Identifier Randomization: An Efficient Protection Against CAN-Bus Attacks

  • Khaled KarrayEmail author
  • Jean-Luc Danger
  • Sylvain Guilley
  • M. Abdelaziz Elaabid


The Cyber-Physical Architecture of vehicles is composed of sensors, actuators, and electronic control units all communicating over shared communication buses. For historical reasons the internal communication buses, as the Controller Area Network (CAN), do not implement security mechanisms; the communications are assumed to be “trusted.” Recently these trusted relations have been challenged and leveraged to launch cyber-physical attacks against modern vehicles. As a result, it becomes urgent to enhance the security features of vehicles and notably the robustness of the CAN bus which represents an important channel of attacks.

In this work we develop identifier randomization procedures whose aim is to protect the CAN protocol from reverse-engineering, replay, and injection attacks. The idea behind this proposition is to constantly change the message identifiers in a random fashion in a way that both sender and receiver can recover the original message identifier but not the adversary. We present the main challenges of the CAN-ID randomization solution, we highlight the weaknesses of state-of-the-art solutions presented in other scientific papers, and we propose and study candidate solutions to overcome these weaknesses. To compare our solutions to state-of-the-art solution, we propose to use the entropy and the conditional entropy as a metrics of security. Results show that the randomization functions that we propose outperform the state-of-the-art solution in terms of both entropy and conditional entropy.


  1. 1.
    S. Checkoway, D. McCoy, B. Kantor, D. Anderson, H. Shacham, S. Savage, K. Koscher, A. Czeskis, F. Roesner, T. Kohno et al., Comprehensive experimental analyses of automotive attack surfaces, in USENIX Security Symposium, San Francisco, 2011Google Scholar
  2. 2.
    S. Dario, M. Mirco, C. Michele, Detecting attacks to internal vehicle networks through hamming distance, in IEEE 2017 AEIT International Annual Conference-Infrastructures for Energy and ICT (AEIT 2017), 2017Google Scholar
  3. 3.
    E. de Chérisey, S. Guilley, A. Heuser, O. Rioul, On the optimality and practicability of mutual information analysis in some scenarios. Cryptogr. Commun. 10(1), 101–121 (2018)MathSciNetCrossRefGoogle Scholar
  4. 4.
    I.D. Foster, A. Prudhomme, K. Koscher, S. Savage, Fast and vulnerable: a story of telematic failures, in WOOT, 2015Google Scholar
  5. 5.
    K. Han, A. Weimerskirch, K.G. Shin, Automotive cybersecurity for in-vehicle communication, in IQT Quarterly, vol. 6 (2014), pp. 22–25Google Scholar
  6. 6.
    K. Han, A. Weimerskirch, K.G. Shin, A practical solution to achieve real-time performance in the automotive network by randomizing frame identifier, in Escar Conference, Cologne, Germany, 2015Google Scholar
  7. 7.
    O. Hartkopp, R. Schilling, MaCAN - Message authenticated CAN, in Escar Conference, Berlin, 2012Google Scholar
  8. 8.
    T. Hoppe, S. Kiltz, J. Dittmann, Security threats to automotive CAN networks–practical examples and selected short-term countermeasures, in International Conference on Computer Safety, Reliability, and Security (Springer, Berlin, 2008), pp. 235–248Google Scholar
  9. 9.
    A. Humayed, B. Luo, Using ID-hopping to defend against targeted DoS on CAN, in Proceedings of the 1st International Workshop on Safe Control of Connected and Autonomous Vehicles (ACM, New York, 2017), pp. 19–26Google Scholar
  10. 10.
    ISO, 11898-1–Road Vehicles–Controller Area Network (CAN)–Part 1: Data Link Layer and Physical Signalling (International Organization for Standardization, Geneva, 2003)Google Scholar
  11. 11.
    ISO, 11898-2–Road Vehicles–Controller Area Network (CAN)–Part 2: High-Speed Medium Access Unit (International Organization for Standardization, Geneva, 2003)Google Scholar
  12. 12.
    ISO, 11898-3–Road Vehicles–Controller Area Network (CAN)–Part 2: Fault Tolerant Medium Access Unit (International Organization for Standardization, Geneva, 2003)Google Scholar
  13. 13.
    K. Koscher, A. Czeskis, F. Roesner, S. Patel, T. Kohno, S. Checkoway, D. McCoy, B. Kantor, D. Anderson, H. Shacham et al., Experimental security analysis of a modern automobile, in 2010 IEEE Symposium on Security and Privacy (SP) (IEEE, Piscataway, 2010), pp. 447–462CrossRefGoogle Scholar
  14. 14.
    M. Marchetti, D. Stabili, Anomaly detection of CAN bus messages through analysis of ID sequences, in 2017 IEEE Intelligent Vehicles Symposium (IV) (IEEE, Piscataway, 2017), pp. 1577–1583CrossRefGoogle Scholar
  15. 15.
    C. Miller, C. Valasek, Adventures in automotive networks and control units. DEF CON21, 260–264 (2013)Google Scholar
  16. 16.
    C. Miller, C. Valasek, Remote exploitation of an unaltered passenger vehicle. Black Hat USA, 2015Google Scholar
  17. 17.
    M. Müter, N. Asaj, Entropy-based anomaly detection for in-vehicle networks, in 2011 IEEE Intelligent Vehicles Symposium (IV) (IEEE, Piscataway, 2011), pp. 1110–1115CrossRefGoogle Scholar
  18. 18.
    D.K. Nilsson, U.E. Larson, E. Jonsson, Efficient in-vehicle delayed data authentication based on compound message authentication codes, in IEEE 68th Vehicular Technology Conference, 2008. VTC 2008-Fall (IEEE, Piscataway, 2008), pp. 1–5Google Scholar
  19. 19.
    C. Smith, The Car Hacker’s Handbook: A Guide for the Penetration Tester (No Starch Press, San Francisco, 2016)CrossRefGoogle Scholar
  20. 20.
    A. Taylor, N. Japkowicz, S. Leblanc, Frequency-based anomaly detection for the automotive CAN bus, in 2015 World Congress on Industrial Control Systems Security (WCICSS) (IEEE, Piscataway, 2015), pp. 45–49CrossRefGoogle Scholar
  21. 21.
    Testing CAN Network with help of CANtoolz., 2016. Accessed 1 Jan 2018

Copyright information

© Springer Nature Switzerland AG 2018

Authors and Affiliations

  • Khaled Karray
    • 1
    Email author
  • Jean-Luc Danger
    • 1
    • 2
  • Sylvain Guilley
    • 1
    • 3
    • 4
  • M. Abdelaziz Elaabid
    • 5
  1. 1.Télécom ParisTechParisFrance
  2. 2.Secure-IC S.A.S.Cesson-SévignéFrance
  3. 3.Secure-ICParisFrance
  4. 4.École normale supérieureParisFrance
  5. 5.PSA-GROUPEParisFrance

Personalised recommendations