Journal of the Korea Institute of Information Security & Cryptology (정보보호학회논문지)

Korea Institute of Information Security and Cryptology (한국정보보호학회)
권호 표지
DOI QR코드

DOI QR Code

Checksum Signals Identification in CAN Messages

CAN 통신 메시지 내의 Checksum Signal 식별 방법 연구

  • Gyeongyeon Lee (Korea University) ;
  • Hyunghoon Kim (Yonsei University) ;
  • Dong Hoon Lee (Korea University) ;
  • Wonsuk Choi (Korea University)
  • 이경연 (고려대학교) ;
  • 김형훈 (연세대학교) ;
  • 이동훈 (고려대학교) ;
  • 최원석 (고려대학교)
  • Received : 2024.06.24
  • Accepted : 2024.07.18
  • Published : 2024.08.31
Download PDF
⟨ Previous Next ⟩

Abstract

Recently, modern vehicles have been controlled by Electronic Control Units (ECUs), by which the safety and convenience of drivers are highly improved. It is known that a luxury vehicle has more than 100 ECUs to electronically control its function. However, the modern vehicles are getting targeted by cyber attacks because of this computer-based automotive system. To address the cyber attacks, automotive manufacturers have been developing some methods for securing their vehicles, such as automotive Intrusion Detection System (IDS). This development is only allowed to the automotive manufacturers because they have databases for their in-vehicle network (i.e., DBC Format File) which are highly confidential. This confidentiality poses a significant challenge to external researchers who attempt to conduct automotive security researches. To handle this restricted information, in this paper, we propose a method to partially understand the DBC Format File by analyzing in-vehicle network traffics. Our method is designed to analyze Controller Area Network (CAN) traffics so that checksum signals are identified in CAN Frame Data Field. Also, our method creates a Lookup Set by which a checksum signal is correctly estimated for a given message. We validate our method with the publicly accessible dataset as well as one from a real vehicle.

현대의 자동차는 ECU(Electronic Control Unit)를 통해 전자적으로 제어되면서 운전자에게 안전성과 편의성을 제공해준다. 고급 자동차의 경우 100개 이상의 ECU가 탑재되어 있는 것으로 알려져 있다. 그러나 이러한 컴퓨터 기반의 차량 시스템은 자동차를 사이버 공격에 취약하게 만든다. 이에 대응하여 자동차 제조회사들은 차량용 침입 탐지 시스템 (Intrusion Detection System, IDS)과 같은 보안 기술을 개발하고 있다. 자동차 제조회사들만이 자동차 보안 기술을 개발할 수 있는데, 그 이유는 이들만이 차량 내부 네트워크에 대한 데이터베이스(DBC Format File)를 가지고 있으며 이를 기밀로 유지하고 있기 때문이다. 그러나 외부 연구기관들은 DBC Format File과 같은 데이터베이스에 접근할 수 없어 자동차 보안 연구에 어려움을 겪고 있다. 따라서 본 논문에서는 제한된 정보에 따른 한계를 극복하기 위해 차량 내부 네트워크를 분석하여 DBC Format File을 부분적으로 식별할 수 있는 방법을 제안한다. 제안하는 기법은 CAN(Controller Area Network) 트래픽을 분석하여 CAN Frame Data Field의 Signal 중 Checksum Signal의 비트 위치를 식별하고, Lookup Set을 생성해 Checksum값을 계산한다. 더불어 실제 차량에서 수집한 데이터와 공개된 데이터셋으로 해당 방법을 검증하였다.

Keywords

Acknowledgement

이 논문은 2024년 정부(방위사업청)의 재원으로 국방과학연구소의 지원을 받아 수행된 연구임(UI2200575D*)

References

  1. Karl Koscher, Alexei Czeskis, Franziska Roesner, Shwetak Patel, and Tadayoshi Kohno, "Experimental Security Analysis of a Modern Automobile," in Proceedings of the 2010 IEEE Symposium on Security and Privacy, pp. 447-462, May. 2010
  2. Wired, "Hackers remotely kill a jeep on the highway-with me in it," https://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/, June. 2024
  3. UNECE, "ECE/TRANS/WP.29/2020/79 REVISED," https://unece.org/fileadmin/DAM/trans/doc/2020/wp29grva/ECE-TRANS-WP29-2020-079-Revised.pdf, June. 2024
  4. GitHub, "opendbc," https://github.com/commaai/opendbc, June 2024
  5. S. Checkoway, D. McCoy, B. Kantor, D. Anderson, H. Shacham, and S. Savage, "Comprehensive experimental analyses of automotive attack surfaces," in Proc. USENIX Secur. Symp., San Francisco, CA, USA, pp. 1-16, Aug. 2011
  6. I. Foster, A. Prudhomme, K. Koscher, and S. Savage, "Fast and vulnerable: A story of telematic failures," inProc.9th USENIX Workshop Offensive Technol., pp. 1-9, Aug. 2015
  7. T. Hoppe, S. Kiltz, and J. Dittmann, "Security threats to automotive can networks-Practical examples and selected short-term countermeasures," in Proc. Int. Conf. Comput. Safety, Rel., Secur., pp. 235-248, Sep. 2008
  8. M. Muter and N. Asaj, "Entropy-based anomaly detection for in vehicle networks," in Proc. IEEE Intell. Vehicles Symp. (4), pp. 1110-1115, Jun. 2011
  9. M. Muter, A. Groll, and F. C. Freiling, "A structured approach to anomaly detection for in-vehicle networks," in Proc. 6th Int. Conf. Inf. Assurance Secur. (IAS), pp. 92-98, Aug. 2010
  10. K.-T. Cho and K. G. Shin, "Fingerprinting electronic control units for vehicle intrusion detection," in Proc. 25th USENIX Secur. Symp., pp. 911-927, Aug. 2016
  11. W. Choi, H. J. Jo, S. Woo, J. Y. Chun, J. Park, and D. H. Lee, "Identifying ECUs using inimitable characteristics of signals in controller area networks," in IEEE Transactions on Vehicular Technology, vol. 67, no. 6, pp. 4757-4770, June. 2018
  12. P.-S. Murvay and B. Groza, "Source identification using signal characteristics in controller area networks," IEEE Signal Process. Lett., vol. 21, no. 4, pp. 395-399, Apr. 2014.
  13. W. Choi, K. Joo, H. J. Jo, M. C. Park and D. H. Lee, "VoltageIDS: Low-Level Communication Characteristics for Automotive Intrusion Detection System," in IEEE Transactions on Information Forensics and Security, vol. 13, no. 8, pp. 2114-2129, Aug. 2018
  14. S. U. Sagong, X. Ying, A. Clark, L. Bushnell and R. Poovendran, "Cloaking the Clock: Emulating Clock Skew in Controller Area Networks," ACM/IEEE 9th International Conference on Cyber-Physical Systems (ICCPS), pp. 32-42, Apr. 2018
  15. M. Marchetti and D. Stabili, "Read: Reverse engineering of automotive data frames," IEEE Trans. Inf. Forensics Secur., vol. 14, no. 4, pp. 1083-1097, Apr. 2019.
  16. W. Choi, S. Lee, K. Joo, H. J. Jo and D. H. Lee, "An Enhanced Method for Reverse Engineering CAN Data Payload," in IEEE Transactions on Vehicular Technology, vol. 70, no. 4, pp. 3371-3381, Apr. 2021
  17. X. Lin, B. Ma, X. Wang, Y. He, R. P.Liu and W. Ni, "Multi-layer Reverse Engineering System for Vehicular Controller Area Network Messages," IEEE 25th International Conference on Computer Supported Cooperative Work in Design (CSCWD), pp.1185-1190, May. 2022
  18. Vector, "DBC File Format Documentation," http://mcu.so/Microcontroller/Automotive/DBC_File_Format_Documentation.pdf, June. 2024
  19. HCRL, "Car-Hacking Dataset," https://ocslab.hksecurity.net/Datasets/car-hacking-dataset, June. 2024
  20. H. Kim, Y. Jeong, W. Choi, and H. J. Jo, "An Efficient ECU Analysis Technology through Non-Random CAN Fuzzing," Journal of the Korea Institute of Information Security & Cryptology, 30(6), pp. 1115-1130, Dec. 2020