CAN Bus Risk Analysis Revisit

  • Hafizah Mansor
  • Konstantinos Markantonakis
  • Keith Mayes
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8501)


In automotive design process, safety has always been the main concern. However, in modern days, security is also seen as an important aspect in vehicle communication especially where connectivity is very widely available. In this paper, we are going to discuss the threats and vulnerabilities of a CAN bus network. After we have considered a number of risk analysis methods, we decided to use FMEA. The analysis process allowed us to derive the security requirements of a CAN bus. Experimental setup of CAN bus communication network were implemented and analysed.


Risk analysis ECU FMEA CAN bus network 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    SeVeCom project,
  2. 2.
  3. 3.
  4. 4.
  5. 5.
    Checkoway, S., McCoy, D., Kantor, B., Anderson, D., Shacham, H., Savage, S., Koscher, K., Czeskis, A., Roesner, F., Kohno, T.: Comprehensive experimental analyses of automotive attack surfaces. In: USENIX Security Symposium (2011)Google Scholar
  6. 6.
    ETSI. ITS: Security: Threat, Vulnerability and Risk Analysis (TVRA). Technical report, ETSI (2010)Google Scholar
  7. 7.
    Flowers, D.: AN953:Data Encryption Routines for the PIC18 (2005)Google Scholar
  8. 8.
    Miller, R., Rouf, I., Mustafa, H., Oh, S., Taylor, T., Xu, W., Gruteser, M., Trappe, W., Seskar, I.: Security and privacy vulnerabilities of in-car wireless networks: A tire pressure monitoring system case study. In: 19th USENIX Security Symposium, Washington DC, pp. 11–13 (2010)Google Scholar
  9. 9.
    Road vehicles – Controller Area Network (CAN) – part 1: Data link layer and physical signalling. Standard, International Organization for Standardization (February 2003)Google Scholar
  10. 10.
    Koscher, K., Czeskis, A., Roesner, F., Patel, S., Kohno, T., Checkoway, S., McCoy, D., Kantor, B., Anderson, D., Shacham, H., et al.: Experimental security analysis of a modern automobile. In: 2010 IEEE Symposium on Security and Privacy (SP), pp. 447–462. IEEE (2010)Google Scholar
  11. 11.
    Kung, A.: Security architecture and mechanisms for V2V/V2I. Technical report, SeVeCom (2008)Google Scholar
  12. 12.
    Makowitz, R., Temple, C.: Flexray- A communication network for automotive control systems. In: 2006 IEEE International Workshop on Factory Communication Systems, pp. 207–212 (2006)Google Scholar
  13. 13.
    Media Oriented Systems Transport Specifications (2006)Google Scholar
  14. 14.
    Ruff, M.: Evolution of Local Interconnect Network (LIN) solutions. In: 2003 IEEE 58th Vehicular Technology Conference, VTC 2003-Fall, vol. 5, pp. 3382–3389. IEEE (2003)Google Scholar
  15. 15.
    Stotz, J.P., Bißmeyer, N., Kargl, F., Dietzel, S., Papadimitratos, P., Schleiffer, C.: Security requirements of vehicle security architecture. Technical report, PRESERVE (2011)Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2014

Authors and Affiliations

  • Hafizah Mansor
    • 1
  • Konstantinos Markantonakis
    • 1
  • Keith Mayes
    • 1
  1. 1.Information Security Group, Smart Card Centre,Royal HollowayUniversity of LondonUnited Kingdom

Personalised recommendations