IDH-CAN: A Hardware-Based ID Hopping CAN Mechanism With Enhanced Security for Automotive Real-Time Applications

IDH-CAN: A Hardware-Based ID Hopping CAN Mechanism With Enhanced Security for Automotive Real-Time Applications

Cybersecurity is increasingly important for the safety and reliability of autonomous vehicles. The controller area network (CAN) is the most widely used in-vehicle network for automotive safety-critical applications. Enhancing the cybersecurity ability of CAN while considering the real-time, schedul...

Full description

Bibliographic Details
Main Authors: Wufei Wu, Ryo Kurachi, Gang Zeng, Yutaka Matsubara, Hiroaki Takada, Renfa Li, Keqin Li
Format: Article
Language:English
Published: IEEE 2018-01-01
Series:IEEE Access
Subjects:
Controller area network (CAN)
cybersecurity
ID hopping
information entropy
in-vehicle network
real-time
Online Access:https://ieeexplore.ieee.org/document/8466772/
id doaj-32e9ee36b4f54e68a60fd43655edb7c9
record_format Article
spelling doaj-32e9ee36b4f54e68a60fd43655edb7c92021-03-29T21:14:32ZengIEEEIEEE Access2169-35362018-01-016546075462310.1109/ACCESS.2018.28706958466772IDH-CAN: A Hardware-Based ID Hopping CAN Mechanism With Enhanced Security for Automotive Real-Time ApplicationsWufei Wu0https://orcid.org/0000-0002-8209-1756Ryo Kurachi1Gang Zeng2Yutaka Matsubara3Hiroaki Takada4Renfa Li5Keqin Li6https://orcid.org/0000-0001-5224-4048College of Computer Science and Electronic Engineering, Hunan University, Changsha, ChinaGraduate School of Informatics, Nagoya University, Nagoya, JapanGraduate School of Informatics, Nagoya University, Nagoya, JapanGraduate School of Informatics, Nagoya University, Nagoya, JapanGraduate School of Informatics, Nagoya University, Nagoya, JapanCollege of Computer Science and Electronic Engineering, Hunan University, Changsha, ChinaCollege of Computer Science and Electronic Engineering, Hunan University, Changsha, ChinaCybersecurity is increasingly important for the safety and reliability of autonomous vehicles. The controller area network (CAN) is the most widely used in-vehicle network for automotive safety-critical applications. Enhancing the cybersecurity ability of CAN while considering the real-time, schedulability, and cost constraints becomes an urgent issue. To address this problem, a real-time, and schedulability analysis-guaranteed security mechanism [identification hopping CAN (IDH-CAN)] is proposed in this paper, which aims to improve the security performance of CAN under the constraints of automotive real-time applications. In order to support the operation of the IDH-CAN mechanism, an IDH-CAN controller is also designed and implemented on a field-programmable gate array, which can work as a hardware firewall in the data link layer of CAN to isolate cyberattacks from the physical layer. Meanwhile, to maximize the information entropy of the CAN message ID on the physical layer, the ID hopping table generation and optimization algorithms for IDH-CAN are also proposed. Then, information security evaluation experiments based on information entropy comparison are deployed. The simulation and practical evaluations demonstrate the effectiveness of the proposed mechanism in defending reverse engineering, targeted denial of service, and replay attacks without violating real-time and schedulability constraints.https://ieeexplore.ieee.org/document/8466772/Controller area network (CAN)cybersecurityID hoppinginformation entropyin-vehicle networkreal-time
collection DOAJ
language English
format Article
sources DOAJ
author Wufei Wu
Ryo Kurachi
Gang Zeng
Yutaka Matsubara
Hiroaki Takada
Renfa Li
Keqin Li
spellingShingle Wufei Wu
Ryo Kurachi
Gang Zeng
Yutaka Matsubara
Hiroaki Takada
Renfa Li
Keqin Li
IDH-CAN: A Hardware-Based ID Hopping CAN Mechanism With Enhanced Security for Automotive Real-Time Applications
IEEE Access
Controller area network (CAN)
cybersecurity
ID hopping
information entropy
in-vehicle network
real-time
author_facet Wufei Wu
Ryo Kurachi
Gang Zeng
Yutaka Matsubara
Hiroaki Takada
Renfa Li
Keqin Li
author_sort Wufei Wu
title IDH-CAN: A Hardware-Based ID Hopping CAN Mechanism With Enhanced Security for Automotive Real-Time Applications
title_short IDH-CAN: A Hardware-Based ID Hopping CAN Mechanism With Enhanced Security for Automotive Real-Time Applications
title_full IDH-CAN: A Hardware-Based ID Hopping CAN Mechanism With Enhanced Security for Automotive Real-Time Applications
title_fullStr IDH-CAN: A Hardware-Based ID Hopping CAN Mechanism With Enhanced Security for Automotive Real-Time Applications
title_full_unstemmed IDH-CAN: A Hardware-Based ID Hopping CAN Mechanism With Enhanced Security for Automotive Real-Time Applications
title_sort idh-can: a hardware-based id hopping can mechanism with enhanced security for automotive real-time applications
publisher IEEE
series IEEE Access
issn 2169-3536
publishDate 2018-01-01
description Cybersecurity is increasingly important for the safety and reliability of autonomous vehicles. The controller area network (CAN) is the most widely used in-vehicle network for automotive safety-critical applications. Enhancing the cybersecurity ability of CAN while considering the real-time, schedulability, and cost constraints becomes an urgent issue. To address this problem, a real-time, and schedulability analysis-guaranteed security mechanism [identification hopping CAN (IDH-CAN)] is proposed in this paper, which aims to improve the security performance of CAN under the constraints of automotive real-time applications. In order to support the operation of the IDH-CAN mechanism, an IDH-CAN controller is also designed and implemented on a field-programmable gate array, which can work as a hardware firewall in the data link layer of CAN to isolate cyberattacks from the physical layer. Meanwhile, to maximize the information entropy of the CAN message ID on the physical layer, the ID hopping table generation and optimization algorithms for IDH-CAN are also proposed. Then, information security evaluation experiments based on information entropy comparison are deployed. The simulation and practical evaluations demonstrate the effectiveness of the proposed mechanism in defending reverse engineering, targeted denial of service, and replay attacks without violating real-time and schedulability constraints.
topic Controller area network (CAN)
cybersecurity
ID hopping
information entropy
in-vehicle network
real-time
url https://ieeexplore.ieee.org/document/8466772/
work_keys_str_mv AT wufeiwu idhcanahardwarebasedidhoppingcanmechanismwithenhancedsecurityforautomotiverealtimeapplications
AT ryokurachi idhcanahardwarebasedidhoppingcanmechanismwithenhancedsecurityforautomotiverealtimeapplications
AT gangzeng idhcanahardwarebasedidhoppingcanmechanismwithenhancedsecurityforautomotiverealtimeapplications
AT yutakamatsubara idhcanahardwarebasedidhoppingcanmechanismwithenhancedsecurityforautomotiverealtimeapplications
AT hiroakitakada idhcanahardwarebasedidhoppingcanmechanismwithenhancedsecurityforautomotiverealtimeapplications
AT renfali idhcanahardwarebasedidhoppingcanmechanismwithenhancedsecurityforautomotiverealtimeapplications
AT keqinli idhcanahardwarebasedidhoppingcanmechanismwithenhancedsecurityforautomotiverealtimeapplications
_version_ 1724193285742788608

Similar Items