Towards holistic secure networking in connected vehicles through securing CAN-bus communication and firmware-over-the-air updating

Abstract With the increasing connectivity in modern vehicle infrastructure, solutions are required to harden the vehicle’s electronic architecture against potential attacks. One of the most important concerns is to ensure vehicle systems take appropriate and safe actions to diminish the probability of cyber-attacks success and mitigate the ramifications of potential unauthorized access. In this work, we present a layered systematic approach to achieve these goals along with a real implementation on an electric motorcycle. The developed secure infrastructure involves secure interconnection mechanisms to ensure trustworthy communications for electronic control nodes; hardware firewall to prevent interference and unauthorized access from untrusted applications/firmware; separated OS instances for different execution environments to provide best possible support for apps with different requirements and to further isolate apps from each other; and finally secure deployment of apps/firmware to ensure that apps are deployed unaltered to the automotive platform. In particular, considering both in-vehicle’s units resource-constraints, in terms of cost and size, and security needs that emerge in open bus-based networks, we introduce a secure technology that helps to prevent cyber-attacks in automotive Controller Area Network (CAN) protocol which is often used in in-vehicle networks. This technology, which we call secure CAN (sCAN), respects standard CAN-bus and realizes security mechanisms implemented in software or hardware, while adding less than 1 ms latency on the communication. sCAN in synergy with on-chip hardware firewalling which controls authorization level of on-chip accesses, and finally, together with securing the deployment of firmware updating over the air, build a fully-layered approach for connected vehicles to protect system assets, such as application and device authenticity, integrity, confidentiality, and availability.