Review of the Security of Backward-Compatible Automotive Inter-ECU Communication
It addresses security vulnerabilities in automotive communication for vehicle manufacturers and researchers, but is incremental as it reviews and builds on prior work.
This paper systematically reviews security threats and countermeasures for the CAN bus protocol in vehicles, highlighting limitations of existing measures and proposing a simple, cost-effective solution to defend against packet injection and denial-of-service attacks.
Advanced electronic units inside modern vehicles have enhanced the driving experience, but also introduced a myriad of security problems due to the inherent limitations of the internal communication protocol. In the last two decades, a number of security threats have been identified and accordingly, security measures have been proposed. While a large body of research on the vehicular security domain is focused on exposing vulnerabilities and proposing counter measures, there is an apparent paucity of research aimed at reviewing existing works on automotive security and at extracting insights. This paper provides a systematic review of security threats and countermeasures for the ubiquitous CAN bus communication protocol. It further exposes the limitations of the existing security measures, and discusses a seemingly-overlooked, simple, cost-effective and incrementally deployable solution which can provide a reasonable defense against a major class of packet injection attacks and many denial of service attacks.