Call For Papers
Contact Us

  State-of-the-Art Survey on In-Vehicle Network Communication “CAN-Bus” Security and Vulnerabilities  
  Authors : Omid Avatefipour; Hafiz Malik
  Cite as:


Nowadays with the help of advanced technology, modern vehicles are not only made up of mechanical devices but also consist of highly complex electronic devices and connections to the outside world. There are around 70 Electronic Control Units (ECUs) in modern vehicle which are communicating with each other over the standard communication protocol known as Controller Area Network (CAN-Bus) that provides the communication rate up to 1Mbps. There are different types of in-vehicle network protocol and bus system namely Controlled Area Network (CAN), Local Interconnected Network (LIN), Media Oriented System Transport (MOST), and FlexRay. Even though CAN-Bus is considered as de-facto standard for in-vehicle network communication, it inherently lacks the fundamental security features by design like message authentication. This security limitation has paved the way for adversaries to penetrate into the vehicle network and do malicious activities which can pose a dangerous situation for both driver and passengers. In particular, nowadays vehicular networks are not only closed systems, but also they are open to different external interfaces namely Bluetooth, GPS, to the outside world. Therefore, it creates new opportunities for attackers to remotely take full control of the vehicle. The objective of this research is to survey the current limitations of CAN-Bus protocol in terms of secure communication and different solutions that researchers in the society of automotive have provided to overcome the CAN-Bus limitation on different layers.


Published In : IJCSN Journal Volume 6, Issue 6

Date of Publication : December 2017

Pages : 720-727

Figures :05

Tables : 01


Omid Avatefipour : is currently pursuing his Master’s program in Computer Engineering at University of Michigan-Dearborn. His research interests include in-vehicle network communication protocol security, Embedded Systems, Data mining, Intelligent Control systems and Robotics. He has work experience at Vector CANTech company as Embedded Software Engineer and at Valeo North Amercia company as System Software Engineering in Advanced Engineering Research & Development department. He has also worked as researcher in Information System, Security, and Forensics (ISSF) laboratory at Department of Electrical and Computer Engineering (ECE), University of Michigan – Dearborn. Additionally, he was working as primary researcher in the laboratory of Control and Robotics at institute of Advanced Science and Technology, IRAN SSP Research & Development center.

Hafiz Malik : is Associate Processor in the Electrical and Computer Engineering (ECE) Department at University of Michigan – Dearborn. His research in cybersecurity, multimedia forensics, information security, wireless sensor networks, steganography/steganalysis, pattern recognition, information fusion, and biometric security is funded by the National Academies, National Science Foundation and other agencies. He has published more than 70 papers in leading journals, conferences, and workshops. He is serving as Associate Editor for the IEEE Transactions on Information Forensics and Security since August 2014 and for the Springer Journal of Signal, Image, and Video Processing (SIVP) May 2013 – present. He is also on the Review Board Committee of IEEE Technical Committee on Multimedia Communications (MMTC). He organized Special Track on Doctoral Dissertation in Multimedia, in the 6th IEEE International Symposium on Multimedia (ISM) 2006. He is also organizing a special session on “Data Mining in Industrial Applications” within the IEEE Symposium Series on Computational Intelligence (IEEE SSCI) 2013. He is serving as vice chair of IEEE SEM, Chapter 16 since 2011. He is also serving on several technical program committees, including the IEEE AVSS, ICME ICIP, MINES, ISPA, CCNC, ICASSP, and ICC. He is a senior IEEE member.


CAN-Bus protocol, CAN-Bus Vulnerabilities, In-vehicle Network Communication, CAN-Bus Security

In this study, in-vehicle network communication protocol CAN-Bus and its corresponding vulnerabilities are introduced. Several researchers have performed to show its corresponding weaknesses in terms of penetrations to the network. Although some researchers proposed security solutions for the current protocol, most of the work in this area are carried out to introduce the current problems and their solutions are not comprehensive. Developing security solution in physical layer security would have more merits compared to transfer layer because one of the challenges for developing security mechanism in the transfer layer (applying message authentication code) is the limitation of computational power and memory of the microcontrollers which could be insufficient to develop a cryptographic algorithm for CAN-Bus in real-time environment. Vehicles are being revolutionized by integrating modern computing and communication technologies in order to improve both user experience and driving safety. As a result, vehicular systems that used to be closed systems are opening up various interfaces, such as Bluetooth, 3G/4G, GPS, etc., to the outside world.


[1] CAN-Bus Specifications Rep. Robert Bosch GmbH. Postfach 50, D-7000. Stuttgart 1Print. [2] Kaiser, J., & Mock, M. (1999). Implementing the realtime publisher/subscriber model on the controller area network (CAN). In Object-Oriented Real-Time Distributed Computing, 1999.(ISORC'99) Proceedings. 2nd IEEE International Symposium on (pp. 172-181). IEEE. [3] Hafeez, A., Malik, H., Avatefipour, O., Rongali, P. et al., "Comparative Study of CAN-Bus and FlexRay Protocols for In-Vehicle Communication," SAE Technical Paper 2017-01-0017, 2017. [4] Corrigan, Steve. Introduction to the Controller Area Network (CAN). Rep. Texas Instrument. Print. [5] Farsi, M., Ratcliff, K., & Barbosa, M. (1999). An overview of controller area network. Computing & Control Engineering Journal, 10(3), 113-120. [6] Hesse, Scott, William Nicolay, Hugh Adamson, and John McDermid. "Can bus router for building automation systems." U.S. Patent Application 11/216,685, filed August 31, 2005. [7] Ran, P., Wang, B., & Wang, W. (2008, April). The design of communication convertor based on CAN bus. In Industrial Technology, 2008. ICIT 2008. IEEE International Conference on (pp. 1-5). IEEE. [8] Shavit, M., Gryc, A., & Miucic, R. (2007). Firmware update over the air (FOTA) for automotive industry (No. 2007-01-3523). SAE Technical Paper. [9] Tindell, K., & Burns, A. (1994, September). Guaranteeing message latencies on control area network (CAN). In Proceedings of the 1st International CAN Conference. Citeseer. [10] Stallings, W., & Tahiliani, M. P. (2014). Cryptography and network security: principles and practice (Vol. 6). London: Pearson. [11] Nilsson, D. K., Larson, U. E., Picasso, F., & Jonsson, E. (2009). A first simulation of attacks in the automotive network communications protocol flexray. In Proceedings of the International Workshop on Computational Intelligence in Security for Information Systems CISIS’08 (pp. 84-91). Springer, Berlin, Heidelberg. [12] Lin, C. W., & Sangiovanni-Vincentelli, A. (2012, December). Cyber-security for the Controller Area Network (CAN) communication protocol. In Cyber Security (CyberSecurity), 2012 International Conference on (pp. 1-7). IEEE. [13] Khalilian, A., Sahamijoo, G., Avatefipour, O., Piltan, F., & Nasrabad, M. R. S. (2014). Design high efficiencyminimum rule base PID like fuzzy computed torque controller. International Journal of Information Technology and Computer Science (IJITCS), 6(7), 77. [14] Khalilian, A., Piltan, F., Avatefipour, O., Nasrabad, M. R. S., & Sahamijoo, G. (2014). Design New Online Tuning Intelligent Chattering Free Fuzzy Compensator. International Journal of Intelligent Systems and Applications, 6(9), 75. [15] Sahamijoo, G., Avatefipour, O., Nasrabad, M. R. S., Taghavi, M., & Piltan, F. (2015). Research on minimum intelligent unit for flexible robot. International Journal of Advanced Science and Technology, 80, 79-104. [16] Sinclair, C., Pierce, L., & Matzner, S. (1999). An application of machine learning to network intrusion detection. In Computer Security Applications Conference, 1999.(ACSAC'99) Proceedings. 15th Annual (pp. 371-377). IEEE. [17] Avatefipour, O., Hafeez, A., Tayyab, M., & Malik, H. (2017). Linking Received Packet to the Transmitter Through Physical-Fingerprinting of Controller Area Network . Information Forensics and Security (WIFS Conference, Rennes, France. [18] Shon, T., Kim, Y., Lee, C., & Moon, J. (2005, June). A machine learning framework for network anomaly detection using SVM and GA. In Information Assurance Workshop, 2005. IAW'05. Proceedings from the Sixth Annual IEEE SMC (pp. 176-183). IEEE. [19] Mokhtar, M., Piltan, F., Mirshekari, M., Khalilian, A., & Avatefipour, O. (2014). Design minimum rule-base fuzzy inference nonlinear controller for second order nonlinear system. International Journal of Intelligent Systems and Applications, 6(7), 79. [20] Avatefipour, O., Piltan, F., Nasrabad, M. R. S., Sahamijoo, G., & Khalilian, A. (2014). Design New Robust Self Tuning Fuzzy Backstopping Methodology. International Journal of Information Engineering and Electronic Business, 6(1), 49. [21] Shahcheraghi, A., Piltan, F., Mokhtar, M., Avatefipour, O., & Khalilian, A. (2014). Design a Novel SISO Offline Tuning of Modified PID Fuzzy Sliding Mode Controller. International Journal of Information Technology and Computer Science (IJITCS), 6(2), 72. [22] Ramadan, M. N., Al-Khedher, M. A., & Al-Kheder, S. A. (2012). Intelligent anti-theft and tracking system for automobiles. International Journal of Machine Learning and Computing, 2(1), 83. [23] Müter, M., & Asaj, N. (2011, June). Entropy-based anomaly detection for in-vehicle networks. In Intelligent Vehicles Symposium (IV), 2011 IEEE (pp. 1110-1115). IEEE. [24] Müter, M., Groll, A., & Freiling, F. C. (2010, August). A structured approach to anomaly detection for invehicle networks. In Information Assurance and Security (IAS), 2010 Sixth International Conference on (pp. 92-98). IEEE. [25] Narayanan, S. N., Mittal, S., & Joshi, A. (2015). Using data analytics to detect anomalous states in vehicles. arXiv preprint arXiv:1512.08048. [26] Cho, Kyong-Tak, and Kang G. Shin. "Fingerprinting electronic control units for vehicle intrusion detection." 25th USENIX Security Symposium (USENIX Security 16). USENIX Association, 2016. [27] Q. Wang and S. Sawhney, "VeCure: A practical security framework to protect the CAN bus of vehicles," 2014 International Conference on the Internet of Things (IOT), Cambridge, MA, 2014, pp.13-18.doi: 10.1109/IOT.2014.7030108 [28] Experimental security analysis of a modern automobile K Koscher, A Czeskis, F Roesner, S Patel, T Kohno - 2010 IEEE Symposium on Security and Privacy, 2010 [29] Eisenbarth, T. Kasper, A. Moradi, C. Paar, M. Salmasizadeh and M. Manzuri Shalmani. On the power of power analysis in the real world: A complete break of the KeeLoq code hopping scheme. In D. Wagner, editor, Proceedings of Crypto 2008, volume 5157 of LNCS, pages 203–20. Springer-Verlag, Aug. 2008. [30] Hoppe, T., Kiltz, S., & Dittmann, J. (2008). Security threats to automotive CAN networks–practical examples and selected short-term countermeasures. Computer Safety, Reliability, and Security, 235-248.