Sufficiently Secure Controller Area Network


As automotive security concerns are rising, the Controller Area Network (CAN)—the de facto standard of in-vehicle communication protocol—has come under scrutiny due to its lack of encryption and authentication. Several vulnerabilities, such as eavesdropping, spoofing, and replay attacks, have shown that the current implementation needs to be extended. Both academic and commercial solutions for a secure CAN have been proposed, but OEMs have not yet integrated them into their products. The main reasons for this lack of adoption are their heavy use of limited computational resources in the vehicle, increased latency that can lead to missed deadlines for safety-critical messages, as well as insufficient space available in a CAN frame to include a Message Authentication Code (MAC). By making a trade-off between security and performance, this disclosure overcomes the aforementioned problems of a secure CAN.

Mert D. Pesé
Mert D. Pesé
Assistant Professor

My research interests include automotive security and privacy.