Skip to main content

CAN Bus Risk Analysis Revisit

  • Conference paper

Part of the Lecture Notes in Computer Science book series (LNSC,volume 8501)


In automotive design process, safety has always been the main concern. However, in modern days, security is also seen as an important aspect in vehicle communication especially where connectivity is very widely available. In this paper, we are going to discuss the threats and vulnerabilities of a CAN bus network. After we have considered a number of risk analysis methods, we decided to use FMEA. The analysis process allowed us to derive the security requirements of a CAN bus. Experimental setup of CAN bus communication network were implemented and analysed.


  • Risk analysis
  • ECU
  • FMEA
  • CAN bus network


  1. SeVeCom project,

  2. EVITA project,


  4. PRESERVE project,

  5. Checkoway, S., McCoy, D., Kantor, B., Anderson, D., Shacham, H., Savage, S., Koscher, K., Czeskis, A., Roesner, F., Kohno, T.: Comprehensive experimental analyses of automotive attack surfaces. In: USENIX Security Symposium (2011)

    Google Scholar 

  6. ETSI. ITS: Security: Threat, Vulnerability and Risk Analysis (TVRA). Technical report, ETSI (2010)

    Google Scholar 

  7. Flowers, D.: AN953:Data Encryption Routines for the PIC18 (2005)

    Google Scholar 

  8. Miller, R., Rouf, I., Mustafa, H., Oh, S., Taylor, T., Xu, W., Gruteser, M., Trappe, W., Seskar, I.: Security and privacy vulnerabilities of in-car wireless networks: A tire pressure monitoring system case study. In: 19th USENIX Security Symposium, Washington DC, pp. 11–13 (2010)

    Google Scholar 

  9. Road vehicles – Controller Area Network (CAN) – part 1: Data link layer and physical signalling. Standard, International Organization for Standardization (February 2003)

    Google Scholar 

  10. Koscher, K., Czeskis, A., Roesner, F., Patel, S., Kohno, T., Checkoway, S., McCoy, D., Kantor, B., Anderson, D., Shacham, H., et al.: Experimental security analysis of a modern automobile. In: 2010 IEEE Symposium on Security and Privacy (SP), pp. 447–462. IEEE (2010)

    Google Scholar 

  11. Kung, A.: Security architecture and mechanisms for V2V/V2I. Technical report, SeVeCom (2008)

    Google Scholar 

  12. Makowitz, R., Temple, C.: Flexray- A communication network for automotive control systems. In: 2006 IEEE International Workshop on Factory Communication Systems, pp. 207–212 (2006)

    Google Scholar 

  13. Media Oriented Systems Transport Specifications (2006)

    Google Scholar 

  14. Ruff, M.: Evolution of Local Interconnect Network (LIN) solutions. In: 2003 IEEE 58th Vehicular Technology Conference, VTC 2003-Fall, vol. 5, pp. 3382–3389. IEEE (2003)

    Google Scholar 

  15. Stotz, J.P., Bißmeyer, N., Kargl, F., Dietzel, S., Papadimitratos, P., Schleiffer, C.: Security requirements of vehicle security architecture. Technical report, PRESERVE (2011)

    Google Scholar 

Download references

Author information

Authors and Affiliations


Editor information

Editors and Affiliations

Rights and permissions

Reprints and Permissions

Copyright information

© 2014 IFIP International Federation for Information Processing

About this paper

Cite this paper

Mansor, H., Markantonakis, K., Mayes, K. (2014). CAN Bus Risk Analysis Revisit. In: Naccache, D., Sauveron, D. (eds) Information Security Theory and Practice. Securing the Internet of Things. WISTP 2014. Lecture Notes in Computer Science, vol 8501. Springer, Berlin, Heidelberg.

Download citation

  • DOI:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-662-43825-1

  • Online ISBN: 978-3-662-43826-8

  • eBook Packages: Computer ScienceComputer Science (R0)