Cybersecurity attacks on CAN bus based vehicles: a review and open challenges

Abstract

PurposeNowadays, connected vehicles are becoming quite complex systems which are made up of different devices. In such a vehicle, there are several electronic control units (ECUs) that represent basic units of computation. These ECUs communicate with each other over the Controller Area Network (CAN) bus protocol which ensures a high communication rate. Even though it is an efficient standard which provides communication for in-vehicle networks, it is prone to various cybersecurity attacks. This paper aims to present a systematic literature review (SLR) which focuses on potential attacks on CAN bus networks. Then, it surveys the solutions proposed to overcome these attacks. In addition, it investigates the validation strategies aiming to check their accuracy and correctness.Design/methodology/approachThe authors have adopted the SLR methodology to summarize existing research papers that focus on the potential attacks on CAN bus networks. In addition, they compare the selected papers by classifying them according to the adopted validation strategies. They identify also gaps in the existing literature and provide a set of open challenges that can significantly improve the existing works.FindingsThe study showed that most of the examined papers adopted the simulation as a validation strategy to imitate the system behavior and evaluate a set of performance criteria. Nevertheless, a little consideration has been given to the formal verification of the proposed systems.Originality/valueUnlike the existing surveys, this paper presents the first SLR that identifies local and remote security attacks that can compromise in-vehicle and inter-vehicle communications. Moreover, it compares the reviewed papers while focusing on the used validation strategies.