Citation: Baek, Y.; Shin, S. CANon:
Lightweight and Practical Cyber-
Attack Detection for Automotive
Controller Area Networks. Sensors
2022, 22, 2636. https://doi.org/
10.3390/s22072636
Academic Editors: Alexios Mylonas,
Nikolaos Pitropakis and Omprakash
Kaiwartya
Received: 16 February 2022
Accepted: 25 March 2022
Published: 29 March 2022
Publisher’s Note: MDPI stays neutral
with regard to jurisdictional claims in
published maps and institutional affil-
iations.
Copyright: © 2022 by the authors.
Licensee MDPI, Basel, Switzerland.
This article is an open access article
distributed under the terms and
conditions of the Creative Commons
Attribution (CC BY) license (https://
creativecommons.org/licenses/by/
4.0/).
Article
CANon: Lightweight and Practical Cyber-Attack Detection for
Automotive Controller Area Networks
Youngmi Baek
1,
* and Seongjoo Shin
2
1
Department of Computer Software Engineering, Changshin University, Changwon 51352, Korea
2
Resilient CPS Research Center, DGIST, Daegu 42988, Korea; sj_shin@digst.ac.kr
* Correspondence: ymbaek@cs.ac.kr; Tel.: +82-55-250-1314
Abstract:
Automotive cyber-physical systems are in transition from the closed-systems to open-
networking systems. As a result, in-vehicle networks such as the controller area network (CAN) have
become essential to connect to inter-vehicle networks through the various rich interfaces. Newly
exposed security concerns derived from this requirement may cause in-vehicle networks to pose
threats to automotive security and driver’s safety. In this paper, to ensure a high level of security
of the in-vehicle network for automotive CPS, we propose a novel lightweight and practical cyber
defense platform, referred to as CANon (CAN with origin authentication and non-repudiation), to be
enabled to detect cyber-attacks in real-time. CANon is designed based on the hierarchical approach
of centralized-session management and distributed-origin authentication. In the former, a gateway
node manages each initialization vector and session of origin-centric groups consisting of two more
sending and receiving nodes. In the latter, the receiving nodes belonging to the given origin-centric
group individually perform the symmetric key-based detection against cyber-attacks by verifying
each message received from the sending node, namely origin authentication, in real-time. To improve
the control security, CANon employs a one-time local key selected from a sequential hash chain (SHC)
for authentication of an origin node in a distributed mode and exploits the iterative hash operations
with randomness. Since the SHC can constantly generate and consume hash values regardless of their
memory capacities, it is very effective for resource-limited nodes for in-vehicle networks. In addition,
through implicit key synchronization within a given group, CANon addresses the challenges of a
key exposure problem and a complex key distribution mechanism when performing symmetric key-
based authentication. To achieve lightweight cyber-attack detection without imposing an additive
load on CAN, CANon uses a keyed-message authentication code (KMAC) activated within a given
group. The detection performance of CANon is evaluated under an actual node of Freescale S12XF
and virtual nodes operating on the well-known CANoe tool. It is seen that the detection rate of
CANon against brute-force and replay attacks reaches 100% when the length of KMAC is over 16 bits.
It demonstrates that CANon ensures high security and is sufficient to operate in real-time even on
low-performance ECUs. Moreover, CANon based on several software modules operates without an
additive hardware security module at an upper layer of the CAN protocol and can be directly ported
to CAN-FD (CAN with Flexible Data rate) so that it achieves the practical cyber defense platform.
Keywords: in-vehicle network; sequential hash chain; one-time key; controller area network
1. Introduction
Cyber-physical systems (CPSs) are commonly applied to critical infrastructure and
future-oriented services enabling the quality of life to be improved. These systems promise
enhanced efficiency, convenience, and safety by integrating physical and computational
components tightly. Recently, the physical components have suffered from various cyber-
attacks, which aim to disrupt the intended functionality of the CPS, such as Stuxnet [
1
].
Such attacks mainly exploit computational components to manipulate the characteristics
of physical components. The manipulation for the control of the physical component,
Sensors 2022, 22, 2636. https://doi.org/10.3390/s22072636 https://www.mdpi.com/journal/sensors
