co MP u T E R s & s EC u R I T Y 10 3 ( 2 0 2 1 ) 1 0 2 1 5 0

Available online at

journal homepage:

Cybersecurity for autonomous

vehicles: Review of attacks and defense

Kyounggon Kim a,c, Jun Seok Kim a, Seonghoon Jeong a, Jo-Hee Park b,
Huy Kang Kim a,∗
a
School of Cybersecurity, Korea University, Seoul, Republic of Korea
b
TMS security TFT, Hyundai Motor Company, Republic of Korea
c
Department of Forensics Science, Naif Arab University for Security Sciences, Riyadh, Kingdom of Saudi Arabia

A R T I C L E I N F O A B S T R A C T

Article history:
As technology has evolved, cities have become increasingly smart. Smart mobility is a
Received 11 February 2020
crucial element in smart cities, and autonomous vehicles are an essential part of smart
Revised 19 August 2020
mobility. However, vulnerabilities in autonomous vehicles can be damaging to quality of
Accepted 10 December 2020
life and hu- man safety. For this reason, many security researchers have studied attacks
Available online 5 January 2021
and defenses for autonomous vehicles. However, there has not been systematic research
on attacks and defenses for autonomous vehicles. In this survey, we analyzed previously
Keywords: conducted attack and defense studies described in 151 papers from 2008 to 2019 for a
Smart city systematic and compre- hensive investigation of autonomous vehicles. We classified
Smart mobility autonomous attacks into the three categories of autonomous control system, autonomous
Autonomous vehicle artificial driving systems components, and vehicle-to-everything communications. Defense against
intelligence security survey such attacks was classified into security architecture, intrusion detection, and anomaly
detection. Due to the development of big data and communication technologies,
techniques for detecting abnormalities using artificial intelligence and machine learning are
gradually being developed. Lastly, we provide implications based on our systemic survey
that future research on autonomous attacks and defenses is strongly combined with
artificial intelligence and major component of smart cities.

© 2021 Elsevier Ltd. All rights reserved.

They could stop the car remotely on the highway. A security

1. Introduction research lab, Keen Lab of the Tancent Group, presented their
offensive security research to Tesla and BMW autonomous
With the rapid development of technology, traditional cities
vehicle in 2017 and 2019, respectively, (Keen Security Lab of
are becoming smarter. The components of a smart city in-
Tencent, 2017; Cai et al., 2019). Keen Lab also controlled vul-
clude smart mobility, smart living, smart environments,
nerable features of Tesla and BMW self-driving cars though
smart economy, smart governance, and smart people
Wi-Fi and browser vulnerabilities using 0-day exploits. Such
(Khatoun and Zeadally, 2016). Smart mobility is a crucial
tampering with autonomous vehicles is very disruptive to a
factor in smart cities. Cyber threats of smart mobility are
person’s life. For this reason, research on attacks and defenses
increasing at a quickening pace. Two security researchers
against autonomous vehicles has continued. However, even
showed critical vulnerabilities for autonomous cars in 2005.
though there are many papers related to attacks and
The researchers could control the key features of a self-
defenses
driving Jeep remotely.

∗
Corresponding author.
E-mail addresses: a n e s r a @ k o r e a . a c . k r (K. Kim), s e o n g h o o n @ k o r e a . a c . k r (S. Jeong), c e n d a @ k o r e a . a c . k r (H.K. Kim).
https://doi.org/10.1016/j.cose.2020.102150
0167-4048/© 2021 Elsevier Ltd. All rights reserved.
 Table 1 – Counts of selected papers from 2008 to 2019.

Category Subcategory Method Count Total

Attack Automatic control system ECU attacks 7
In-vehicle network attacks 14
Automotive key related attacks 4
Autonomous Driving Sensor attacks 5
System Components Mobile app attacks 6 77
V2X Communications Technologies VANET attacks 8
Infotainment attacks 5
Risk assessment Risk assessment 15
Threat modeling Attack tree and method 8
Review 5

Defense Security architectures CAN/ECU security 15

VANET security 6
Design, process, and framework 9
Intrusion Detection System IDS for CAN 21 74
IDS for VANET 5
ML and DL 15
Artificial Intelligence using Big Data Cloud and big data 3
Total 151

regarding autonomous vehicles, comprehensive surveys are

techniques in autonomous vehicles. Finally, Section 5 sum-
lacking.
marizes our observations and concludes the paper.
In this present study, we reviewed literature from 2008 to
2019 and focused on attacks and defenses technologies re-
lated to autonomous vehicles. We focused on research out-
2. Key elements of autonomous vehicles
comes that meet specific criteria. We searched for specific
keywords in Google Scholar, such as “autonomous vehicles,”
To investigate the security aspects of autonomous vehicles,
“connected-car,” “cyber,” “V2X,” “autonomous,” “attack,” “au-
we identified three key elements, as depicted in Fig. 1:(i) auto-
tonomous,” and “security.” We chose additional recently pub-
motive control systems, (ii) autonomous driving system
lished papers for the categories of attack and defense. A
com- ponents, and (iii) V2X.
sum- mary of the papers we selected is presented in Table 1.
Our review is aimed at readers who are researching in the
areas of attack and defense against autonomous vehicles. 2.1. Automotive control systems
The contributions of this report are as follows:
An automotive control system consists of an in-vehicle net-
work that connects the main device and the other devices.
• Research conducted for attacks and defenses against au-
The key parts of automotive control systems used in
tonomous cars is organized in a chronological order, indi-
autonomous vehicles are classified as units and networks.
cating the technologies that have been used over time
The most impor- tant units are electronic control units (ECU).
con- cisely.
The ECU controls the state of the automatic transmission of
• 151 papers from 2008 to 2019 on attacks and defenses
the vehicle engine and manages the sensors inside the
against autonomous vehicles are summarized.
vehicle. Some represen- tative types of ECUs are body control
• Through a comprehensive investigation of attacks on au-
modules and powertrain control modules. Body control
tonomous vehicles, it can be observed that, in the future,
modules include modules for the door, seat, power lock,
attacks on autonomous vehicles will increasingly target
airbag, air condition system, and light control. Powertrain
vehicle-to-everything (V2X) technology related to
control modules include an anti-lock brake system (ABS), an
commu- nication rather than other simpler elements of
engine control unit, and a transmission control unit. ECUs
the vehi- cles.
include the central timing module, cen- tral control module
• The research trend in autonomous vehicle security indi-
(CCM), brake control module, transmis- sion control module,
cated that artificial intelligence with big data has been
powertrain control module, engine con- trol module,
used to defend autonomous vehicle attacks.
suspension control module, general electronic module, and
body control modules (Yoshiyasu Takefuji, 2018; Koscher et
The remainder of this paper is organized as follows. al., 2010). Typically, small- and medium-sized vehi- cles
Section 2 addresses the major elements of autonomous vehi- include approximately 50 ECUs (Tettamanti et al., 2016), and
cles, such as automotive control systems, autonomous at least 70 ECUs are included in luxury cars (Kim et al.,
driving systems components, and V2X communication 2008). Some cutting-edge vehicles have up to 80 ECUs due to
technology. In Section 3, we summarize cyber-attack papers new functionality (Takefuji, 2018).
involving au- tonomous vehicles and V2X. Section 4 describes An in-vehicle network interconnects the ECUs and
cyber-defense transfers the data among them. This network includes
 co MP u T E R s & s EC u R I T Y 1 0 3 ( 2 0 2 1 ) 1 0 2 1 5 0 3

Fig. 1 – Key elements of autonomous vehicles.

Table 2 – Inter-vehicle wired interconnection technologies in autonomous driving (Wang et al., 2018).

Network CAN LIN Domestic FlexRay Ethernet Media- Interface Low-

digital bus oriented description voltage
systems block differential
transport signaling
Maximum 1 Mb/s 19.2 Kb/s 11.2 Mb/s 20 Mb/s 100 Mb/s 150 Mb/s 400 Mb/s 655 Mb/s
date rate
Topology Linear bus, Linear bus Ring Linear bus, Linear bus, ring Linear bus, Point to point
star, ring star, or star star, ring
hy-brid
Cost Medium Low High High Medium High High High

the controller area network (CAN), local interconnect net-

a low-speed single-master network commonly used for door
work (LIN), domestic digital bus, FlexRay (Makowitz, 2006),
locks, climate controls, seat belts, sunroof, and mirror con-
Ethernet, media-oriented systems transport, interface
trols. FlexRay is a next-generation automotive bus technology
description block, and low-voltage differential signaling,
that provides high-speed and fault-tolerant communications.
as listed in Table 2.
Kukkala et al. (2017) studied the introduction of FlexRay
The CAN protocol is a data communication ISO standard
into jitter-aware message scheduling in automotive
and is registered as ISO 11,898 (ISO, 2015). Robert Bosch
networks.
GmbH invented the CAN bus protocol in 1986; it was
originally de- signed for automobiles (Voss, 2008;
2.2. Autonomous-Driving-System components
Herrewege et al., 2011). In 1988, the BMW 8 series was the
first production vehicle to adopt the CAN-based
The key components of autonomous driving systems are
communication system (Learning About Electronics, 2018).
light detection and ranging (LIDAR) sensor, video camera,
It uses the CAN as a core network for body systems, engine
Global Positioning System (GPS), radio detection and range
management, and transmission. The CAN ID (identifier) is an
(RADAR) sensor, central computer, and ultrasonic sensor
11-bit framework and can be divided into IDH and IDL or
(Kong et al., 2017; The Economist, 2013).
combined to be used as a single ID. If the CAN ID is 02B3,
LIDAR is a technology that uses light to detect objects and
the IDH is 02 and the IDL is B3. The LIN was invented in
measure distances. LIDAR uses a shorter wavelength laser to
1998 based on a consortium of automotive companies, such as
achieve higher measurement accuracy and better spatial res-
Audi, BMW, Daimler-Chrysler, Volcano, Volvo, Volkswagen,
olution than RADAR. Video cameras read traffic lights and
and Motorola. The LIN 1.1 standard was introduced in 2000
road signs and monitor pedestrians and obstacles. The GPS
and adapted in the first production vehicle in 2001. The LIN
receiver collects signals transmitted from three or more GPS
2.0 standard was developed in 2003 (Nolte et al., 2005). LIN is
satellites to determine the position of the receiver. Once the
 Fig. 2 – Illustration V2X communications (Malhi et al., 2020).
receiver knows the distance to at least three satellites and
the position of each satellite, the position of the receiver can
be calculated using trilateration. RADAR refers to a detection
sys- tem that measures the distance, direction, angle, and
velocity of a target using radio waves. RADAR in an
autonomous vehi- cle is used to recognize environment of a
vehicle in real time. The central computer receives
information from all sensors and manages steering,
accelerator, and brakes. Central com- puter software
interprets regular or irregular road conditions. Ultrasonic
sensors are used to measure the position of very close
objects such as curves and nearby vehicles.
2.3. V2X communication technologies
The network communication between the car and the exter-
nal terminal is referred to as V2X. V2X technology consists
of vehicle-to-vehicle (V2V), vehicle-to-infrastructure (V2I), and
vehicle-to-network communications, as illustrated in Fig. 2.
Vehicle ad-hoc networks (VANETs) are an area of signifi-
cant interest for researchers of V2X communications. VANET
uses dedicated short-range communications (DSRC). It is
based on the IEEE 802.11p standard for wireless access in
ve- hicular environments. IEEE 1609 is a higher layer
standard based on IEEE 802.11p, and defines the standards,
architecture, and interfaces for secure V2V and V2I
communications. DSRC includes an on-board unit inside the
vehicle and infrastruc- tural road-side units (RSU) outside
the vehicle. The on-board unit is composed of a
communication control unit, routing table, and local
dynamic map: (i) the communication control
unit is a unit for communication between the interior and ex-
terior of the vehicle; (ii) the routing table stores neighboring
vehicle information and timestamps; (iii) the local dynamic
map is a map database that stores information on road con-
ditions and traffic surrounding the vehicle. The RSU is a de-
vice for V2I communication. It communicates with location
servers through a wired/wireless network for tracking infor-
mation on all vehicles. The service infrastructure of a RSU in-
cludes the traffic-management system, public-key infrastruc-
ture, and RSU management center (Lee et al., 2014).
Another communication structure required for V2X is the
mobile cellular network, referred to as Cellular V2X (C-V2X),
which currently uses the long-term evolution technology. C-
V2X is superior to DSRC in terms of communication over a
wider area, existing infrastructure environment, and security
factors. In addition to DSRC and C-V2X, V2X communications
use technologies such as satellite radio and Bluetooth for
V2X applications. V2X communication technologies have
several security vulnerabilities that will be explained in
Section 3.
3. Attacks on autonomous vehicles
In this section, we investigate cyber-attacks for autonomous
vehicles based on the components of autonomous vehicles
and the historical timeline. We classified attack research
on autonomous vehicles as automotive control systems, au-
tonomous driving systems components, V2X communication,
and risk assessment, as depicted in Fig. 3.
 Fig. 3 – Categories of Attack Research on Autonomous Vehicles.

Table 3 – Research on automotive control systems.

Attack category Authors Year Approach and experiment

ECU attacks Koscher et al. (2010) 2010 Experimental result regarding modern automobile hacking
Ishtiaq Roufa et al. (2010) 2010 Vulnerability in tire pressure monitoring system case
Salfer et al. (2014) 2014 On-board networks attack forest construction
Shukla (2016) 2016 Vulnerability analysis of automotive software (ECU)
Burakova et al. (2016) 2016 Experimental analysis of the SAE standard
Nie et al. (2017) 2017 Full attack chain to CAN BUS and ECU remote controls
Halahan & Chen (2017) 2017 Wireless for TPMS, ECU
In-vehicle Hoppe & Dittman (2007) 2007 Sniffing/replay attacks on CAN buses
network Hoppe et al. (2008) 2008 Conducting four empirical tests on the automotive control system
attacks Larson & Nilsson (2008) 2008 Analyzing automotive wireless communication security problem
Nilsson et al. (2009) 2009 Describing two attacks in FlexRay bus-read and spoof
Miller & Valasek (2013) 2013 Practical ECU remote code execution.
Smith (2016) 2016 Published “The Car Hacker’s Handbook" for penetration tester
Palanca et al. (2017) 2017 Denial-of-Service attack for link-layer automotive
Pan et al. (2017) 2017 Attack scenario from a malicious smartphone application to CAN
Fowler et al. (2017) 2017 Prepared testbed and built for a CAN simulator
Martinelli et al. (2017) 2017 Fuzzy neural network algorithm to identify CAN protocol communication
Frö schle & Stü hring (2017) 2017 Analyzing the capabilities of the CAN attacker
Li et al. (2018) 2018 Attack via ECU (Reversing ECU, side-channel attack)
Fowler et al. (2019) 2019 Fuzz testing for CAN prototypes
Payne (2019) 2019 Step-by-step attack procedure through detailed CAN Bus Protocol analysis
Automotive Key Francillon et al. (2011) 2011 Relay attacks on passive keyless entry (Risk of PKES system)
related attacks Verdult et al. (2012) 2012 Demonstrate Hijacking with Hitag2
Verdult et al. (2013) 2013 Cipher authentication protocol and key-update mechanism
Garcia et al. (2016) 2016 ECU/Remote keyless entry system vulnerability

3.1. Attacks on automotive control systems

Attacks on automotive control systems typically target the
ECU, in-vehicle network, and automotive key. Research papers
related to this area are listed in Table 3.
3.1.1. ECU attacks
In 2010, Koscher et al. (2010) published a study that identi-
fied the key ECUs in detail, as listed in Table 4. They inves-
tigated security challenges faced by the CAN, including the
lack of authentication fields, weak access control, and denial-
of-service (DoS) vulnerabilities. They performed CAN packet
sniffing, target probing, reverse-engineering, and fuzzing to
verify the attack methodology. They attempted to attack the
ECU and found that fuzzing is very effective method to find
vulnerabilities for CAN. These attacks allow an attacker to
load firmware without authorization into major ECUs, such
as remote-control door lock receivers and telematic devices.
The authors found that an attacker can maliciously manipu-
late a car’s speed and display information through a compro-
mised telematics unit, as depicted in Fig. 4. The authors eval-
uated the real-time performance of the modern automobile
CAN network and proved the vulnerability of the structure.
 Table 4 – Key ECU components and functionality associated with CAN bus.

Low-Speed High-Speed
Component Functionality Comm. bus Comm. bus
ECM Engine control module. Uses information from sensors to determine the V
amount of fuel, ignition timing, and other engine parameters.
EBCM Electronic break-control module. Controls the anti-lock brake system V
pump motor and values, preventing brakes from locking up and
skidding by regulating hydraulic pressure.
TCM Transmission control module. Controls electronic transmission using V
data from sensors and from the engine control modules to determine
when and how to change gears.
BCM Body control module. Controls various vehicle functions, provides V V
information to occupants, and acts as firewall between two subnets.
Telematics Telematics module. Enables remote data communication with vehicles V V
via a cellular link
RCDLR V
Remote-control door lock receiver. Receives the signal from the car’s key
to lock and unlock doors and trunk. It also receives data wirelessly
from the tire pressure monitoring system sensors.
HVAC V
Heating, ventilation, and air conditioning. Controls the cabin
environment.
SDM V
Inflatable restraint sensing and diagnostic module. Controls airbags and
seat belt pretensioners.
IPC/DIC V
Instrument panel cluster/driver information center. Displays information to
the driver about speed, fuel level, and various alerts about car’s status.
Radio V
Radio. In addition to regular radio functions, funnels and generates
TDM most of the in-cabin sounds (beeps, buzzes, and chimes) V
Theft-deterrent module. Prevents vehicle from starting without
legitimate key.

nisms; it sends fixed sensor IDs to each packet, and it is

Fig. 4 – Displaying arbitrary message and false
speedometer reading on Driver Information Center.
(Koscher et al., 2010).
This study is meaningful in that it is the earliest study that
identifies the EUC in detail and directly attacks the ECU.
Ishtiaq Roufa et al. (2010) described a tire pressure mon-
itoring system (TPMS) that could sniff personal information,
which could be leaked to an attacker while wirelessly com-
municating status information. The authors highlighted the
TPMS as the first wireless network in the vehicle. This study
substantially evaluated TPMS through experiments. It also
contributed significantly to the verification of the impacts
that can be generated on privacy and security through the
modi- fied TPMS. The TPMS does not use any cryptographic
mecha-
highly possible to track vehicles through it. In addition, there
is no authentication for the transmitted message, and the
vehicle’s ECU also does not verify the input value. This
allows the at- tacker to use a malformed message to display
a tire pressure warning to the next car on the highway or to
disable the TPMS ECU.
To automate the assessment of vulnerability, Salfer &
Eck- ert (2015) proposed a methodical and automated
measure- ment method based on ECU development data and
software images. The metrics of this methodology were
designed for ease of evaluation, such as code review and
penetration test- ing. The attack interface includes a
diagnostic protocol, an ex- ternal interface such as a USB, a
user interface through the driver, and a low-level hardware
interface.
Shukla (2016) explained the weaknesses of typical ECU
software, the procedure to attack networks such as CAN, and
existing security countermeasures available in tricore archi-
tecture. He further explained a method of exploiting vulnera-
bilities in the ECU software. His-study described the
software framework of the Automotive Open System
Architecture (AU- TOSAR) standard for intelligent mobility.
A tricore microcon- troller analyzes the vulnerabilities in the
ECU to understand and exploit further vulnerabilities using
the already discov- ered ones.
Burakova et al. (2016) experimented on Class-8 semi-
tractors and school buses. This experiment highlights how
simple it is to attack vehicles that are sold in the real world.
Above all, it proves that the same attack can be repeated on
all other vehicles that comply with the SAE J1939 vehicle se-
curity standard. The authors demonstrated their awareness
of vehicle safety (trucks and buses) using the same
thus be spoofed by an attacker, and any targeted ECU can be
standards and illustrated specific attacks that can affect
deceived.
critical systems (ECU, CAN, etc.). They warn that the attacks
The year 2013 was important in the history of car hack-
can be carried out broadly, irrespective of the target, as they
ing. Miller & Valasek (2013) presented an outstanding research
focus on the SAE J1939 network standard.
result on offensive security. They demonstrated its applica-
Tesla revealed an entry-level electric vehicle model in 2017.
tion to the technological accessories embedded in the Ford Es-
As Tesla entered the automotive market, electric vehicles
cape and the Toyota Prius. The experiment demonstrated that
such as Tesla became the main target of attacks. Nie et al.
the vehicle’s ECU can allow remote code execution through
(2017) fo- cused on discovering new security vulnerabilities
a variety of interfaces, such as Bluetooth and telematics de-
that were not known in Tesla vehicles. They experimentally
vices. The authors also proposed mechanisms to detect var-
demon- strated how the ECU can be controlled remotely by
ious types of attacks. They used the OBD-II connector shell
sending arbitrary CAN packets to a Tesla vehicle updated
available from obd2allinone.com. The CAN message imple-
with the lat- est firmware. They tested the vulnerabilities of
mented in the Toyota Prius contains a message checksum at
Tesla models S P85 and P75, the latest versions at that time.
the end of the data byte. Only the most important CAN
First, after search- ing for browser vulnerability, the vehicle
packets contain a checksum. The experiment was conducted
was attacked by at- tracting users to the Wi-Fi hotspot. They
by send- ing a proprietary message to the ECU. The Ford
damaged many in- vehicle systems, such as integrated circuit
engine used in the experiment is a well-established vehicle,
and gateways, via wireless (Wi-Fi/cellular) technology and
which is set to not operate when too much or too little gas or
then injected mali- cious CAN messages. After this discovery,
air is injected. This is the specific routine control set in Ford
Tesla vehicles were updated using the over-the-air (OTA)
4044. For exam- ple, the packet sent by the attacker is
mechanism, and code signing protection was applied.
Halahan & Chen (2017) explored how a vehicle can poten-
IDH: 07, IDL: E0, Len: 08, Data: 05 31 01 40 44 FF 00 00
tially be hacked. They divided process of hacking a car into
three steps: (i) the first is to remotely compromise, (ii) the sec-
Each parameter presented here is a bit field. In this test,
ond is to inject messages via cyber or physical components,
because the CAN was overloaded with the CAN packet, service
and (iii) the final step is to allow the ECU to perform the
was denied, as depicted in Fig. 5.
tasks desired by the attacker. Hacking types include indirect
The year 2016 and 2017 were the most active periods for
phys- ical access, short-range and long-range wireless
research on car attacks. Smith (2016) published a book titled
communica- tions, and dongle-based attacks. Hacking
The Car Hacker’s Handbook: A Guide for the Penetration Tester. This
threats include data collection and eavesdropping. They
handbook describes various points of attack methodologies
suggested that the coun- termeasures against attacks are to
and attack processes that can be used to hack vehicles.
design secure vehicle, con- sidering the risks and threats.
Begin- ning with detailed explanations of the concepts and
They also addressed that con- tinuous monitoring and
related policies of vehicle security, it goes on to explain the
communicating suspicious activity is necessary to develop a
methods of security and threat testing on vehicles. It is also
secure vehicle network.
demon- strated how hardware vulnerabilities can be drawn
and tested. This book contains information related to
3.1.2. In-vehicle network attacks
automotive buses, CAN networks, vehicle diagnostic and
Initially, there were attack studies on internal networks such
logging methods, CAN bus reverse engineering, ECU-related
as CAN and FlexRay (Hoppe and Dittman, 2007; Nils- son et al.,
concepts, and other at- tack threat models.
2009). Hoppe & Dittman (2007) performed sniffing and replay
Palanca et al. (2017) demonstrated that selective DoS at-
attacks to CAN bus networks in automotive control systems.
tacks are possible for vehicles communicating via CAN. They
Hoppe et al. (2008) explored vehicular security threats on the
also emphasized that such an attack cannot be detected at
CAN bus. Based on their test environment, the authors pre-
the frame level. This attack is based on the vulnerability of
sented a classification on four scenarios. For each scenario,
the CAN protocol, which is vulnerable irrespective of the
they specified the objective of the attack, mode of the attack,
manu- facturer. The authors illustrated the concept by
and related vulnerabilities. Larson et al. (2008) proposed a con-
experiment- ing with cars that are currently in use and
ceptual network topology for the CAN bus, including a gate-
proved how easy such an attack is. Pan et al. (2017)
way. In the attack model, the attackers mentioned six types
explained various scenar- ios of attacks on vehicles. They
of attacks, including passive (such as reading messages) and
also explained the dangers vehicle damaged by an attack
active attacks (particularly injection attacks, such as flood, re-
through a CAN bus. Direct ex- amples illustrate various
play, and spoof).
attack scenarios, emphasizing that a malicious attacker can
In 2009, Nilsson et al. (2009) analyzed the FlexRay protocol
attack the CAN bus, disturb the ve- hicle control system, and
and evaluated its functionality to verify whether it can with-
cause physical harm to drivers and passengers in the vehicle.
stand cyber-attacks. Their study described experiments where
Fowler et al. (2017) proposed attacks via a CAN
the ECU on the FlexRay bus was attacked. The authors de-
simulator. Using on-board diagnostic (OBD) scanners, which
fined and described two attacks, reading and spoofing, that,
are read- ily available after a vehicle is purchased, CAN
in the FlexRay network, can be conducted from any ECU. On
vulnerabili- ties have been demonstrated and verified. The
the FlexRay bus, there is no encryption of data; therefore, an
authors have been implemented according to the J3061
attacker can read all the data sent to the bus. The attacker
guidelines com- monly used by the automotive industry to
can also create and insert an unauthenticated message in the
design security. Martinelli et al. (2017) conducted research
data flow that is sent to the bus. Messages flowing on the
using the fuzzy neu-
bus can
 Fig. 5 – Instrument cluster indicating that something is definitely wrong (Miller and Valasek, 2013).

ral network algorithm to identify CAN protocol communica-

ECUs and CANs continue to be the targets of attacks. Ini-
tion attacks of four types (DoS, fuzzy, spoofing the drive gear,
tially, they were physically connected and attacked, but re-
and spoofing the RPM gage). The authors proposed a method
cently, advanced techniques such as side-channel and
for detecting attacks targeting the CAN protocol. They veri-
fuzzing have been applied together.
fied that the actual data embedded in the CAN packet was
used as a feature vector. They also showed that each fuzzy
3.1.3. Automotive-Key-Related attacks
classification algorithm can achieve a precision of 0.85 to 1
Francillon et al. (2011) attacked passive keyless entry and start
in an attack aimed at CAN protocol identification. Frö schle &
(PKES) systems, which are widely used in modern cars. They
Stü hring (2017) explained vehicle network security based
demonstrated the relay attack method by duplicating the ex-
on a systematic understanding of the CAN protocol. They
isting signal. They proved that wireless attacks are possible
devel- oped an invulnerable security concept for the CAN.
via transceivers. Furthermore, the authors conducted a risk
They de- rived an abstract model from the attacker’s
assessment of ten vehicle models from eight vehicle manu-
perspective that targets the CAN. To accurately verify the
facturers. They emphasized the impacts of relay attacks, sug-
derived model, they attempted to improve the
gested alternatives to prevent them.
demonstration of the attack model by considering the
Verdult et al. (2012) analyzed real-world vulnerabilities in
potential impact on the actual vehicle.
cryptographic designs applied to automobiles. They demon-
Li et al. (2018) attacked the mounted infotainment system
strated a real attack using wireless communications to re-
in a vehicle. The infotainment system is vulnerable to attacks
cover private keys. The authors introduced malleability and
because it can control the CAN buses of the vehicle, ECUs,
time-memory trade-off attacks against Hitag2. Malicious at-
etc. The authors used ECU reversing and side-channel attacks
tacks exploit the unique weaknesses of Oracle by randomiz-
as attack methods, which proved to be successful in real ex-
ing the key stream lengths. One of the weaknesses of Oracle
periments. They described the attack surface of modern vehi-
is the time-memory trade-off. This approach is also applica-
cles and provided a deep analysis of the CAN frame. The
ble to linear-feedback shift register-based stream ciphers
side- channel attack method used in the study determined
with sufficient continuous key streams. Cryptanalytic attacks
the key using leaked signal information in the process of
com- bine two weaknesses, dependency between sessions
encryption or a replay attack.
and low degree of filter functionality. This attack allows the
In 2019, a representative fuzzing technique for
attacker to recover a secret key after collecting the key from
automobile attacks was introduced. Fowler et al. (2019) used
the car through a few authentication attempts. The strongest
fuzzy-testing to investigate the vulnerability of CAN
attacks can recover the secret key from a car within six
prototypes. They con- ducted black-box fuzzy testing of
minutes using common hardware.
display ECUs for experimen- tal vehicles, demonstrating the
Verdult et al. (2013) reverse-engineered the security mech-
weakness of the vehicle sys- tem design. Fuzzing is a typical
anism of transponders used for encryption authentication.
method used to detect soft- ware vulnerabilities. The
To this end, the key value was obtained or duplicated using
distinction is that a CAN packet is used for the display ECU.
the weak points of the cryptographic design and authentica-
Payne (2019) described a clear step- by-step process for
tion protocol. The vulnerability of the key transponder update
hacking cars through a detailed analysis of the CAN bus
mechanism was exploited when updating or changing the
protocol. It was mainly targeted at faculty, stu- dents, and
key. The authors proved that the encryption key used for
researchers with the necessary tools, such as the curriculum
authen- tication is set such that it is too weak for the actual
and practice environment required to implement vehicle
vehicle. They experimented with the vulnerability of the
hacking. For as little as $100, it introduces tools for re- verse
transponder and suggested possible challenges.
engineering CAN bus messages as well as related CAN- to-
USB bus cables or wireless connector combinations.
 Table 5 – Research on autonomous driving system components.

Attack category Authors Year Approach and experiment

Sensor attacks Wyglinski et al. (2013)
Amoozadeh et al. (2015)
Yan et al. (2016)
Lim et al. (2018)
Yeh et al. (2018)
Mobile app attacks Woo et al. (2015)
Jafarnejad et al. (2015)
Yan (2015)
Mazloom et al. (2016)
Tod Beardsley (2017)
Eriksson et al. (2019)
2013 New form of vulnerability into critical infrastructure sensors
2015 Cooperative adaptive cruise control (CACC)
2016 Attacks for RADAR, cameras, and ultrasonic sensors
2018 Attack simulation for ultrasonic sensor
2018 Security risks automotive for RADAR and DSRC
2015 An attack with malicious smart-phone app
2015 Remotely critical systems control of the vehicle
2015 Survey on security challenges in automotive threat for 2 years
2016 Security analysis for in-Vehicle-infotainment systems (IVI)
2017 Hyundai Blue Link cleartext communications
2019 Static tool for code analysis

Garcia et al. (2016) described the vulnerability of a vehi- real challenge from a
cle immobilizer (key) used primarily by vehicle manufacturers
and original equipment manufacturers. First, they recovered
encryption algorithms and keys to and from the immobilizer.
Next, a VW Group remote-control signal was transmitted us-
ing the recovered key, and the signal sent from the vehicle
was eavesdropped upon to allow arbitrary access to the
vehicle. This attack can recover the encryption key and
replicate the remote-control key with four to eight rolling
codes and a short calculation time. The results of this study
affected millions of vehicles worldwide and are now
considered a significant com- ponent of physical vehicle
security.

3.2. Attacks on autonomous driving system components

Attacks on autonomous driving components are clearly

differ- ent from traditional automobile. In this section, we
investigate studies that focus on attacks on the main
components of au- tonomous vehicles. Research papers
related in this field are listed in Table 5.

3.2.1. Sensor attacks

Wyglinski et al. (2013) provided insights into the challenges
and security aspects of autonomous vehicles. This study sug-
gested better opportunities in terms of sensors that can be
applied to vehicles with more complex embedded
computing. The authors performed a case study on
automotive computing and sensing. They analyzed the LIDAR
sensors, wireless ac- cess, autopilots and navigators, sensors,
and actuator controls as components of autonomous
vehicles. They also addressed steganographic attacks,
hardware and firmware attacks, in- formation leakage
eavesdropper attacks, sensor attacks, and physical chip-
tampering attacks.
Amoozadeh et al. (2015) discussed security attacks on the
communication channels used in vehicles and studied the
sensor operation of connected vehicles that can perform co-
operative adaptive cruise control (CACC). CACC is an
extended concept of adaptive cruise control. The simulation
results pre- sented in this study proved that insider attacks
can cause serious problems in CACC vehicle networks. It
presented al- ternatives to downgrading to the existing
adaptive cruise control mode instead of CACC or other
countermeasures. Yan et al. (2016) explained that sensor
security is a crucial issue in autonomous vehicles and is a
safety standpoint. They studied automated driving systems
for Tesla vehicles and three essential sensors: (i) ultrasonic
sensor, (ii) millimeter wave RADAR, and (iii) cameras
deployed for use with autopilots. The results indicated that
radio inter- ference and spoofing attacks were possible.
Lim et al. (2018) emphasized the significance of
ultrasonic sensors applied to autonomous vehicles. They
described pos- sible vulnerability assessment methods
applicable to obstacle detection devices for commonly used
sensors. Possible attack scenarios were derived through
ultrasonic sensors and were proven experimentally by
simulation. They pointed out the in- accuracy of attempting
to detect an obstacle using ultrasonic sensors applied to a
vehicle. Experimental results indicated that nearby
attackers could intercept or randomly remove the
ultrasonic sensor. They emphasized that these attacks were
very easy to carry out and were easily available at low cost.
Yeh et al. (2018) presented the unique security flaws of au-
tomotive RADAR and DSRC technologies. The author
empha- sized removing security risks as quickly as possible
by simu- lating various attacks on this technology.

3.2.2. Mobile app attacks

In 2015, Woo et al. (2015) reported that in a connected
vehi- cle environment, a malicious smartphone app can
carry out long-range wireless attacks. They analyzed CAN
vulnerabili- ties and designed a security protocol applicable
to vehicles af- ter demonstrating the attack model. Based on
Secure-ECU and CANoe, which is comprehensive software
tool for the develop- ment, testing, and analysis of ECUs,
they conducted a security and performance analysis of the
proposed security protocol. Jafarnejad et al. (2015)
developed a platform that allowed them to access a vehicle’s
internal systems. Through this platform, they could
remotely access the interior and manipulate the actual
vehicle. This is referred to as the open vehicle moni- toring
system. The authors had access to a Sevcon Gen4 con-
troller to operate the vehicle. They developed a web
interface and Android mobile application for smooth
vehicle operation. All these tests were conducted on real
vehicles, which em- phasized the possible risks. Yan (2015)
conducted a two-year survey on problems in autonomous
vehicle security. The re- search report covered nearly all
types of connected cars from cloud platforms, and OBD
dongles to auto apps, proving to be the most
comprehensive report on the current connected- car-threat
situation. The author provided a guide to help au-
tonomous vehicle companies in identifying vulnerabilities in
3.3.1. VANET attacks
their products and services.
Attacks on VANET is a major field that has been continu-
Mazloom et al. (2016) proved that vehicle attacks were pos-
ously researched since 2008. Larson & Nilsson (2008) ana-
sible through a vehicle driver’s smartphone. First, an
lyzed a security problem for wireless communication trans-
attacker who steals the control of a smartphone from a
mission from the outside. They used a defense-in-depth view
driver sends a malicious message to the vehicle’s internal
of the wireless communication segment. They also analyzed
network using the MirrorLink protocol. Thereafter, the
security issues for each of the prevention, detection, deflec-
attacker can send CAN packets. Thus, it was established that
tion, countermeasure, and recovery layers for the autonomous
attacks are possible, and the vulnerabilities of the
vehicle. Brooks et al. (2009) discussed system stakeholders,
MirrorLink protocol and IVI imple- mentation were
including manufacturer, private customer, fleet owners and
highlighted. The attack method illustrated in the experiment
leasing companies, service providers and dealer. They also
demonstrated that the message causes a heap overflow to
summarized vehicle and communication use-cases. They
manipulate the vehicle.
sug- gested modified CERT taxonomy for the automotive
Tod Beardsley (2017), from the security company Rapid7,
secu- rity domain. The attack on VANETs covered the man-
announced a vulnerability in Blue Link, a vehicle control ap-
in-the- middle attack, bogus information attack, DoS, location
plication. He discovered that the Blue Link vulnerability im-
track- ing, malicious codes, and replay attacks. The types of
pacted Hyundai Motors in Korea. An attacker could extract
ECU flashing attacks include modifying codes, phishing
the username, password, and personal identification number
attacks, fuzzing attacks, and reverse engineering. For the
(PIN), while the Blue Link app sent personal information to
integration of business service attacks, they described brute
Hyundai. In addition, the attacker could exploit this vulnera-
force, social attacks, DoS, malicious codes, and reverse-
bility to launch a fatal attack that could be initiated remotely
engineering.
by unlocking the vehicle.
Checkoway et al. (2011) insisted that they are the first re-
Eriksson et al. (2019) investigated vulnerability with a fo-
searchers to identify attack surfaces from outside rather
cus on Android car apps developed by car manufacturers.
than inside the vehicle, and they actually experimented with
They considered road safety and security factors that affect
at- tacks. They demonstrated two types of hacking: (i)
users. They investigated the attack surface and vulnerability
technical hacking and (ii) Operational hacking. Technical
of in-vehicle apps and suggested countermeasures for fine-
hacking is an attack that modulates various electrical input
grained permission, API control, system support, and informa-
and output sig- nals to the internal elements of a vehicle. It
tion flow. They also developed AutoTame, a static tool for code
also intercepts and modulates various communication
analysis.
signals between external networks, such as automobiles and
As we have seen so far, attacks on autonomous driving
internet connections. Op- erational hacking is an attack that
ele- ments have mainly focused on attacks on sensors and
introduces malicious sig- nals into the communication
attacks through mobile apps. As the control function of
between the interior and exte- rior of the car. The authors
autonomous vehicles through smartphones is strengthened,
identified four classes of vulnera- bility: short-range wireless,
mobile de- vices, which are relatively vulnerable to attack,
long-range wireless, direct physi- cal, and indirect physical.
are expected to become the main targets for attack.
Al-Kahtani (2012) published a survey paper for VANET
se- curity attack. This paper described security attacks and
de- fenses against VANETs. The author used the defense
3.3. Attacks on V2X communications technologies
mecha- nisms of VANETs to present various security and
privacy in- fringement attacks and classified these
The most active research area for attacks on autonomous ve-
mechanisms. The ex- isting security and privacy schemes for
hicles is in the V2X field. Research papers related to this area
VANETs were classi- fied into public key, symmetric and
are listed in Table 6.
hybrid, certificate revoca- tion, and identity-based
encryption.

Table 6 – Research on V2X communication attacks.

Attack category Authors Year Approach and experiment

VANET attacks Larson & Nilsson (2008)
Brooks et al. (2009)
Checkoway et al. (2011)
Al-Kahtani (2012)
Parul and Deepak (2014)
Miller & Valasek (2015)
Bariah et al. (2015)
Hasrouny et al. (2017)
Infotainment and Foster et al. (2015)
Bluetooth attacks Cheah et al. (2016)
Cheah et al. (2017)
Bacchus et al. (2017)
Cai et al. (2019)
2008 Analyzing automotive wireless communication security problem
2009 Automotive Security taxonomy by CERT
2011 Analyzing automotive wireless communication security problem
2012 Survey on vehicular ad hoc network’s security issues
2014 Different types of fifty security attacks in VANET
2015 Culmination of three years of research into automotive security
2015 Surveying the state-of-the-art of VANET security
2017 A survey on VANET security challenges and countermeasures
2015 Security analysis of a telematics control unit (TCU)
2016 Bluetooth-enabled automotive infotainment unit
2017 Two case studies for Bluetooth connection and diagnostics device.
2017 Security analysis for wireless and Bluetooth
2019 Attack using external I/O (USB, OBD-II, and cellular network)
 Parul and Deepak (2014) examined the various security
Cheah et al. (2017) proposed a framework for conduct-
threats of VANETs and analyzed their impacts and
ing a systematic security test on a Bluetooth interface and
implemen- tations on the VANET security architecture. They
conducted a vehicle test through the implementation of a
compared various types of VANET security attacks with
proof-of-concept tool. They identified Bluetooth vulnerability
attacker types. Several examples and theoretical structures
in the vehicle, based on which vehicle manufacturers empha-
have been used to mitigate the instability of VANETs. Their
sized the need to consider how legacy pairing in Bluetooth
study also described major security vulnerabilities in
technology can be replaced. They were able to test for vul-
VANETs and their counter- measures.
nerable discovery and security practices in accordance with
Miller & Valasek (2015) demonstrated remote attacks
the structured procedures presented. The tools developed in
that can be carried out against any Fiat-Chrysler vehicle.
their study emphasized that manufacturers could evaluate
Remote attacks have been shown to affect certain physical
the status of the implementation of their security practices.
systems, such as steering and braking. The d-Bus service was
Bacchus et al. (2017) discussed various systems in cars, types
exposed and vulnerable. The authors were able to
of known attacks, and methods to defend against such at-
reprogram a V850 chip to send arbitrary CAN messages from
tacks. They built in-vehicle networks that use Bluetooth tech-
an open multime- dia applications platform chip. The d-Bus
nology to connect both the automotive CAN bus system and
was also accessible over the cellular network, not just over
the media system reliably with one system.
Wi-Fi. The d-Bus sys- tem can be accessed anonymously and
Cai et al. (2019) demonstrated a remote attack using mul-
is used for communi- cation among processes. The d-Bus
tiple vulnerabilities that exist in the NBT head Unit (in-
was exposed through the network, which was exploited by
vehicle infotainment) and telematic communication box to
an attacker to cause secu- rity threats, including code
BMW cars. They prepared a fake mobile network with an
injection and memory corruption. Bariah et al. (2015)
HTTP payload and short message service. The authors per-
provided a comprehensive and systematic overview of the
formed reverse-engineering on the firmware of infotainment
latest research on security threats, vulnerabili- ties, and
and telematic box. They obtained root privileges with the ex-
security services related to VANETs. They focused on
ecution of bash commands.
important aspects, such as VANET security simulation tools,
that are not well documented in the general literature.
3.4. Risk assessment and threat modeling
In 2017, Hasrouny et al. (2017) comprehensively identified
security problems, causes, and existing solutions related to
A study of attacks was also conducted from a systematic
VANETs. In addition, they described the security standards
point of view on autonomous vehicles. From a systematic
and protocols related to the latest security architecture. The
perspec- tive, there are threat modeling, risk assessment,
authors focused on classifying and resolving various known
and attack- tree perspectives. Research papers related to
attacks. They explained that VANET can effectively
these subjects are listed in Table 7.
implement a system that can secure a vehicle and protect it
from mali- cious nodes.
3.4.1. Risk assessment
In recent years, a lot of attack studies have been conducted
3.3.2. Infotainment system and bluetooth attacks
from the perspective of risk assessment for autonomous ve-
As the functions of autonomous vehicles have developed,
hicles. Henniger et al. (2009) described the security require-
infotainment technology has also become important, and
ment analysis process in automotive on-board network ar-
research has been done on infotainment system attacks.
chitecture. The analysis process included identifying threats,
Foster et al. (2015) reviewed the telematics control unit (TCU)
identifying security requirements, evaluating the risks, and
connected to an automotive vehicle through the standard on-
prioritizing security requirements based on the acceptable
board diagnostic port (OBD-II in the United States, EOBD in Eu-
risk. The authors identified the potential attack scenarios
rope, and JOBD in Japan). They demonstrated that this
and probabilities by applying the analysis process. In 2013,
device can be remotely discovered and attacked. They
Ward et al. (2013) developed a process similar to functional
described the local and remote attack surfaces of the
safety risk analysis for the analysis of cybersecurity threats.
telematics control unit. For the local attack surface, web,
The authors explained how the guidelines were developed
telnet console access, NAND dump, and SSH service methods
based on the approach described in ISO 26,262 and the
were explained. The attack- ers discovered that they were
motor industry software reliability association safety analysis
bound to all the network inter- faces as well as short-
guide- lines. There were significant differences in
message-service-based functions from remotely accessible
understanding the severity of security attacks and the
web, telnet consoles, and attack junctions, such as SSH
factors that lead to the likelihood of successful attacks. The
servers.
authors investigated po- tential directions such as whether
Cheah et al. (2016) introduced a method for enhancing
threat analysis and risk as- sessment can provide warranty
the security of composite systems without requiring the user
support for cybersecurity.
to have complete knowledge of commercially sensitive sub-
Othmane et al. (2014) conducted case studies to determine
components. They applied this method to Bluetooth-enabled
the likelihood of seven threats closely related to autonomous
vehicle infotainment devices and identified legitimate Blue-
vehicles. Experts rated six of the seven threats as “very un-
tooth functions that lead to system instability. They discov-
likely” and one as “almost impossible.” The case study
ered weaknesses in structured security testing and demon-
showed that the attacks were difficult because they were
strated how security requirements can be inferred. They
required to be carried out quickly and by a profoundly
also demonstrated a case study that illustrated that a file
knowledgeable ex- pert. However, cyber-attacks on
system can be mounted via Bluetooth.
autonomous vehicles are in-
 Table 7 – Research on risk assessments and threat modeling.

Attack category Authors Year Approach and experiment

Risk Henniger et al. (2009) 2009 Evaluating the risks associated with the threat
Assessment Ward et al. (2013) 2013 Threat analysis and risk assessment in automotive
Othmane et al. (2014) 2014 Likelihoods of threats to connected vehicles (OBD-II, CAN)
Petit & Shladover (2015) 2015 Threats on autonomous automated vehicles
Bayer et al. (2015) 2015 Automotive security evaluation assurance levels (ASEAL)
Macher et al. (2016) 2016 Risk assessment techniques for automotive
Islam et al. (2016) 2016 Demonstrate viability use-case and risk assessment framework
Alcaraz et al. (2017) 2017 Threat scenarios related Open Charge Point Protocol (OCPP)
Rubio et al. (2018) 2018 Man-in-the-Middle attacks between the CP and the CS
Cheah et al. (2018) 2018 Method of security testing for automotive Bluetooth.
Zhang et al. (2018) 2018 Proposed evaluation method of cybersecurity testing (108 items)
Morris et al. (2018) 2018 Threats of the car and countermeasure strategies
Bolovinou et al. (2019) 2019 cybersecurity framework known as threat analysis and risk assessment
Xiong & Lagerströ m (2019) 2019 Meta attack language compiler for privacy
Zoppelt & Kolagari (2019) 2019 Cloud-based attack modeling for autonomous vehicles
Attack tree and Salfer et al. (2014) 2014 On-board networks attack forest construction
methodology Thing & Wu (2016) 2016 A taxonomy on attacks and defenses for autonomous vehicle
Lim et al. (2016) 2016 Infrastructure, ECU
Dü rrwang et al. (2018) 2018 Attack tree STRIDE model for airbag control unit
Karray et al. (2018) 2018 Attack tree construction
Strandberg et al. (2018) 2018 Systematic approach using the start, predict, mitigate, and test method
Sheehan et al. (2018) 2018 classification framework for possible cyber-attacks
Maple et al. (2019) 2019 Attack area analysis using a reference architecture
Review Miller & Valasek (2014) 2014 A survey on automotive attack surfaces (20 cars)
Liu et al. (2017) 2017 In-vehicle network attacks and countermeasures
Parkinson et al. (2017) 2017 Reviews vulnerabilities revealed from white hat hackers
Pekaric et al. (2019) 2019 Selected 39 papers focus on the lifecycle
Miller (2019) 2019 Lessons Learned from hacking a car

deed feasible, and it has been demonstrated that it is possi-

gories and named it “automotive security assurance level” or
ble to attack these vehicles even using cheap equipment and
“ASEAL.”
scripts.
Macher et al. (2016) presented ways of classifying cyber-
Petit & Shladover (2015) investigated vulnerability to au-
security threats by reviewing various risk-assessment tech-
tonomous driving and studied cyber-attacks. They identi-
niques that apply to the automotive sector. This approach can
fied and analyzed threats to autonomous vehicles. The most
provide countermeasures against threats and risks. The au-
important task in developing a vehicle automation system
thors also provided an integrated approach to safety and se-
is to identify potential security vulnerabilities before they
curity that can be introduced during initial product develop-
are required. This study identified challenges by consider-
ment. Islam et al. (2016) developed a framework to
ing both autonomous and smart vehicles that communicate
systemat- ically solve security risks through threat analysis
alert to a human driver. They used these together with cur-
and risk as- sessment for embedded systems in automobiles.
rent vehicle-related threats and alternatives to mitigate
This frame- work can also be used by non-security experts.
them. Bayer et al. (2015) introduced dangerous
ISO 26,262 al- lows automotive engineers to adequately
vulnerabilities and possible threats from the perspective of
meet security re- quirements through a detailed description
vehicle security and categorized the attacks. They analyzed
of the “safety level” of a car. This framework uses systematic
the elements embed- ded in security evaluations based on
guidelines and exist- ing standards to conduct systematic
the following three sub- categories: (i) security analysis, (ii)
assessments of security risks.
practical security testing, and (iii) verifiable security
Alcaraz et al. (2017); Rubio et al. (2018) studied the com-
validation. They insisted on the im- portant of documenting a
munication protocol between the energy management
security analysis procedure prior to performing the actual
system and the charging point in an electric vehicle. The
analysis. This documented security analysis includes a
authors iden- tified security elements based on the Open
vehicle design analysis, potential threat derivation, and
Charge Point Pro- tocol (OCPP) scenario, especially among the
corresponding risk analysis. The next step, a practical
protocols. In addi- tion, the security risk of man-in-the-middle
security test, includes the four categories of func- tional
attacks between Charge Point and Central Server in OCPP
testing of vehicle modules, exploitation of actual vul-
was also described.
nerabilities, fuzzing, and penetration testing with various in-
Cheah et al. (2018) used a systematic security assess-
puts. Verifiable security validation used was based on the
ment to enumerate all undesirable behaviors to which sever-
NIST FIPS-140 and common criteria. The authors introduced
ity ratings could be assigned in a semi-automated manner.
more details regarding the practical security testing model.
They demonstrated vehicle vulnerability exposure, compar-
They defined a security test level for each of the four cate-
ison methods, and severity classification. They presented a
methodology with basic concepts and demonstrated the use
nologies to cyber secure autonomous vehicles and
of native Bluetooth connectivity and aftermarket diagnostics
infrastruc- ture as well as research and development
in automotive head units. Zhang et al. (2018) presented eval-
strategies. In addi- tion, they identified the deployment
uation methods for testing the cyber security of cars. First, a
status of attacks against domestic and foreign
threat analysis for vehicle security was performed and 108
countermeasures. They also presented technological
se- curity test items were determined. Then, a methodology
developments as well as research and develop- ment
to build and test evaluation systems based on product
strategies to secure operations and cybersecurity for au-
testing, automobile advancement levels, and company
tonomous vehicle infrastructure.
emergency re- sponses, was designed. The authors shared
Dü rrwang et al. (2018) presented verification meth-
the level of vulner- ability and described an example of a
ods through penetration testing. The proposed verification
vehicle security assess- ment. Morris et al. (2018) described
methodology was intended to improve automotive security
the cyber security threat and identified strategies that can be
testing. They systematically explained how test cases can
applied by the automo- tive industry to respond to it.
be derived before security validation. They demonstrated
Bolovinou et al. (2019) presented a cybersecurity frame-
the feasibility of applying a security verification methodol-
work known as threat analysis and risk assessment (TARA)
ogy to an ECU. The airbag control device was used in the
for the cybersecurity analysis model of level 3 automated
experiment as an essential element for vehicle safety. The
driving systems. Through the TARA framework, the authors
vulnerabilities considered in the experiment caused the ex-
quantified the likelihood and impact of attacks. Four factors
plosion of the airbag artificially through ECU manipulation.
were selected to quantify the likelihood of an attack’s exper-
Karray et al. (2018) studied cyber-physical attacks, focusing on
tise, knowledge of the target, required equipment, and win-
car structure and state changes. The attacks were used to as-
dow of opportunity. This study differed from previous stud-
sess the overall risk posed to the vehicle system, thereby creat-
ies in that it attempted to quantify the attack potential and
ing an attack tree. An attacker would need to disable the
impact based on the methodology called TARA +. Xiong & ECU- related privileges for exception handling and various
Lagerströ m (2019) examined privacy issues in vehicle security.
other op- tions at the user input level. They showed that an
They focused on the fact that the various existing threat
attacker would be able to display, modify, and even destroy
mod- els did not address privacy issues in vehicle data. To
the desired message under certain conditions.
evaluate threat modeling related to privacy, they proposed
Strandberg et al. (2018) introduced a systematic approach
the meta at- tack language compiler. It features threat
for testing vehicular security using the start, predict, miti-
modeling and data analysis for vehicle data in terms of
gate, and test (SPMT) method. They provided pseudo-code to
privacy. Zoppelt & Ko- lagari (2019) reviewed cloud-based
demonstrate SPMT, suggesting possible scenarios after the ve-
attack modeling for au- tonomous vehicles using the security
hicles were released, and integrated them into the V-model
abstraction model for automotive software. The authors also
process. To illustrate the SPMT phases, they enumerated po-
explain how the secu- rity abstraction model and the
tential attacks in the start phase. They applied the spoofing,
security scoring system (e.g., common vulnerability scoring
tampering, repudiation, information disclosure, DoS, and es-
system) can be used together. They demonstrated the
calation of privileges method in the prediction phase, and
application of the new security ab- straction model version
tested unveiled vulnerabilities and threats in the mitigating
for cloud attacks through an actual case study that
phase. In the possible scenario of released vehicles, the au-
investigated attack modeling for the combi- nation of a car
thors demonstrated how SPMT works with the V-model soft-
and a cloud.
ware process and concluded their work.
Some studies have applied deep-learning technology to
3.4.2. Attack tree and methodology
at- tacks on autonomous vehicles. Sheehan et al. (2018)
Salfer et al. (2014) formulated an attacker and system model
intro- duced a classification framework for possible cyber-
to analyze on-board automotive network security efficiently.
attacks on connected and autonomous vehicles. They
They proposed a search algorithm that can create a reasonable
classified cyber- risk and illustrated testing phases using
attack path and an efficient attack tree. It is possible to
their model and the US National Vulnerability Database. They
create attack trees for large system models on thousands of
used a Bayesian net- work classification model and achieved
nodes in just a few minutes. These become easy to
a high accuracy with 9794 cases of cyber risks.
implement as the required input values become more
Maple et al. (2019) performed attack area analysis using
detailed.
a reference architecture for connected autonomous vehicles.
Thing & Wu (2016) proposed a holistic attack and defense
Attack surface analysis was performed on elements such as
classification scheme to identify how autonomous vehicles
devices, edges, and cloud systems, which interact with the
can be effectively attacked and defended. The authors cre-
connected autonomous vehicles. Based on this, a reference
ated an autonomous vehicle attack taxonomy with the cat-
ar- chitecture was proposed from the perspective of hybrid
egories of attacker, attack vector, target, motive, and
com- munication. The authors also used attack trees in two
potential consequences. Autonomous vehicle defenses were
case studies to investigate attacks on autonomous vehicles.
classified into preventive defense, passive defense, active
defense, and collaborative defense.
Lim et al. (2016) analyzed security threats to autonomous
3.4.3. Review and survey papers regarding car hacking
vehicles and infrastructure. The authors proposed the devel-
Miller & Valasek (2014) surveyed remote attack surfaces on
opment and analysis of countermeasures that focus on pos-
various vehicles. They checked the location of the ECUs that
sible attack scenarios and their impacts on vehicles. They an-
handle external inputs as well as those that can physically
alyzed the research and development status of security tech-
 Fig. 6 – Categories of defense on autonomous vehicles.

change the vehicle. They examined the internal network ar-

chitecture of each vehicle. They identified physically control- 4. Defense of autonomous vehicles
lable features. The nature of these attacks necessitates an in-
depth defense strategy, including the detection of message With regard to the security of autonomous driving vehicles,
in- jection, as the attack proceeds through multiple steps. we divided the literature on defense into the following cat-
Liu et al. (2017) reviewed various research findings to de- egories: (i) security architecture, (ii) intrusion detection sys-
scribe the vulnerabilities of in-vehicle networks and summa- tem, and (iii) artificial intelligence with big data, as depicted
rized the method by which they can be attacked. They pre- in Fig. 6.
sented countermeasures against such attacks and pointed
out future issues and directions. They investigated the 4.1. Security architectures for autonomous defense
environ- ment, interface, attack methodology, and
contribution of re- lated papers (Hoppe and Dittman, 2007; Initially, research was conducted in terms of the security of
Hoppe et al., 2008; Koscher et al., 2010; Checkoway et al., each element of autonomous vehicles. Various security as-
2011; Woo et al., 2015). Parkinson et al. (2017) reviewed pects of CAN and ECU have been studied, and gradually, re-
previous studies, particularly those on vulnerabilities search on malware and VANETs has also been conducted.
revealed by white hat hackers, and mitigation techniques for Re- search papers related to this area are listed in Table 8.
connected and autonomous vehi- cles.
Pekaric et al. (2019) conducted security tests on various
4.1.1. CAN/ECU security
software-based vehicle IT components. They selected 39 pa-
Many studies on the security architecture for CAN and ECU
pers on systematic mapping, investigating security test tech-
have been presented. In 2008, Oguma et al. (2008) presented
niques, AUTOSAR hierarchy investigations, AUTOSAR func-
a security architecture for secure communication within a
tional interfaces, vehicle lifecycles, and attacks. They focused
vehicle. Remote authentication systems using trusted plat-
on the lifecycle of the application and service layers of the
form module to prevent ECU tampering cannot be applied to
AU- TOSAR architecture. Miller (2019) demonstrated in 2015
time-constrained vehicle systems; thus, it cannot be realized
that it was possible to attack a Jeep Cherokee remotely. After
in real-world vehicle systems. The authors presented a new
three years, they declared that the code signing required for
proof-based security architecture for in-vehicle communica-
soft- ware verification on ECUs is crucial. As an example, it
tions that meet the flexibility requirements of software con-
has been claimed that the Tesla Model S could only be
figuration authentication, encryption communications, and
attacked because it does not verify unsafe code. Therefore, if
switching. Nilsson et al. (2008) proposed a method of effec-
the code is prop- erly verified during software verification,
tively delaying data using complex message authentication
carrying out the at- tack would be difficult. Another example
code. The authentication factor is delayed because the mes-
is that no matter how perfect the security solution of a car is,
sage with the authentication code is calculated as a com-
it is not safe from be- ing hacked. Vehicle security requires
posite element of consecutive messages and is transmitted
that one must not rely only on attack prevention but design a
along with the next message. The method considered real-
system that can detect possible attacks and undertake
time traffic in the vehicle network, the CAN frame structure,
appropriate measures against them. Thus, Miller suggested
and the limited resources of the ECU. The message
that vehicles must be protected through thorough
authentica- tion code (MAC) computes the message to
verification, focusing on the security mech- anisms already
provide guarantees of integrity and reliability. In addition,
known rather than those based on new ideas.
delayed data authenti-
 Table 8 – Defense research related to security architectures for autonomous defense.

Defense category Authors Year Approach and experiment

CAN/ECU Oguma et al. (2008) 2008 Attestation-based security architecture
security Nilsson et al. (2008) 2008 Method to delay data by using complex message authentication code
Groll & Ruland (2009) 2009 Trusted Communication Groups
Schulze et al. (2009) 2009 Data Management System (DMS)
Herrewege et al. (2011) 2011 CAN authentication protocol
Lin & Sangiovanni-Vincentelli (2012) 2012 Security mechanism (message-based counter, pair-wise secret key)
Hazem, 2012 2012 Lightweight message source authentication protocol for CAN
Groza & Murvay (2013) 2013 Secure broadcast protocol for CAN
Wang & Sawhney (2014) 2014 VeCure, a security framework identifying injected CAN message
Yadav et al. (2016) 2016 Two-way authentication method for legitimate ECUs
Groza et al. (2017) 2017 Lightweight broadcast authentication
Kornaros et al. (2019) 2019 TrustNet based CAN communication protection
Andel et al. (2019) 2019 Proposal of countermeasures against attacks through priority
Agrawal et al., 2019 2019 Communication security architecture between ECUs on different channels
Woo et al. (2019) 2019 CAN ID shuffling method using a network address shuttle (NAS)
VANET Dardanelli et al. (2013) 2013 A security session layer for Bluetooth communication
security Engoulou et al. (2014) 2014 VANET security surveys
Islam et al. (2018) 2018 A group-key agreement protocol for vehicular networks
Lu et al. (2018) 2018 Survey on trust management models in VANET
Talib et al., 2018 2018 Literature review on Internet-of-Vehicles communication (90 references)
Shrestha & Nam (2019) 2019 Design of regional blockchains used in VANETs
Security Bécsi et al. (2015) 2015 Demonstrating the significance of careful system security design
design, Yag˘ dereli et al. (2015) 2015 Suggesting automatic defensive measure
process and Khurram et al. (2016) 2016 Scalable security architecture
framework Zheng et al. (2016) 2016 Framework for cross-layer modeling on connected vehicles
Berlin et al. (2016) 2016 Security management system with use cases
Reger (2016) 2016 V2X Communications, NFC, Ultra-Wideband ranging
Mawonde et al. (2018) 2018 Survey on vehicle security systems (14 references)
El-Rewini et al. (2019) 2019 Hierarchical framework for security threats targeting vehicles
Nasser & Ma (2019) 2019 HSM-based attack detection method in AUTOSAR

cation is introduced to prevent the interruption of real-time

tion of the existing nodes is not required to maintain
traffic.
compat- ibility. The limited size of payload in a CAN message
Groll & Ruland (2009) explained that the lack of
makes it difficult to implement defense mechanism,
reliability and confidentiality in CAN is the most crucial for
including authen- tication. To bypass this problem, the
the security risks of in-vehicle communications. They
authors used the CAN+ protocol, which extends to the
insisted that an ef- fective solution must be provided using a
available bits. Thereafter, they adopted a hash-based MAC
reliable communica- tion group to enable confidential
(HMAC), demonstrating the adver- sarial model, potential
communication among the vehicle’s components. They also
attacks, and transmission overheads. This proposed
emphasized that manufac- turers must prove that they
methodology allows ECUs to defend against several injection
belong to a closed communication group by holding a signed
attacks.
certificate. Schulze et al. (2009) con- sidered the need for data
Lin & Sangiovanni-Vincentelli (2012) also proposed a mes-
management for the dozens of ECUs that compose an
sage authentication mechanism for CAN, which requires a
autonomous system. They proposed three types of data-
pre-shared pairwise key, ID table, and message-based counter.
management systems based on design aspects as well as
They presented experimental results of the application of
example scenarios: (i) a central driver monitoring systems
the methodology. In the experiment, the attacker model per-
(DMS) relies on a single ECU, having pros (e.g., sim- ple,
formed replay and modification attacks. The result was
easier management, and updates) and cons, including the
based on message latency and bus load, indicating affordable
bottleneck problem; (ii) a distributed DMS works with multi-
over- heads. Hazem (2012) proposed a lightweight message
ple ECUs, having the opposite pros and cons; (iii) a novel hybrid
source authentication protocol for CAN. The protocols have
DMS consisting of a single DMS on each sub-network of a ve-
detailed phases by state against the attackers, including
hicle. Although they did not discuss how a DMS might be im-
initializa- tion, channel setup, data exchange,
plemented, the consideration is relevant because many intru-
synchronization, and re- freshing chain. Even though the
sion detection methods require in-vehicle status at sensors,
protocol was not tested on commercial vehicles, it was
actuators, and ECUs.
implemented within a microcon- troller. The authors also
Herrewege et al. (2011) proposed CANAuth, an authentica-
mentioned that single-pair Ethernet and FlexRay
tion protocol for broadcast communication, particularly appli-
technologies can adapt their protocol.
cable to the CAN bus. A benefit of this concept is that
Groza & Murvay (2013) provided a secure broadcast pro-
modifica-
tocol for CAN, which does not require a pre-shared, public,
or private keys. In the protocol, the key is updated on ev-
4.1.2. VANET security
ery broadcast (i.e., transmission of a single message in the
Dardanelli et al. (2013) proposed a security session layer ap-
CAN bus). The authors optimized some parameters on their
plicable to Bluetooth communication to protect the connec-
embedded test-bed to maximize the efficiency of communi-
tion between a smartphone and a vehicle. Owing to the
cation. Wang & Sawhney (2014) proposed VeCure, a security
evolu- tion of the infotainment system, most vehicles
framework identifying injected CAN messages by calculating
support Blue- tooth services and allow access to the in-
the latency of the message from sender to the receiver. They
vehicle network. Af- ter the smartphone and vehicle share
implemented a proof of the concept on an embedded system,
their symmetric ses- sion key through the elliptic-curve
reporting a process delay of 50 μs. Experiments have shown
Diffie-Hellman scheme, they communicate through
that they can effectively respond to injection and replay at-
encrypted messages with a ran- domly generated key. The
tack. Yadav et al. (2016) summarized entry points that can be
experiment demonstrated the fea- sibility of the proposed
used for attacks, including physical access, and wireless sys-
method. Engoulou et al. (2014) fo- cused on security in
tem such as Bluetooth and TPMS. The authors also focused
VANETs, presenting security issues, re- quirements, and
on threats to the OBD-II and CAN buses. The key idea is that
challenges as well as the categorization of these issues. The
only legitimate ECUs can be connected to the diagnostic
authors proposed a security architecture for VANETs from a
system. They applied a two-way authentication method
global point of view. Islam et al. (2018) pro- posed a
described in a step-by-step manner.
password-based conditional privacy-preserving au-
Groza et al. (2017) introduced LiBrA-CAN, a secure protocol
thentication and group-key generation. A group-key agree-
for broadcast authentication using symmetric primitives. The
ment protocol for vehicular networks preserves privacy
protocol was implemented on CANoe and the result, includ-
while exchanging traffic data using a hash function. Their
ing computational costs, bus load, and execution time, were
study in- cludes security analysis, the number of potential
described in their study. The authors also addressed the con-
attacks on vehicles, and analyses of computation and
cern of feasibility degradation owing to the small payload
communication costs. The discussion shows that their
size
protocol resists attacks, such as impersonation, modification,
of a CAN message. One suggestion is to use the CAN+ and offline password- guessing attacks, on the VANET.
protocol
Lu et al. (2018) presented a survey on trust management
for additional data. However, a limitation is that the protocol
models in VANETs and summarized VANET simulators that
is not suitable for the pre-built CAN bus, which is used in
can be used to research VANETs. The authors enumerated
almost all vehicles.
properties of trust management that should be considered:
Kornaros et al. (2019) proposed a technique that allows the
decentralization, real-time constraint, information sparsity,
use of both virtual and unreliable channels over the same
scalability, privacy, and robustness. Talib et al. (2018) surveyed
CAN network. Referring to it as TrustNet, they proposed a
the literature on communication security for the Internet-of-
means to protect the communications of the CAN bus with
Vehicle, published between 2010 and 2018. They described
minimal overhead and full legacy system support. That is,
var- ious attacks on the Internet of Vehicles,
they proposed an integrated approach to ECU authentication
countermeasures for those, and the results of such
and network security that can easily be deployed in legacy
countermeasures. The authors summarized future legal and
infrastructure. Andel et al. (2019) used the inherent features
technical considerations for de- veloping the Internet of
of CAN arbitration, error detection and signaling, and fault
Vehicles platform.
confinement mechanisms. They invalidated packets coming
Shrestha & Nam (2019) examined the design of regional
into the attack through access control and message priority
blockchains used in VANETs and illustrated how regional
thresholds at the CAN data-link layer. Thus, they proposed a
blockchains are safe against “51% percent attack.” They de-
means to mitigate the impact on the normal node from at-
termined that, to reduce the attack success rate below 51%,
tacks that attempt to manipulate messages at priority levels.
the number of benign and malicious nodes, message-delivery
Agrawal et al. (2019) proposed a communication security ar-
time, puzzle calculation time, and certain conditions need to
chitecture among ECUs on different channels through one of
be considered. They experimented with various simulations
the units acting as a gateway. He proposed a secure commu-
to determine these conditions. They found that being able to
nication scheme for a CAN with flexible data rate. Addition-
deliver benign nodes in the shortest time plays a significant
ally, he claimed that AEGIS, the proposed encryption scheme,
role in improving the stability of the local blockchain. If the
provides better performance than applying individual prim-
message delivery time between benign nodes is sufficiently
itives for encryption and authentication. His-experiments
short, it is unsafe for malicious nodes to attack. The authors
have also demonstrated that this schema is superior to AES
also proposed a method for decreasing the message delays
counter with a cipher block chaining message authentication
be- tween the superior nodes of a VANET.
code.
Woo et al. (2019) proposed the CAN ID shuffling method
using a network address shuttle as a moving target defense
4.1.3. Security design, process, and framework
method in the CAN network environment of a vehicle. A
Bécsi et al. (2015) described the impact of connectivity on ve-
prac- tical security solution is to make it difficult for
hicles. They demonstrated the significance of careful system
attackers to easily find information, such as the CAN ID, data
security design, with linked functions modifying the vehicle
frame sav- ing cycle, and data field formats. It has also been
structure and presenting the vulnerability of each element.
claimed that this method is practical because it can be
The application security of information and communications
implemented with- out changing the protocol format or the
technology has emphasized the already well-understood se-
specific fields in the existing CAN standard.
curity principles.
 Yadereli et al. (2015) suggested that a variety of au-
nipulated. The experiment used the vehicle’s diagnostic pro-
tonomous vehicle systems can become vulnerable owing to
tocol to implement routine control services related to vehicle
software and hardware defects as well as defects in the de-
safety. They mentioned that the hardware-security-module-
velopment process. Due to these risks, the authors empha-
based monitoring systems can protected against malicious
sized that vehicles must have automatic defensive measures
at- tacks.
in place. They also investigated the security vulnerabilities of
autonomous vehicle systems and identified the threats and
attacks that exploit them. Further, they discussed the devel- 4.2. Intrusion detection system
opment guidelines and mitigation methods available for au-
tonomous vehicle systems. There have been many attempts to incorporate the most rep-
Khurram et al. (2016) presented a security framework resentative and basic network security solutions, firewall and
for connected car security architecture - multiple modules intrusion detection systems, into the autonomous vehicle.
in various layers that comprised the OTA update system. Re- search papers related to this area are listed in Table 9.
Zheng et al. (2016) developed CONVINCE, which is a frame-
work for cross-layer modeling on connected vehicles. CON-
4.2.1. Intrusion detection system for CAN
VINCE encompasses intra-vehicle and inter-vehicle commu-
Hoppe et al. (2009) proposed the adoption of intrusion
nication. CACC was used to evaluate the effectiveness of the
detec- tion in the automotive domain. The special
framework in a case study. The authors carried out flooding at-
requirements for achieving this were analyzed considering
tacks on an NS3-based vehicle network simulator to measure
the technical chal- lenges. They also developed a
the packet-loss rate and evaluate the performance of their
prototypical automotive IDS component.
work. Berlin et al. (2016) introduced a security management
Mü ter et al. (2010) discussed a structured approach
system. This system uses the use-case concept. The use-
based on sensor intelligence. The authors provided certain
cases included a special event of an attack and stolen
appli- cability criteria for sensors as well as the parameter
credentials.
val- ues. Furthermore, they suggested the integration of
Reger (2016) addressed the concepts of Ethernet, V2X com-
sensor result to build the concept of IDS in the vehicular
munications, car RADAR, NFC, ultra-Wideband (UWB) ranging,
domain. Kleberger et al. (2011) conducted research on the
and security. At the highest levels of privacy and system se-
in-vehicle network and security of connected cars. They
curity, reliable wireless and wired communication technolo-
stated existing problems with in-vehicle network and
gies combined with powerful data-processing capabilities
architectural security features. They also introduced IDS and
are critical. The author discussed what it takes to realize
honeypots to defense attacks.
securely connected cars of the future. He asserted that, as
Mü ter & Asaj (2011) suggested an information-theoretic in-
opposed to an afterthought, security must become an
trusion detection method for the CAN bus. Their idea was to
integral part of the design process. This calls for security-by-
calculate the entropy of CAN messages on the binary, signal,
design and privacy- by-design approaches.
and protocol levels. The authors measured the entropy
Mawonde et al. (2018) presented an analysis of
based on three measures: i) conditional self-information, ii)
numerous studies and approaches that exist in the literature.
entropy, and iii) relative entropy. As the calculation is based
They per- formed an in-depth comparative analysis of the
on each CAN ID, a specific ECU can be identified as being
type of tech- nology implemented and the strengths and
attacked. A test vehicle was used to measure the value while
weaknesses of the proposed systems. Based on their
driving.
findings, the authors con- cluded that there are some strong
Ling & Feng (2012) proposed a malicious detection algo-
contenders to the augmen- tation of current vehicle security.
rithm applicable to a CAN bus. The proposed algorithm de-
They reviewed 14 existing papers to create a summary of the
tects attacks using the frequencies calculated by the CAN IDs
proposed vehicle security technologies.
of the messages. A list of CAN IDs used in the bus is obtained
El-Rewini et al. (2019) proposed a hierarchical frame-
in advance. An attack can be detected early by watching out
work for security threats targeting vehicles. The proposed
for the appearance of a CAN ID that has not been used before.
framework consists of three layers: sensing, communica-
The algorithm was implemented in the CANoe simulator
tion, and control. The sensing or detection layer consists
using a CAN access programming language. Studnia et al.
of environmental sensors vulnerable to eavesdropping, jam-
(2013) in- troduced a brief overview of possible attacks that
ming, and spoofing attacks. The communication layer con-
are already known and experimented against vehicles and
sists of in-vehicle communication and V2X communication
certain protec- tion mechanisms. The key idea was to deploy
and is primarily exposed to eavesdropping, spoofing, man-
a gateway and use it as an IDS. However, applying a gateway
in- the-middle, civil attacks, etc. The control layer includes
to the CAN bus can cause problems due to unintended
au- tonomous driving functions, including vehicle speed,
performance degrada- tion.
braking, and steering automation. They used this framework
Song et al. (2016) proposed a lightweight algorithm to de-
to inves- tigate attacks and threats related to the
tect an injection attack on an in-vehicle network based on
communication layer and suggested countermeasures.
the time intervals of CAN messages. In the implementation,
Nasser & Ma (2019) determined that AUTOSAR-based
the authors measured and calculated the period of a message
safety systems are vulnerable to code reuse attacks and
by the CAN ID with normal status. The results were used as
stud- ied countermeasures against these. They proposed a
thresholds to identify intrusions. The limitation of this study
method to protect the shared RAM buffer between a hardware
is that the detection algorithm must have prior knowledge
security module and the host from a vulnerability that
about the intervals of receiving “Arbitration_ID” values for each
could be ma-
 Table 9 – Defense research related to intrusion detection systems.

Defense category Authors Year Approach and experiment

IDS for CAN Hoppe et al. (2009) 2009 Anomaly-based IDS for the CAN protocol
Mü ter et al. (2010) 2010 Eight attack detection sensors
Kleberger et al. (2011) 2011 Surveys for network, architectural, IDS, honeypots, threats, and attacks.
Mü ter & Asaj (2011) 2011 Information theoretic intrusion detection method for CAN bus
Ling & Feng (2012) 2012 Consecutively broadcast ID threshold count
Studnia et al. (2013) 2013 Experimented against vehicles and some protection mechanism
Song et al. (2016) 2016 Time intervals of CAN messages for in-vehicle network
Boudguiga et al. (2016) 2016 ECU Intrusion Detection (ECU DoS, replay and impersonation attacks).
Gmiden et al. (2016) 2016 Time intervals between matching CAN IDs
Cho & Shin (2016) 2016 Anomaly-based intrusion detection system-Clock based IDS (CIDS)
Rizvi et al. (2017) 2017 State-fully hybrid adaption of distributed firewall system
Lee et al. (2017) 2017 Offset ratio and time-interval-based IDS (OTIDS)
Marchetti & Stabili (2017) 2017 Detection algorithm measuring sequence of CAN ID
Choi et al. (2018) 2018 Using low-level communication characteristics. Detect bus-off attack
Studnia et al. (2018) 2018 A language-based intrusion detection approach
Kneib & Huth (2018) 2018 Signal-characteristic-based sender identification
Lokman et al. (2019) 2019 Survey and review of IDS in CAN bus system environment
Longari et al. (2019) 2019 CopyCAN intrusion detection
Zhou et al. (2019) 2019 Bit-time-based CAN bus monitor (BTMonitor)
Luo & Hou (2019) 2019 Software-based firewall
Olufowobi et al. (2019) 2019 Proposal of IDS of ECU reboot mechanism using message cycle
IDS for VANET Maglaras (2015) 2015 Architectural concept of DIDS designed for VANET
Straub et al. (2017) 2017 Four layers (vehicle-level, network, traffic management, and coordination)
Li et al. (2017) 2017 Regression learning approach
Sharma & Kaul (2018) 2018 Surveyed and classified IDS in VANET
Hamad et al. (2019) 2019 Proposal of red-zone-based intrusion response system

vehicle. They published the dataset used in this study on

harmful and should be addressed by understanding the ex-
their website.
isting vulnerabilities and threats to the in-vehicle network.
Boudguiga et al. (2016) proposed an intrusion detection
To this end, they suggested a hybrid security system and a
method for a CAN bus. The main idea was that the mi-
distributed firewall that deployed a filter for each sensor and
crocontrollers monitor the CAN messages traveling in the
communication module such as GPS, Bluetooth, and Wi-Fi.
bus to detect malicious frames. To do this, the method re-
Lee et al. (2017) suggested OTIDS, which is an IDS based on
quires a hardware security module embedded in each ECU.
the offset ratio and time interval using the requests and re-
The authors performed an experiment with their CAN at-
sponses of remote frames. Under normal driving conditions,
tacker model, performing DoS, impersonation, and isolation
the interval and offset between the request and response are
attacks. Each ECU identifies whether a message is normal,
fixed, but when a message injection attack occurs, it varies.
based on the MAC, and classifies illegal messages as intru-
The experiment was conducted on a commercial vehicle, and
sions. Gmiden et al. (2016) proposed a simple IDS based on
the dataset used in the study was released on the author’s
the time intervals between CAN messages. The advantages of
website. Marchetti & Stabili (2017) suggested a detection al-
this method are that it does not require any modification of
gorithm to measure the sequence of CAN IDs. In the method,
the existing hardware or CAN buses, and it can identify at-
the sequence potentially follows the CAN ID or IDs, which
tacks through only a single monitor.
are referred to by the detection model upon transmission of
Cho & Shin (2016) proposed an ECU-fingerprinting method-
each CAN message.
ology based on analyzing the message arrival time. The au-
In 2018, Choi et al. (2018) proposed VoltageIDS, which
thors overcome the limitation that the transmission source
de- tects intrusions on the side-channel of CAN messages.
was unknown, as CAN messages do not contain such infor-
Volt- ageIDS was the first IDS developed for vehicles that can
mation. The authors’ idea was to measure the travel time re-
dis- tinguish between errors and bus-off attacks. The IDS
quired for a message until it is received by the ECU. They ex-
capture an electrical CAN signal to identify an ECU. An
tended the study to build an IDS that identifies the exact at-
advantage of this proposal is that it does not require any
tacked nodes. Three attack scenarios were evaluated on a
modification of the system. The authors presented a
test- bed and two commercial sedans. One limitation of their
prototype of the CAN bus and the results of an experiment
study was that the IDS cannot locate the attackers who send
on a real vehicle while driving. Studnia et al. (2018)
mes- sages only periodically.
presented a network IDS, using language theory to build
Rizvi et al. (2017) studied threats to in-vehicular
attack signatures and detect mali- cious messages sequences.
networks by introducing existing vulnerabilities and attacks
The authors detailed the method- ology and experiments
on au- tonomous cars. They argued that DoS and replay
conducted using collected CAN traffic.
attacks are
 Kneib & Huth (2018) proposed Scission, an IDS finger-
4.2.2. Intrusion detection system for VANET
printing ECU that captures the voltage of the CAN bus. The
Maglaras (2015) presented an architectural concept of a dis-
ad- vantage of monitoring the side-channel is that the
tributed IDS designed for VANETs. The modules of the pro-
attacker’s position can be determined beyond the limits of
posed distributed IDS were installed in a RSU and in a
the CAN pro- tocol. The experiment was conducted on two
vehicle. The authors mainly focused on performance issues
commercial ve- hicles. A comparison of three similar studies,
that can occur during implementation rather than on attack-
including the authors’, was provided. The result was that
detection methods.
Scission achieved 99.85% accuracy and a 0% false positive
Straub et al. (2017) presented a collaborative intrusion
rate. The authors men- tioned that the method can distinguish
de- tection system that works on VANETs. The proposed
between added ECUs and unknown ECUs.
system is composed of four parts: (i) the vehicle-level IDS
In 2019, Lokman et al. (2019) conducted a survey and re-
works on each vehicle, detecting attacks without the
view of the IDSes in a CAN bus system environment. Their
cooperation of the external system; (ii) the vehicle area
goal was to conduct literature research on proposed IDS
network IDS works with VANET with several vehicles that
detection methods, deployment strategies, and attack
share their status with each other; (iii) a system on the RSU
techniques. Based on the IDS detection methods described in
takes responsibility for the secure communication of the
detail, these were categorized as frequency-based, machine-
local VANET, and (iv) the cen- tral system processes all data
learning-based, sta- tistical, and hybrid-based methods.
from the VANETs and identifies anomalies.
Longari et al. (2019) proposed CopyCAN intrusion detection,
Li et al. (2017) presented an IDS based on sensor data, ap-
which monitors the CAN network to determine whether the
plied to the regression-learning approach, estimating parame-
node is disconnected from the current network based on the
ters with correlated and redundant data. The authors used
error counter of the ECU. This approach is advantageous when
the following sensor data from the vehicle: engine speed,
an attacker spoofs a message. It can also detect how to iso-
acceler- ation, brake pedal position, yaw rate, angle of
late the normal ECUs and attack the malicious node. Copy-
steering wheel, and gear position. Experiments were
CAN can detect spoofed messages, even if the information
conducted using actual vehicles and demonstrated that an
streams do not match. In the existing network environment,
accuracy of 90% or more was obtained when the vehicle
IDS-implemented ECUs can be installed to monitor and com-
speed was used.
ply with existing CAN standards. Zhou et al. (2019) proposed
In Sharma & Kaul (2018), the authors surveyed IDSes in
a new intrusion detection system called BTMonitor (bit time-
VANETs. The authors conducted research on the papers that
based CAN bus monitor) to address the weaknesses caused
proposed each IDS based on the following criteria: place-
by the lack of message authentication in the CAN protocol.
ment strategy, detection method, security threat, validation
The system indicated that experiments in vehicles have an
strategy, and highlighting features. In addition, the IDSes
aver- age of 99.76% chance of correctly identifying the sender,
were classified as follow: (i) reaction type: active IDS, pas-
which can help detect intrusions and find attackers. The
sive IDS, and real-time detection IDS; (ii) detection method-
detection method used the measurable discrepancies of bit
ology: signature-based, anomaly-based, cross-layer-based, hy-
times in the CAN frame to indicate the fingerprint of the ECU
brid IDS, and watchdog-based; (iii) validation strategy: sim-
in the out- going packet. The authors proposed a method for
ulation, empirical, hypothetical, and theoretical; and (iv) de-
detecting intrusions and detecting attackers using the
ployment location: centralized RSU-based IDS, distributed
fingerprints gen- erated by each sender.
individual-node IDS, cluster head-based IDS, and hybrid IDS.
Luo & Hou (2019) proposed a firewall and a security mecha-
Hamad et al. (2019) proposed a situational evaluation
nism based on a hardware platform to protect against
mechanism to determine the optimal response in a vehicle
vehicle- borne cyber security threats. The authors proposed
using intrusion response systems (IRSes), which are used
a packet filter mechanism, which was categorized according
not only in the vehicle sector but also in other areas. They
to proto- col security requirements. CAN with a flexible data
investi- gated the requirements for applying the IRS
rate was implemented as a packet filter mechanism. The
mechanism to ve- hicles. They also proposed an IRS based on
authors also designed and proposed DoS defense and access
the red-zone prin- ciple according to the identified
control mech- anisms. They proposed a network firewall
requirements. The IRS uses the red-zone time to implement
mechanism that can be applied based on each attack vector.
the response strategy. It is de- signed to evaluate and
The firewall was based on a microcontroller unit using the
respond to a predefined security policy through a framework
hardware security module to implement the encryption
already established through the IRS dur- ing the red-zone
function. The authors also suggested a possible network
period. The authors had already verified the security policy
firewall implemented in the central gateway.
strategy and countermeasures predefined in the previous
Olufowobi et al. (2019) proposed an algorithm that de-
study before proposing the IRS-based IDS frame- work.
tects and repairs messages spoofed by an attacker using
the vehicle’s CAN network. The proposed recovery process
works by remotely rebooting the damaged ECU. Therefore,
4.3. Artificial intelligence using big data
an IDS was proposed to switch off the abnormal node
to the bus so that only normal communication is possi-
With the development of artificial intelligence and the acti-
ble. The criteria were applied by setting a threshold of ap-
vation of big data, research on autonomous vehicle security
proximately 6 ms rather than the normal message frame
combining artificial intelligence and big data technology has
period.
become an important trend in recent years. Research papers
related to this area are listed in Table 10.
 Table 10 – Defense research related to artificial intelligence using big data.

Defense category Authors Year Approach and experiment

ML and DL Taylor et al. (2015) 2015 Flow-based anomaly detector for CAN bus
Han et al. (2015) 2015 Detection method by using a statistical method
Marchetti et al. (2016) 2016 LSTM to determine anomaly detection in CAN bus data
Kang & Kang (2016) 2016 Deep learning structure with deep belief network
Narayanan et al. (2016) 2016 Using hidden Markov model with OBD SecureAlert
Taylor et al. (2016) 2016 Measured entropy of CAN messages using information-theoretic method
Moore et al. (2017) 2017 Data-driven anomaly detection algorithm
Tomlinson et al. (2018b) 2018 CAN IDS survey (43 references)
Han et al. (2018) 2018 Anomaly detection based on survival analysis
Tomlinson et al. (2018a) 2018 Measured packet timing of CAN messages within time window
Al-Khateeb et al. (2018) 2018 Recursive Bayesian estimation
Seo et al. (2018) 2018 GAN based IDS
Ahmad et al., 2019 2019 Machine learning techniques to detect relay attacks
Song et al. (2019) 2019 Deep convolutional neural network (DCNN) based IDS
Tang et al. (2019) 2019 Classified machine learning as communications, networking, and security
Cloud and Zhang et al. (2014) 2014 Cloud-assisted vehicle malware defense framework
Big data Eiza & Ni (2017) 2017 Latest vehicle cyber security threats and defending mechanisms (17 references)
Gupta & Sandhu (2018) 2018 Authorization framework for secure cloud assisted

4.3.1. Machine learning and deep learning

all United States vehicles. In the model generation phase,
Research has been conducted to introduce artificial intelli-
the system builds a hidden Markov model that expresses
gence concepts into autonomous vehicle security since mid-
time-series data. Using the model, anomalous behavior is
2010.
detected in the anomaly-detection phase. In their experi-
Taylor et al. (2015) presented a flow-based anomaly de-
ment, the authors used RPM and velocity data to test their
tector for the CAN bus. The motivation was that most nor-
model.
mal packets arrive at a fixed frequency. The proposed method
Deep-learning and machine-learning techniques have
compares the historical packet timing over a sliding win-
been studied in autonomous security. Taylor et al. (2016) used
dow. The authors tested their method with data captured
long short-term memory (LSTM) to detect anomalies in CAN
from two CAN buses on a 2011 Ford Explorer and evalu-
bus data. The LSTM predicts the next payload of CAN mes-
ated the performance on a one-class support vector machine.
sages based on prior messages. The model identified abnor-
Han et al. (2015) proposed a detection method using one-
mal messages that were injected, modified, or even dropped.
way analysis of variance. They used several sensor data
The authors claimed that the method shows low false-alarm
values captured via an OBD-II scanner. A homogeneity test
rates.
was per- formed on parking, driving with constant speed, and
Moore et al. (2017) proposed an anomaly detection algo-
driving in downtown situations. The authors suggested that
rithm based on time interval, taking less than 5 s to train
the method should be targeted at IoT devices that are
the model. The authors described that 1) the normal message
connected while driving, and an external device should be
and signal have a regular frequency, and 2) an attacker in-
able to identify the anomalies.
jects repetitive messages to trigger an effective attack on the
Marchetti et al. (2016) measured the entropy of CAN mes-
vehicle. The authors determined the intrusion using simple
sages using the information-theoretic method. The simple
threshold.
idea was that an attack is detected when the entropy drops be-
Tomlinson et al. (2018b) studied anomaly detection meth-
low a certain threshold value. The entropy value is
ods and technologies for CAN. They also considered the impli-
calculated for each time window. In the experiment, an
cations of these in terms of practicability and requirements.
attack model was injected at regular intervals.
The authors categorized anomaly detection methods as fol-
Kang & Kang (2016) proposed a DNN-based IDS working
lows: i) signature-based, ii) statistical-based, iii) knowledge-
on a CAN bus. The goal of their research was to detect ma-
based, and iv) modeling algorithms, including clustering,
licious packets injected into the CAN bus. Due to the time
support vector machines, neural networks, and the hidden
consumption of the training phase, the authors assumed
Markov model.
that the training phase occurs outside the vehicle. However,
Han et al. (2018) used the survival analysis model to detect
they mentioned that the model provides results immedi-
intrusion in vehicular networks. The goal of their study was to
ately in the detection phase. The experiment was performed
identify malicious CAN messages accurately without knowl-
on a simulator using a packet generator, open car testbed,
edge of traffic information. They tested their detection model
and network experiments. Narayanan et al. (2016) proposed
on three different types of vehicles. The experiment was per-
OBD-SecureAlert to determine abnormal activities that oc-
formed with flood, fuzzy, and malfunctioning attacks. The re-
cur during driving. The system architecture is divided into
sult included accuracy and f-measure on each vehicle and at-
three sections. In the data collection phase, CAN mes-
tack, and the detection speed depends on the number of CAN
sages are collected via the OBD-II port that exists in almost
IDs used with a car.
 Tomlinson et al. (2018a) measured the packet timing of
tomobile applications. New cyber threats come along with
CAN messages within a time window and offered various ex-
new technologies, including autonomous driving technology
perimental results with changed thresholds. Two measure-
and V2X communication. The authors introduced an automo-
ments, Z-score and auto-regressive integrated moving aver-
tive network architecture, corresponding cyber threat vectors,
age, are normally used to determine the likelihood of an at-
and certain defensive mechanisms against these. To
tack. The authors demonstrated that the proposed method
challenge attacks via communication channels, the authors
could identify dropped or injected packets. The features
suggested three solutions: i) secure OTA update solution
used in the performance evaluation were recall, specificity,
delivering the code with cryptographic verification, ii) a
and ac- curacy, and the results varied depending on the
cloud-based solu- tion, and iii) a layer-based solution.
window size. Al-Khateeb et al. (2018) used Bayesian
Gupta & Sandhu (2018) studied an authorization frame-
estimation tech- niques for the insider-threat prediction
work, an extended access control oriented architecture for
model. They assumed a hijacking attacker who can not only
VANET and vehicular clouds. The proposed architecture fo-
acquire communication between the vehicle and command
cuses mainly on the object and virtual object layers. The au-
and the control system, but also perform a man-in-the-
thors introduced a method to deal with sensitive informa-
middle attack. To detect the at- tack, they used the following
tion in the cloud environment and provided a real use-case.
features: vehicle speed, geoloca- tion information including
The research topics proposed in the study are: external
elevation, orientation, timestamp, and IPv6 address. They
inter- actions, in-vehicle interactions, cross-cloud
insisted that the Bayesian model can predict a vehicle’s next
interaction, and cloud data.
possible state, which is used to identify
an attacker’s intervention.
Seo et al. (2018) built a CAN message classifier using a
generative-adversarial-network-based IDS (GIDS). The signifi-
cance of GIDS is that it can detect intrusion using a model cles, including malware and vulnerabilities in OBD and au-
built from normal data. GIDS generates fake messages for
training purposes instead of attacks, which allows the model
to detect attacks that have never been seen before. The
experiment was performed using four types of attacks: DoS,
fuzzy, RPM modifi- cation, and gear position modification.
The performance was measured with 100% accuracy on the
first discriminator and 98% accuracy on the second
discriminator.
Ahmad et al., 2019 studied the introduction of machine-
learning techniques to detect relay attacks against PKES
systems. For the experiment, the decision tree, support
vector machine, and k-nearest neighbors methods were
compared using a three-month log of the PKES system.
Song et al. (2019) proposed an IDS based on a deep convo-
lutional neural network to protect the CAN bus. They com-
pared machine-learning algorithms (LSTM, artificial neural
network, support vector machine, k-nearest neighbors, naive
Bayes, and decision tress) for DoS, gear spoofing, RPM spoof-
ing, and fuzzy attack. The authors experimented on the pro-
posed model with four categories of message injection at-
tacks. Tang et al. (2019) presented a survey paper related to
the secure vehicular network-applied machine-learning ap-
proach. The authors classified machine-learning techniques
in a vehicular network as communication, networking, and
se- curity perspective. They also highlighted the future of
vehicle network that include 6 G and artificial intelligence
techniques.

4.3.2. Cloud and big data

Zhang et al. (2014) focused on defending malware targeted
at vehicles. They introduced potential inflow ports, including
the OBD-II port, OTA update system, on-board web browser,
multi- media port (e.g., USB port), and third-party equipment.
As sev- eral infotainment systems are operated using the
Linux OS, malware can harm the in-vehicle system. The
authors pro- posed some frameworks to protect the in-
vehicle system from malware, such as cloud-assisted
detection framework and on- board inspection procedure.
Eiza & Ni (2017) illustrated cybersecurity threats on vehi-
5. Summary and conclusion

There has been a clear flow in the attacks against vehicles

and their defenses over time. Regarding attacks, research
on CAN and ECU was actively conducted before 2017.
Recently, the de- sign of risk and possible attack scenarios
for vehicles has been studied (e.g., attack tree, STRIDE, and
evaluation method). Re- search on automobile attacks has
been conducted on a variety of attack surfaces, beginning
with the studies by (Hoppe et al., 2008) and (Nilsson et al.,
2008) up to the recent study con- ducted by (Maple et al.,
2019). The first car attack was primar- ily an attack on the
interior of the car involving the ECU and CAN. In recent
years, autonomous driving technology has ad- vanced, and
attacks on external communications, such as on V2X, have
been studied extensively.
As attack techniques for autonomous vehicles
continues to emerge, defensive methods are also being
studied. Defense has been steadily researched in areas such
as security of CAN networks, security of authentication
protocols, and in- trusion detection. We know that the
networks and protocols currently in use in vehicles are
insecure, but we are restrained by the fact that it is difficult
to respond quickly to attacks. Therefore, methods of
detecting attacks have been steadily re- searched, and in
recent years, artificial intelligence techniques with big-data
analysis are being considered to improve the specifications
of ECUs. Security research on autonomous ve- hicles has led
to the method of specification-based detection as proposed
by (Hoppe et al., 2008) and has been continuously studied
since then. This has led to the proposal of machine- learning
techniques in (Ahmad et al., 2019). Autonomous ve- hicle
security models have been studied, from IDS, which is a
traditional security model, to security models combining
arti- ficial intelligence, machine learning, and deep learning
tech- nologies, such as a Bayesian network and a deep-belief
net- works.
With the present technology, the future of automobiles
will be combined with fully autonomous vehicle functions.
The major automobile brands Volkswagen, BMW, Mercedes-
Benz, Nissan, Hyundai, and Toyota are developing
autonomous driv-
ing technologies, as are IT companies such as Google, Apple,
and Samsung.
In this situation, cyber-attacks on autonomous vehicles
will be further intensified, and the aftermath will have a grave
impact on the safety of human life and that of the city. The
research contents of Alcaraz & Lopez (2012) who studied se-
curity requirements in Critical Infrastructure are also helpful
in constructing the security elements of future autonomous
vehicles. The world we live in will evolve into one made of
smart cities, and autonomous vehicles will be at the center of
smart mobility. With the aim of making the world we live in
more secure; we hope this survey paper will be helpful to all
researchers working on attacks and defenses associated
with autonomous vehicles.
Declaration of Competing Interest
The authors declare that they have no known competing fi-
nancial interests or personal relationships that could have
ap- peared to influence the work reported in this paper.
Acknowledgements
The study was funded by Institute for Information and com-
munications Technology Promotion (Grant No. 2020-0-00374,
Development of Security Primitives for Unmanned Vehicles).
Also, this study was supported by a Korea University Grant.
R E F E R E N C E S
Al-Kahtani Mohammed Saeed. In: 2012 6th International
Conference on Signal Processing and Communication
Systems. Survey on security attacks in Vehicular Ad hoc
Networks (VANETs) Pages 1–9 of. IEEE; 2012.
al-Khateeb Haider, Epiphaniou Gregory, Reviczky Adam,
Karadimas Petros, Heidari Hadi. Proactive threat detection for
connected cars using recursive bayesian estimation. IEEE
Sens J 2018;18(12):4822–31.
Agrawal Megha, Huang Tianxiang, Zhou Jianying,
Chang Donghoon. CAN-FD-Sec: Improving Security of CAN-FD
Protocol, 11552 Page 77 of. Springer; 2019. Revised Selected
Papers.
Ahmad Usman, Song Hong, Bilal Awais, Alazab Mamoun,
Jolfaei Alireza. Securing smart vehicles from relay attacks
using machine learning. J Supercomput 2019:1–18.
Alcaraz Cristina, Lopez Javier. Analysis of requirements
for critical control systems. International journal of
critical infrastructure protection 2012;5(3–4):137–45.
Alcaraz Cristina, Lopez Javier, Wolthusen Stephen. OCPP
protocol: security threats and challenges. IEEE Trans Smart
Grid 2017;8(5):2452–9.
Amoozadeh Mani, Raghuramu Arun, Chuah Chen-Nee,
Ghosal Dipak, Zhang H Michael, Rowe Jeff, Levitt Karl. Security
vulnerabilities of connected vehicle streams and their impact
on cooperative driving. IEEE Communications Magazine
2015;53(6):126–32.
Andel Todd R, McDonald J Todd, Brown Adam J, Trigg Tyler H,
Cartsten Paul W. In: 2019 IEEE International Conference on
Consumer Electronics (ICCE). Towards Protection Mechanisms
for Secure and Efficient CAN Operation Pages 1–6 of. IEEE;
2019.
Bacchus, Mark, Coronado, Alexander, Gutierrez, Maria A. 2017.
The insights into car hacking.
Bariah Lina, Shehada Dina, Salahat Ehab, Yeun Chan Yeob. In:
2015 IEEE 82nd Vehicular Technology Conference
(VTC2015-Fall). Recent Advances in VANET Security: A Survey
Pages 1–7 of. IEEE; 2015.
Bayer Stephanie, Enderle Thomas, Oka Dennis-Kengo,
Wolf Marko. Security crash test-practical security evaluations
of automotive onboard it components. Automotive-Safety &
Security 2015;2014.
Bé csi Tamá s, Aradi Szilá rd, Gá spá r Pé ter. In: Models and
Technologies for Intelligent Transportation Systems (MT-
ITS), 2015 International Conference on. Security issues and
vulnerabilities in connected car systems Pages 477–482 of.
IEEE; 2015.
B erli n Olga, Held Albert, Matousek Matthias, Kargl Frank. In:
2016 IEEE Vehicular Networking Conference (VNC). Poster:
anomaly-based misbehaviour detection in connected car
backends Pages 1–2 of. IEEE; 2016.
Bolovinou Anastasia, Atmaca Ugur-Ilker, Sheik Al Tariq,
Ur-Rehman Obaid, Wallraf Gerhard, Amditis Angelos, et al. In:
IEEE Intelligent Vehicles Symposium (IV). TARA+:
controllability-aware Threat Analysis and Risk Assessment
for L3 Automated Driving Systems Pages 8–13 of: 2019. IEEE;
2019.
Boudguiga Aymen, Klaudel Witold, Boulanger Antoine,
Chiron Pascal. In: IEEE International Conference on
Communications (ICC). A simple intrusion detection method
for controller area network Pages 1–7 of: 2016. IEEE; 2016.
Brooks Richard R, Sander Sam, Deng Juan, Taiber Joachim.
Automobile security concerns. IEEE Vehicular Technology
Magazine 2009;4(2):52–64.
Burakova Yelizaveta, Hass Bill, Millar Leif, Weimerskirch André .
In: In: 10th USENIX Workshop on Offensive Technologies
(WOOT 16). Truck Hacking: an Experimental Analysis of
the SAE J1939 Standard. ACM; 2016.
Cai Zhiqiang, Wang Aohui, Zhang Wenkai, Gruffke M,
Schweppe H. 0-days & Mitigations: Roadways to Exploit
and Secure Connected BMW Cars. Black Hat USA
2019;2019:39.
Cheah Madeline, Shaikh Siraj A, Bryans Jeremy, Nguyen Hoang
Nga. Combining Third Party Components Securely in
Automotive Systems. Pages 262–269 of: IFIP International
Conference on Information Security Theory and Practice.
Springer, 2016.
Cheah Madeline, Shaikh Siraj A, Haas Olivier, Ruddle Alastair.
Towards a systematic security evaluation of the automotive
Bluetooth interface. Vehicular Communications 2017;9:8–18.
Cheah Madeline, Shaikh Siraj A, Bryans Jeremy, Wooderson Paul.
Building an automotive security assurance case using
systematic security evaluations. Computers & Security
2018;77:360–79.
Checkoway Stephen, McCoy Damon, Kantor Brian,
Anderson Danny, Shacham Hovav, Savage Stefan,
Koscher Karl, Czeskis Alexei, Roesner Franziska,
Kohno Tadayoshi, et al. In: USENIX Security Symposium.
Comprehensive Experimental Analyses of Automotive Attack
Surfaces San Francisco; 2011.
Cho Kyong-Tak, Shin Kang G. In: 25th USENIX Security
Symposium (USENIX Security 16). Fingerprinting Electronic
Control Units for Vehicle Intrusion Detection Pages 911–927
of. USENIX; 2016.
Choi Wonsuk, Joo Kyungho, Jo Hyo Jin, Park Moon Chan, Lee Dong
Hoon. VoltageIDS: Low-Level Communication Characteristics
for Automotive Intrusion Detection System. IEEE Transactions
on Information Forensics and Security 2018;13(8):2114–29.
Dardanelli Andrea, Maggi Federico, Tanelli Mara, Zanero
Stefano, Savaresi Sergio M, Kochanek R, Holz T. A Security
Layer for Smartphone-to-Vehicle Communication Over
Bluetooth. IEEE Embed Syst Lett 2013;5(3):34–7.
Dü rrwang Jü rgen, Braun Johannes, Rumez Marcel,
Intelligent Transport Systems (VEHITS). Red-Zone: towards an
Kriesten Reiner, Pretschner Alexander. Enhancement of
Intrusion Response Framework for Intra-Vehicle System; 2019.
Automotive Penetration Testing with Threat Analyses
Han Mee Lan, Lee Jin, Kang Ah Reum, Kang Sungwook, Park Jung
Results. SAE International Journal of Transportation
Kyu, Kim Huy Kang. In: International Conference on Internet
Cybersecurity and Privacy 2018;1(11–01–02–0005):91–112.
of Vehicles. A statistical-based anomaly detection method for
Eiza Mahmoud Hashem, Ni Qiang. Driving with Sharks:
connected cars in internet of things environment Pages 89–97
Rethinking Connected Vehicles with Vehicle Cybersecurity.
of. Springer; 2015.
IEEE Vehicular Technology Magazine 2017;12(2):45–51.
Han Mee Lan, Kwak Byung Il, Kim Huy Kang. Anomaly intrusion
El-Rewini Zeinab, Sadatsharan Karthikeyan, Selvaraj Daisy
detection method for vehicular networks based on survival
Flora, Plathottam Siby Jose, Ranganathan Prakash.
analysis. Vehicular communications 2018;14:52–63.
Cybersecurity challenges in vehicular communications.
Hasrouny Hamssa, Samhat Abed Ellatif, Bassil Carole,
Vehicular Communications 2019.
Laouiti Anis. VANet security challenges and solutions: a
Engoulou Richard Gilles, Bellaïche Martine, Pierre
survey. Vehicular Communications 2017;7:7–20.
Samuel, Quintero Alejandro. VANET security surveys.
Hazem Ahmed, Fahmy HA. LCAP - A Lightweight CAN
Comput Commun 2014;44:1–13.
Authentication Protocol for Securing In-Vehicle Networks.
Eriksson Benjamin, Groth Jonas, Sabelfeld Andrei. On the road
10th escar Embedded Security in Cars Conference. Escar, 2012.
with third-party apps: security analysis of an in-vehicle app
Henniger Olaf, Apvrille Ludovic, Fuchs Andreas, Roudier Yves,
platform. Proc. 5th Int. Conf. Vehicle Technology and
Ruddle Alastair, Weyl Benjamin. In: 9th International
Intelligent Transport Systems (VEHITS), 2019.
Conference on Intelligent Transport Systems
Foster Ian, Prudhomme Andrew, Koscher Karl, Savage Stefan. In:
Telecommunications,(ITST). Security requirements for
WOOT. Fast and Vulnerable: a Story of Telematic Failures.
automotive on-board networks Pages 641–646 of: 2009. IEEE;
USENIX; 2015.
2009.
Fowler Daniel S, Cheah Madeline, Shaikh Siraj Ahmed,
Herrewege Anthony Van, Singelé e Dave, Verbauwhede Ingrid.
Bryans Jeremy. In: 2017 IEEE International Conference on
CANAuth-a simple, backward compatible broadcast
Software Testing, Verification and Validation (ICST). Towards a
authentication protocol for CAN bus, 2011. ECRYPT; 2011.
Testbed for Automotive Cybersecurity Pages 540–541 of. IEEE;
Hoppe Tobias, Dittman Jana. Sniffing/Replay Attacks on CAN
2017.
Buses: a simulated attack on the electric window lift classified
Fowler Daniel S, Bryans Jeremy, Cheah Madeline,
using an adapted CERT taxonomy. Proceedings of the 2nd
Wooderson Paul, Shaikh Siraj A. In: Pages 1–8 of: 2019 IEEE
workshop on embedded systems security (WESS), 2007.
19th International Conference on Software Quality, Reliability
Hoppe Tobias, Kiltz Stefan, Dittmann Jana. In: International
and Security Companion (QRS-C). A Method for Constructing
Conference on Computer Safety, Reliability, and Security.
Automotive Cybersecurity Tests, a CAN Fuzz Testing
Security threats to automotive CAN networks–practical
Example. IEEE; 2019.
examples and selected short-term countermeasures
Francillon Auré lien, Danev Boris, Capkun Srdjan. Relay attacks
Pages 235–248 of. Springer; 2008.
on passive keyless entry and start systems in modern cars.
Hoppe Tobias, Kiltz Stefan, Dittmann Jana. Applying intrusion
Proceedings of the Network and Distributed System Security
detection to automotive IT-early insights and remaining
Symposium (NDSS). Department of Computer Science, 2011.
challenges. Journal of Information Assurance and Security
Frö schle Sibylle, Stü hring Alexander. In: Pages 464–482 of:
(JIAS) 2009;4(6):226–35.
European Symposium on Research in Computer Security.
Roufa Ishtiaq, Millerb Rob, Mustafaa Hossen, Taylora Travis,
Analyzing the capabilities of the CAN attacker. Springer;
Ohb Sangho, Xua Wenyuan, Gruteserb Marco, Trappeb
2017.
Wade, Seskarb Ivan. Security and privacy vulnerabilities of
Garcia Flavio D, Oswald David, Kasper Timo, Pavlidès Pierre. In:
in-car wireless networks: a tire pressure monitoring system
USENIX Security Symposium. Lock It and Still Lose It-on the
case study. Pages 11–13 of. 19th USENIX Security Symposium
(In) Security of Automotive Remote Keyless Entry Systems;
2010.
2016.
Islam Mafijul Md, Lautenbach Aljoscha, Sandberg Christian,
Gmiden Mabrouka, Gmiden Mohamed Hedi, Trabelsi Hafedh. In:
Olovsson Tomas. A risk assessment framework for automotive
17th International Conference on Sciences and Techniques of
embedded systems. Proceedings of the 2nd ACM International
Automatic Control and Computer Engineering (STA). An
Workshop on Cyber-Physical System Security. ACM, 2016.
intrusion detection method for securing in-vehicle CAN bus
Islam SK Hafizul, Obaidat Mohammad S, Vijayakumar Pandi,
Pages 176–180 of: 2016. IEEE; 2016.
Abdulhay Enas, Li Fagen, Reddy M Krishna Chaitanya. A
Groll Andre, Ruland Christoph. In: 2009 IEEE Intelligent Vehicles
robust and efficient password-based conditional privacy
Symposium. Secure and authentic communication on
preserving authentication and group-key agreement
existing in-vehicle networks Pages 1093–1097 of. IEEE; 2009.
protocol for VANETs. Future Generation Computer Systems
Groza Bogdan, Murvay Stefan. Efficient protocols for secure
2018;84:216–27.
broadcast in controller area networks. IEEE Transactions on
ISO. 2015 (November). ISO 11898-1:2015, Road vehicles – Controller
Industrial Informatics 2013;9(4):2034–42.
area network (CAN). online, accessed 4/11/19.
Groza Bogdan, Murvay Stefan, Herrewege Anthony Van,
https://www.iso.org/standard/63648.html.
Verbauwhede Ingrid. LiBrA-CAN: A Lightweight Broadcast
Jafarnejad Sasan, Codeca Lara, Bronzi Walter, Frank Raphael,
Authentication Protocol for Controller Area Networks.
Engel Thomas. In: Globecom Workshops (GC Wkshps), 2015
ACM Transactions on Embedded Computing Systems
IEEE. A car hacking experiment: when connectivity meets
(TECS) 2017;16(3):90.
vulnerability Pages 1–6 of. IEEE; 2015.
Gupta Maanak, Sandhu Ravi. Authorization Framework for
Kang Min-Joo, Kang Je-Won. Intrusion detection system using
Secure Cloud Assisted Connected Cars and Vehicular Internet
deep neural network for in-vehicle network security. PLoS
of Things. Proceedings of the 23nd ACM on Symposium on
ONE 2016;11(6).
Access Control Models and Technologies. SACMAT ’18. ACM,
Karray Khaled, Danger Jean-Luc, Guilley Sylvain, Elaabid M
2018.
Abdelaziz. In: Cyber-Physical Systems Security. Attack
Halahan Jennifer, Chen Weifeng. Wireless Security Within New
Tree Construction and Its Application to the Connected
Model Vehicles. Journal of Information Warfare
Vehicle Pages 175–190 of. Springer; 2018.
2017;16(3):51–62.
Keen Security Lab of Tencent. 2017 (July). New Car Hacking
Hamad Mohammad, Tsantekidis Marinos, Prevelakis Vassilis. In:
Research: 2017, Remote Attack Tesla Motors Again. online,
the 5th International Conference on Vehicle Technology and
 accessed 7/27/17. https://keenlab.tencent.com/en/2017/07/27/
Li Xiangxue, Yu Yu, Sun Guannan, Chen Kefei. Connected
New-Car-Hacking-Research-2017- Remote-Attack-Tesla-
Vehicles’ Security from the Perspective of the In-Vehicle
Motors-Again/.
Network. IEEE Netw 2018;32(3):58–63.
Khatoun Rida, Zeadally Sherali. Smart cities: concepts,
Lim Bing Shun, Keoh Sye Loong, Thing Vrizlynn LL. In: 2018 IEEE
architectures, research opportunities. Commun ACM
4th World Forum on Internet of Things (WF-IoT). Autonomous
2016;59(8):46–57.
vehicle ultrasonic sensor vulnerability and impact
Khurram Muzaffar, Kumar Hemanth, Chandak Adi,
assessment Pages 231–236 of. IEEE; 2018.
Sarwade Varun, Arora Nitu, Quach Tony. In: 2016 International
Lim Dohyun, Park Kitaek, Choi Dongjun, Seo Jungtaek. In:
Conference on Connected Vehicles and Expo (ICCVE).
International Conference on Broadband and Wireless
Enhancing connected car adoption: security framework Pages
Computing, Communication and Applications. Analysis on
27–28 of. IEEE; 2016.
Attack Scenarios and Countermeasures for Self-driving Car
Kim Seung-Han, Seo Suk-Hyun, Kim Jin-Ho, Moon Tae-Moon,
and Its Infrastructures Pages 429–442 of. Springer; 2016.
Son Chang-Wan, Hwang Sung-Ho, Jeon Jae Wook. In:
Lin Chung-Wei, Sangiovanni-Vincentelli Alberto. In: Cyber
Industrial Informatics, 2008. INDIN 2008. 6th IEEE
Security (CyberSecurity), 2012 International Conference on.
International Conference on. A gateway system for an
Cyber-security for the Controller Area Network (CAN)
automotive system: LIN, CAN, and FlexRay Pages 967–972 of.
communication protocol Pages 1–7 of. IEEE; 2012.
IEEE; 2008.
Ling Congli, Feng Dongqin. In: 2012 National Conference on
Kleberger Pierre, Olovsson Tomas, Jonsson Erland. In: 2011 IEEE
Information Technology and Computer Science. An algorithm
Intelligent Vehicles Symposium (IV). Security aspects of the
for detection of malicious messages on CAN buses. Atlantis
in-vehicle network in the connected car. IEEE; 2011.
Press; 2012.
Kneib Marcel, Huth Christopher. Scission: signal
Liu Jiajia, Zhang Shubin, Sun Wen, Shi Yongpeng. In-vehicle
Characteristic-Based Sender Identification and Intrusion
network attacks and countermeasures: challenges and future
Detection in Automotive Networks. Proceedings of the 2018
directions. IEEE Netw 2017;31(5):50–8.
ACM SIGSAC Conference on Computer and Communications
Lokman Siti-Farhana, Othman Abu Talib,
Security. ACM, 2018.
Abu-Bakar Muhammad-Husaini. Intrusion detection system
Kong Linghe, Khan Muhammad Khurram, Wu Fan, Chen Guihai,
for automotive Controller Area Network (CAN) bus system:
Zeng Peng. Millimeter-wave wireless communications for
a review. EURASIP J Wirel Commun Netw 2019;2019(1):184.
IoT-cloud supported autonomous vehicles: overview, design,
Longari Stefano, Penco Matteo, Carminati Michele,
and challenges. IEEE Communications Magazine
Zanero Stefano. CopyCAN: an Error-Handling Protocol based
2017;55(1):62–8.
Intrusion Detection System for Controller Area Network.
Kornaros George, Bakoyiannis Dimitris, Tomoutzoglou Othon,
Proceedings of the ACM Workshop on Cyber-Physical
Coppola Marcello, Gherardi Giovanni. In: 2019 IEEE
Systems Security & Privacy, 2019.
International Conference on Communications, Control, and
Lu Zhaojun, Qu Gang, Liu Zhenglin. A survey on recent advances
Computing Technologies for Smart Grids (SmartGridComm).
in vehicular network security, trust, and privacy. IEEE
TrustNet: ensuring Normal-world and Trusted-world CAN-
Transactions on Intelligent Transportation Systems 2018:1–17.
bus Networking Pages 1–6 of. IEEE; 2019.
Luo Feng, Hou Shuo. Tech. rept. SAE Technical Paper; 2019.
Koscher Karl, Czeskis Alexei, Roesner Franziska, Patel
Macher Georg, Armengaud Eric, Brenner Eugen, Kreiner Christian.
Shwetak, Kohno Tadayoshi, Checkoway Stephen, McCoy
Threat and risk assessment methodologies in the automotive
Damon, Kantor Brian, Anderson Danny, Shacham Hovav, et
domain. Procedia Comput Sci 2016;83:1288–94.
al. In: Security and Privacy (SP), 2010 IEEE Symposium on.
Maglaras Leandros A. A novel distributed intrusion detection
Experimental security analysis of a modern automobile Pages
system for vehicular ad hoc networks. International Journal of
447–462 of. IEEE; 2010.
Advanced Computer Science and Applications (IJACSA)
Kukkala Vipin Kumar, Pasricha Sudeep, Bradley Thomas. JAMS:
2015;6(4):101–6.
jitter-Aware Message Scheduling for FlexRay Automotive
Makowitz Rainer, Temple Christopher. FlexRay-A communication
Networks. Proceedings of the Eleventh IEEE/ACM
network for automotive control systems. 2006 IEEE
International Symposium on Networks-on-Chip. ACM, 2017.
International Workshop on Factory Communication Systems.
Larson Ulf E, Nilsson Dennis K. Securing vehicles against cyber
IEEE, 2006.
attacks. Proceedings of the 4th annual workshop on Cyber
Malhi Avleen Kaur, Batra Shalini, Pannu Husanbir Singh. Security
security and information intelligence research: developing
of vehicular ad-hoc networks: a comprehensive survey.
strategies to meet the cyber security and information
Computers & Security 2020;89.
intelligence challenges ahead. ACM, 2008.
Maple Carsten, Bradbury Matthew, Le Anh Tuan,
Larson Ulf E, Nilsson Dennis K, Jonsson Erland. In: 2008 IEEE
Ghirardello Kevin. A Connected and Autonomous Vehicle
Intelligent Vehicles Symposium. An approach to
Reference Architecture for Attack Surface Analysis. Applied
specification-based attack detection for in-vehicle networks
Sciences 2019;9(23):5101.
Pages 220–225 of. IEEE; 2008.
Marchetti Mirco, Stabili Dario. In: 2017 IEEE Intelligent Vehicles
Learning About Electronics. 2018
Symposium (IV). Anomaly detection of CAN bus messages
Lee ByungKwan, Jeong EunHee, Jeong YiNa. Message
through analysis of ID sequences Pages 1577–1583 of. IEEE;
Propagation based on Three Types of Density Classification
2017.
for Smooth and Secure Vehicular Traffic Flow. International
Marchetti Mirco, Stabili Dario, Guido Alessandro,
Journal of Multimedia and Ubiquitous Engineering
Colajanni Michele. In: 2016 IEEE 2nd International Forum on
2014;9(12):383–404.
Research and Technologies for Society and Industry
Li Huaxin, Zhao Li, Juliato Marcio, Ahmed Shabbir, Sastry Manoj
Leveraging a better tomorrow (RTSI). Evaluation of anomaly
R, Yang Lily L. Poster: intrusion detection system for
detection for in-vehicle networks through
in-vehicle networks using sensor correlation and integration.
information-theoretic algorithms Pages 1–6 of. IEEE; 2016.
Proceedings of the 2017 ACM SIGSAC Conference on
Martinelli Fabio, Mercaldo Francesco, Nardone Vittoria,
Computer and Communications Security. ACM, 2017.
Santone Antonella. In: 2017 IEEE International Conference on
Lee Hyunsung, Jeong Seong Hoon, Kim Huy Kang. In: 2017
Fuzzy Systems (FUZZ-IEEE). Car hacking identification
15th Annual Conference on Privacy, Security and Trust
through fuzzy logic algorithms Pages 1–7 of. IEEE; 2017.
(PST).
OTIDS: A Novel Intrusion Detection System for In-vehicle
Network by Using Remote Frame Pages 57–5709 of. IEEE; 2017.
Mawonde Kudakwashe, Isong Bassey, Lugayizi Francis,
Palanca Andrea, Evenchick Eric, Maggi Federico, Zanero
Abu-Mahfouz Adnan M. In: IECON 2018-44th
Stefano. In: International Conference on Detection of
Annual
Intrusions and Malware, and Vulnerability Assessment. A
Conference of the IEEE Industrial Electronics Society. A Survey
stealth, selective, link-layer denial-of-service attack against
on Vehicle Security Systems: approaches and Technologies
automotive networks Pages 185–206 of. Springer; 2017.
Pages 4633–4638 of. IEEE; 2018.
Pan Lei, Zheng Xi, Chen HX, Luan T, Bootwala Huzefa,
Mazloom Sahar, Rezaeirad Mohammad, Hunter Aaron,
Batten Lynn. Cyber security attacks to modern vehicular
McCoy Damon. In: 10th USENIX Workshop on Offensive
systems. Journal of information security and applications
Technologies (WOOT 16). A security analysis of an in-
2017;36:90–100.
vehicle infotainment and app platform. USENIX; 2016.
Parkinson Simon, Ward Paul, Wilson Kyle, Miller Jonathan. Cyber
Miller Charlie. Lessons learned from hacking a car. IEEE Design &
threats facing autonomous and connected vehicles: future
Test 2019;36(6):7–9.
challenges. IEEE transactions on intelligent transportation
Miller Charlie, Valasek Chris. Adventures in automotive networks
systems 2017;18(11):2898–915.
and control units. Def Con 2013;21:260–4.
Tyagi Parul, Dembla Deepak. In: 2014 International Conference on
Miller Charlie, Valasek Chris. A survey of remote automotive
Advances in Computing, Communications and Informatics
attack surfaces. black hat USA 2014;2014:94.
(ICACCI). Investigating the security threats in vehicular ad hoc
Miller Charlie, Valasek Chris. Remote exploitation of an unaltered
networks (VANETs): towards security engineering for safer
passenger vehicle. Black Hat USA 2015;2015:91.
on-road transportation. IEEE; 2014.
Moore Michael R, Bridges Robert A, Combs Frank L, Starr Michael
Payne Bryson R. Car Hacking: Accessing and Exploiting the CAN
S, Prowell Stacy J. Modeling inter-signal arrival times for
Bus Protocol. Journal of Cybersecurity Education, Research
accurate detection of CAN bus signal injection attacks: a
and Practice 2019;2019(1):5.
data-driven approach to in-vehicle intrusion detection.
Pekaric Irdin, Sauerwein Clemens, Felderer Michael. Applying
Proceedings of the 12th Annual Conference on Cyber and
Security Testing Techniques to Automotive Engineering.
Information Security Research. ACM, 2017.
Proceedings of the 14th International Conference on
Morris David, Madzudzo Garikayi, Garcia-Perez Alexeis.
Availability, Reliability and Security, 2019.
Cybersecurity and the auto industry: the growing challenges
Petit Jonathan, Shladover Steven E. Potential cyberattacks on
presented by connected cars. International journal of
automated vehicles. IEEE Transactions on Intelligent
automotive technology and management 2018;18(2):105–18.
Transportation Systems 2015;16(2):546–56.
Mü ter Michael, Asaj Naim. In: 2011 IEEE Intelligent Vehicles
Reger Lars. In: 2016 IEEE International Solid-State Circuits
Symposium (IV). Entropy-based anomaly detection for in-
Conference (ISSCC). 1.4 The road ahead for
vehicle networks. IEEE; 2011.
securely-connected cars. IEEE; 2016.
Mü ter Michael, Groll André, Freiling Felix C. In: 2010 Sixth
Rizvi Syed, Willet Jonathan, Perino Donte, Marasco Seth,
International Conference on Information Assurance and
Condo Chandler. A threat to vehicular cyber security and the
Security. A structured approach to anomaly detection for
urgency for correction. Procedia Comput Sci 2017;114:100–
in-vehicle networks. IEEE; 2010.
105.
Narayanan Sandeep Nair, Mittal Sudip, Joshi Anupam. In:
Rubio Juan E, Alcaraz Cristina, Lopez Javier. In: 2018 9th IFIP
2016 IEEE International Conference on Smart Computing
International Conference on New Technologies, Mobility and
(SMARTCOMP). OBD_SecureAlert: an anomaly detection
Security (NTMS). Addressing Security in OCPP: protection
system for vehicles. IEEE; 2016.
Against Man-in-the-Middle Attacks Pages 1–5 of. IEEE; 2018.
Nasser Ahmad, Ma Di. Defending AUTOSAR Safety Critical
Salfer Martin, Eckert Claudia. Attack surface and vulnerability
Systems Against Code Reuse Attacks. Proceedings of the ACM
assessment of automotive Electronic Control Units, 4 Pages
Workshop on Automotive Cybersecurity. ACM, 2019.
317–326 of. IEEE; 2015.
Nie Sen, Liu Ling, Du Yuefeng. Free-Fall: hacking Tesla from
Salfer Martin, Schweppe Hendrik, Eckert Claudia. In:
Wireless to Can Bus. Briefing, Black Hat USA 2017.
International Conference on Information Security. Efficient
Nilsson Dennis K, Larson Ulf E, Jonsson Erland. In: 2008 IEEE 68th
attack forest construction for automotive on-board
Vehicular Technology Conference. Efficient in-vehicle delayed
networks Pages 442–453 of. Springer; 2014.
data authentication based on compound message
Schulze Sandro, Pukall Mario, Saake Gunter, Hoppe Tobias,
authentication codes. IEEE; 2008.
Dittmann Jana. On the Need of Data Management in
Nilsson Dennis K, Larson Ulf E, Picasso Francesco, Jonsson Erland.
Automotive Systems, 144 Pages 217–226 of; 2009.
A first simulation of attacks in the automotive network
Seo Eunbi, Song Hyun Min, Kim Huy Kang. In: 2018 16th Annual
communications protocol flexray. Proceedings of the
Conference on Privacy, Security and Trust (PST). GIDS: GAN
International Workshop on Computational Intelligence in
based Intrusion Detection System for In-Vehicle Network.
Security for Information Systems CISISâAZ08. Springer, 2009.
IEEE; 2018.
Nolte Thomas, Hansson Hans, Bello Lucia Lo. Automotive
Sharma Sparsh, Kaul Ajay. A survey on Intrusion Detection
communications-past, current and future, 1 Pages 8–pp of.
Systems and Honeypot based proactive security mechanisms
IEEE; 2005.
in VANETs and VANET Cloud. Vehicular Communications
Oguma Hisashi, Yoshioka Akira, Nishikawa Makoto,
2018;12:138–64.
Shigetomi Rie, Otsuka Akira, Imai Hideki. In: IEEE GLOBECOM
Sheehan Barry, Murphy Finbarr, Mullins Martin, Ryan Cian.
2008-2008 IEEE Global Telecommunications Conference. New
Connected and autonomous vehicles: a cyber-risk
attestation based security architecture for in-vehicle
classification framework. Transportation Research Part A:
communication Pages 1–6 of. IEEE; 2008.
Policy and Practice 2018.
Olufowobi Habeeb, Hounsinou Sena, Bloom Gedare. Controller
Shrestha Rakesh, Nam Seung Yeob. Regional blockchain for
Area Network Intrusion Prevention System Leveraging
vehicular networks to prevent 51% attacks. IEEE Access
Fault Recovery. Proceedings of the ACM Workshop on
2019;7:95021–33.
Cyber-Physical Systems Security & Privacy, 2019.
Shukla Siddharth. Embedded Security for Vehicles. ECU Hacking;
Othmane L Ben, Fernando Ruchith, Ranchal Rohit,
2016.
Bhargava BHARAT, Bodden Eric. Likelihood of threats to
Smith Craig. The Car Hacker’s Handbook: A Guide For the
connected vehicles. International Journal of Next-Generation
Penetration Tester. No Starch Press; 2016.
Computing (IJNGC) 2014;5(3):1–14.
Song Hyun Min, Kim Ha Rang, Kim Huy Kang. In: 2016
Cyber-Attacks by Identifying Packet Timing Anomalies in
international conference on information networking
Time Windows. IEEE; 2018a.
(ICOIN). Intrusion detection system based on the analysis of
Tomlinson Andrew, Bryans Jeremy, Shaikh S. Towards Viable
time intervals of CAN messages for in-vehicle network. IEEE;
Intrusion Detection Methods For The Automotive
2016.
Controller Area Network. Proc. 2nd Computer Science in
Song Hyun Min, Woo Jiyoung, Kim Huy Kang. In-vehicle network
Cars Symposium-Future Challenges in Artificial Intelligence
intrusion detection using deep convolutional neural network.
Security for Autonomous Vehicles (CSCS 2018), 2018b.
Vehicular Communications 2019;21.
Verdult Roel, Garcia Flavio D, Balasch Josep. Gone in 360 s:
Strandberg Kim, Olovsson Tomas, Jonsson Erland. Securing
hijacking with Hitag2. Pages 237–252 of: Presented as part of
the connected car: a security-enhancement methodology.
the 21st USENIX Security Symposium (USENIX Security 12).
IEEE vehicular technology magazine 2018;13(1):56–65.
USENIX, 2012.
Straub Jeremy, McMillan John, Yaniero Brett,
Verdult Roel, Garcia Flavio D, Ege Baris. In: USENIX Security
Schumacher Mitchell, Almosalami Abdullah, Boatey Kelvin,
Symposium. Dismantling Megamos Crypto: Wirelessly
Hartman Jordan. In: 2017 12th System of Systems Engineering
Lockpicking a Vehicle Immobilizer Pages 703–718 of. USENIX;
Conference (SoSE). CyberSecurity considerations for an
2013.
interconnected self-driving car system of systems. IEEE; 2017.
Voss Wilfried. A Comprehensible Guide to Controller Area
Studnia Ivan, Nicomette Vincent, Alata Eric, Deswarte Yves,
Network. Copperhill Media; 2008.
Kaâ niche Mohamed, Laarouchi Youssef. In: SAFECOMP
Wang Jiadai, Liu Jiajia, Kato Nei. Networking and
2013-workshop CARS (2nd workshop on critical automotive
Communications in Autonomous Driving: a Survey.
applications: robustness & safety) of the 32nd
IEEE Communications Surveys & Tutorials 2018.
international conference on computer safety, reliability
Wang Qiyan, Sawhney Sanjay. In: 2014 International
and security.
Conference on the Internet of Things (IOT). VeCure: a
Security of embedded automotive networks: state of the art
practical security framework to protect the CAN bus of
and a research proposal; 2013.
vehicles Pages 13–18 of. IEEE; 2014.
Studnia Ivan, Alata Eric, Nicomette Vincent, Kaâ niche Mohamed,
Ward David, Ibarra Ireri, Ruddle Alastair. Threat analysis and
Laarouchi Youssef. A language-based intrusion detection
risk assessment in automotive cyber security. SAE
approach for automotive embedded networks. International
International Journal of Passenger Cars-Electronic and
Journal of Embedded Systems 2018;10(1).
Electrical Systems 2013;6(2013–01–1415):507–13.
Takefuji Yoshiyasu. Connected Vehicle Security Vulnerabilities
Woo Samuel, Jo Hyo Jin, Lee Dong Hoon. A practical wireless
[Commentary]. IEEE Technology and Society Magazine
attack on the connected car and security protocol for
2018;37(1):15–18.
in-vehicle CAN. IEEE Transactions on Intelligent
Talib Manar Abu, Abbas Sohail, Nasir Qassim,
Transportation Systems 2015;16(2):993–1006.
Mowakeh Mohamad Fouzi. Systematic literature review on
Woo Samuel, Moon Daesung, Youn Taek-Young, Lee Yousik,
Internet-of-Vehicles communication security. International
Kim Yongeun. CAN ID Shuffling Technique (CIST): Moving
Journal of Distributed Sensor Networks 2018;14(12).
Target Defense Strategy for Protecting In-Vehicle CAN. IEEE
Tang Fengxiao, Kawamoto Yuichi, Kato Nei, Liu Jiajia. Future
Access 2019;7:15521–36.
Intelligent and Secure Vehicular Network Toward 6G:
Wyglinski Alexander M, Huang Xinming, Padir Taskin, Lai Lifeng,
machine-Learning Approaches. Proceedings of the IEEE 2019.
Eisenbarth Thomas R, Venkatasubramanian Krishna. Security
Taylor Adrian, Japkowicz Nathalie, Leblanc Sylvain. In:
of autonomous systems employing embedded computing and
2015 World Congress on Industrial Control Systems
sensors. IEEE micro 2013;33(1):80–6.
Security (WCICSS). Frequency-based anomaly detection
Xiong Wenjun, Lagerströ m Robert. In: 2019 International
for the automotive CAN bus. IEEE; 2015.
Conference on Cyber Situational Awareness, Data Analytics
Taylor Adrian, Leblanc Sylvain, Japkowicz Nathalie. In: 2016 IEEE
And Assessment (Cyber SA). Threat Modeling of Connected
International Conference on Data Science and Advanced
Vehicles: a privacy analysis and extension of vehicleLang.
Analytics (DSAA). Anomaly detection in automobile control
IEEE; 2019.
network data with long short-term memory networks. IEEE;
Yadav Aastha, Bose Gaurav, Bhange Radhika, Kapoor Karan,
2016.
Iyengar Nc, Caytiles Ronnie D. Security, vulnerability and
Tettamanti Tamá s, Varga Istvá n, Szalay Zsolt. Impacts of
protection of vehicular on-board diagnostics. International
autonomous cars from a traffic engineering perspective.
Journal of Security and Its Applications 2016;10(4):405–22.
Periodica Polytechnica. Transportation Engineering
Yadereli Eray, Gemci Cemal, Akta§ A Ziya. A study on
2016;44(4):244.
cyber-security of autonomous and unmanned vehicles. The
The Economist. 2013 (April). How does a self-driving
Journal of Defense Modeling and Simulation 2015;12(4):369–81.
car work?online, accessed 12/05/15. https:
Yan Chen, Xu Wenyuan, Liu Jianhao. Can you trust autonomous
//www.economist.com/blogs/economistexplains/2013/04/
vehicles: contactless attacks against sensors of self-driving
economist-explains-how-self-driving-car-works-driverless.
vehicle. In: DEF CON; 2016. p. 24.
Thing Vrizlynn LL, Wu Jiaxi. In: 2016 IEEE International
Yan Wei. In: Connected Vehicles and Expo (ICCVE), 2015
Conference on Internet of Things (iThings) and IEEE Green
International Conference on. A two-year survey on security
Computing and Communications (GreenCom) and IEEE Cyber,
challenges in automotive threat landscape. IEEE; 2015.
Physical and Social Computing (CPSCom) and IEEE Smart
Yeh Enoch, Choi Junil, Prelcic Nuria G, Bhat Chandra R,
Data (SmartData). Autonomous vehicle security: a taxonomy
Heath Robert W, et al. Tech. rept. University of Texas at
of attacks and defences. IEEE; 2016.
Austin. Data-Supported Transportation Operations; 2018.
Tod Beardsley. 2017 (April). R7-2017-02: hyundai Blue Link Potential
Zhang Yanan, Shi Peiji, Dong Changqing, Liu Yangyang,
Info Disclosure (FIXED). online, accessed 25/04/17.
Shao Xuebin, Ma Chao. In: 2018 IEEE International Conference
https://blog.rapid7.com/2017/04/25/
on Computational Science and Engineering (CSE). Test and
r7-2017-02-hyundai-blue-link-potential-info-disclosure-
Evaluation System for Automotive Cybersecurity Pages 201–
fixed/.
207 of:. IEEE; 2018.
Tomlinson Andrew, Bryans Jeremy, Shaikh Siraj Ahmed,
Zheng Bowen, Lin Chung-Wei, Yu Huafeng, Liang Hengyi, Zhu Qi.
Kalutarage Harsha Kumara. In: 2018 48th Annual IEEE/IFIP
In: 2016 IEEE/ACM International Conference on
International Conference on Dependable Systems and
Computer-Aided Design (ICCAD). CONVINCE: a cross-layer
Networks Workshops (DSN-W). Detection of Automotive CAN
 modeling, exploration and validation framework
Seonghoon Jeong obtained his M.S. degree in
for next-generation connected vehicles. IEEE; 2016.
Information Security from Korea University,
Zhou Jia, Joshi Prachi, Zeng Haibo, Li Renfa.
Seoul, Republic of Korea, in 2017. He is cur-
BTMonitor: bit-time-based Intrusion Detection and
rently a Ph.D. candidate studying at Korea
Attacker
University. His research interests are in the
Identification in Controller Area Network. ACM
areas of data-driven security and network
Transactions on Embedded Computing Systems (TECS)
security, especially on in-vehicle networks.
2019;18(6):1–23.
Zoppelt, Markus, & Kolagari, Ramin Tavakoli. 2019. UnCle
SAM: modeling Cloud Attacks with the Automotive
Security Abstraction Model.
Jo-Hee Park received a B.S. degree in Infor-
Kyounggon Kim received his B.S. degree in
mation Security from Seoul Women’s Uni-
computer science from Soongsil University
versity in 2014. She joined Ernst & Young and
in 2008, and M.S. degree and Ph.D. in School
worked as a cybersecurity consultant from
of Cybersecurity from Korea University in
2014 to 2016. Currently, she is a research en-
2015 and 2020, respectively. He is currently
gineer in Hyundai Motor Company. Her re-
an Assistant Professor at the Department
search interests include hardware hacking,
of Forensics Sciences, Naif Arab University
reverse engineering, wireless network and
for Security and Sciences (NAUSS). He has
in-vehicle cybersecurity.
performed penetration testing for over 130
clients in various industries when he worked
for Deloitte, PwC, and boutique consulting
firms during over 15 years. He was
Huy Kang Kim received a B.S. degree in In-
awarded 6th place at DefCon CTF in 2007
dustrial Management, M.S. degree in Indus-
and a first
trial Engineering and Ph.D. degree in Indus-
prize at the First Hacking Defense Contest hosted by the Korea trial and System Engineering in Korea Ad-
In- formation Security Agency. He has authored a book on vanced Institute of Science and Technol-
Internet hacking and security and has translated numerous ogy (KAIST), Republic of Korea. He is a se-
security books. His research interests include cybercrime and rial entrepreneur; he founded A3 Security
network forensics, vulnerability analysis, smart city security, and Consulting in 1999 and AI Spera, the data-
CPS and IoT secu- rity. driven cyber threat intelligence service
com- pany in 2017. Currently, he is a
Jun Seok Kim received the B.S. degree in
professor in the School of Cybersecurity,
computer science from Sejong University
Korea Uni- versity. His recent research is
in 2015, and M.S. degree in cybersecurity
focused on anomaly detection in the
from Korea University in 2019. He joined De-
intelligent trans-
loitte through 2014 to 2017 and ESCRYPT
portation system, online gaming and internet banking by using
through 2019 to 2020 as cybersecurity con-
data analytics and machine learning techniques.
sultant. Currently, he is a research engineer
in Hyundai Motor Company. His research
interests are reverse engineering, protocol
fuzzing and wireless network in vehicle cy-
bersecurity.