulation test environment  

Lee, Hye-Ryun (Dept. of Computer Science, Ajou University)
Kim, Kyoung-Jin (Dept. of Electronic Science, Ajou University)
Jung, Gi-Hyun (Dept. of Electronic Science, Ajou University)
Choi, Kyung-Hee (Dept. of Computer Science, Ajou University)
Park, Seung-Kyu (Dept. of Software Convergence Technology, Ajou University)
Kwon, Do-Keun (Dept. of Electronic Science, Ajou University, The attached institute of ETRI)
Publication Information
Journal of the Korea Society of Computer and Information / v.18, no.11, 2013 , pp. 39-49 More about this Journal
Abstract
In this paper, security mechanism of internal network(CAN) of vehicle is a very incomplete state and the possibility of external threats as a way to build a test environment that you can easily buy from the market by the vehicle's ECU(Electric Control Unit) to verify and obtain a CAN message. Then, by applying it to ECU of the real car to try to attack is proposed. A recent study, Anyone can see plain-text status of the CAN message in the vehicle. so that in order to verify the information is vulnerable to attack from outside, analyze the data in a vehicle has had a successful attack, but attack to reverse engineering in the stationary state and buying a car should attempt has disadvantages that spatial, financial, and time costs occurs. Found through the car's ECU CAN message is applied to a real car for Potential threats outside of the car to perform an experiment to verify and equipped with a wireless network environment, the experimental results, proposed method through in the car to make sure the attack is possible. As a result, reduce the costs incurred in previous studies and in the information absence state of the car, potential of vehicle's ECU attack looks.
Keywords
ECU; security; vehicle attack; CAN message;
Citations & Related Records
Times Cited By KSCI : 1  (Citation Analysis)
연도 인용수 순위
1 D. K. Nilsson, U. E. Larson, and E. Jonsson, "Efficient In-Vehicle Delayed Data Authentication Based on Compound Message Authentication Codes," in Proceedings of the 68th IEEE Vehicular Technology Conference 2008(VTC 2008-Fall), pp. 1-5, Sep. 2008.
2 Marko Wolf, Andr'e Weimerskirch, Christof Paar, "security in automotive bus systems," In Proceedings of the Workshop on Embedded Security in Cars 2004, pp.1-13, 2004.
3 Karl Koscher, Alexei Czeskis, Franziska Roesner, "Experimental Security Analysis of a Modern Automobile," IEEE Symposium on Security and Privacy, pp.447 - 462, May. 2010.
4 content of Car hacking, http://www.etnews.com/news/international/251094 6_1496.html
5 McAfee Report on Automotive Systems Finds Prevelant Lack of Security in Today's Vehicles, "Partners with Wind River and ESCRYPT to Provide Analysis of Emerging Risks in Automotive Embedded Systems"
6 Gang-seok Kim, "Vehicle ECU through CAN communication from eavesdropping and manipulation of the analysis of the possibility of external threats," Korea University, 2011
7 T. Hoppe and J. Dittman, "Sniffing/Replay Attacks on CAN buses: A simulated attack on the electric window lift classified using an adapted CERT taxonomy," in Proceedings of the 2nd Workshop on Embedded Systems Security(WESS), pp.1-6, Oct. 2007.
8 Tobias Hoppe, Stefan Kiltz, Andreas Lang, Jana Dittmann, "Exemplary Automotive Attack Scenarios - Trojan Horses for Electronic Throttle Control System (ETC) and Replay Attacks on the Power Window System, Automotive Security," VDI reports
9 S. Checkoway, D. McCoy, B. Kantor, D. Anderson, H. Shacham, S. Savage, K. Koscher, A. Czeskis, F. Roesner, and T. Kohno, "Comprehensive experimental analyses of automotive attack surfaces," in Proceeding of SEC'11 Proceedings of the 20th USENIX conference on Security, pp.1-16, 2011.
10 I. Rouf, R. Miller, H. Mustafa, T. Taylor, S. Oh, W. Xu, M. Gruteser, W. Trappe, and I. Seskar. "Security and privacy vulnerabilities of in-car wireless networks: A tire pressure monitoring system case study," In USENIX Security 2010, pp. 323-338, Aug. 2010.
11 S. Bono, M. Green, A. Stubblefield, A. Juels, A. Rubin, and M. Szydlo, "Security analysis of a cryptographically-enabled RFID device," in Proceeding of SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium, pp. 1-15. 2005
12 Thomas Eisenbarth, Timo Kasper, Amir Moradi, Christof Paar, Mahmoud Salmasizadeh, Mohammad T. Manzuri Shalmani, "On the power of power analysis in the real world: a complete break of the KEELOQ code hopping scheme," in Proceeding of the 28th International Cryptology Conference-CRYPTO 2008, pp.203-220, Aug. 2008.
13 Irshad Ahmed Sumra, Iftikhar Ahmad, Halabi Hasbullah, Jamalul-lail bin Ab Manan "Classes of attacks in VANET," in Proceedings of Electronics, Communications and Photonics Conference(SIECPC), 2011 Saudi International, pp.1-5, April. 2011.
14 Search for ECU pin numbers, http://www.globalserviceway.com/
15 Xiao Ni, Weiren Shi, Victor Foo Siang Fook, "AES Security Protocol Implementation for Automobile Remote Keyless System," in Proceedings of the 65th IEEE Vehicular Technology Conference 2007(VTC2007-Spring). pp.2526-2529, April 2007.
16 Hye-ryun Lee, Kyoung-jin Kim, Gi-hyun Jung, Kyung-hee Choi, "Research of generate a test case to verify the possibility of external threat of the automotive ECU," The Korea Society of Computer and Information, pp21-31, Sep. 2013.   과학기술학회마을   DOI   ScienceOn