The CAN bus in the maritime environment – technical overview and cybersecurity vulnerabilities

Kessler, G. C.

doi:10.12716/1001.15.03.05

Artykuł - szczegóły

Tytuł artykułu

The CAN bus in the maritime environment – technical overview and cybersecurity vulnerabilities

Autorzy

Kessler G. C.

Treść / Zawartość

Pełne teksty:

Pobierz

Identyfikatory

DOI

10.12716/1001.15.03.05

Warianty tytułu

Języki publikacji

Abstrakty

The Controller Area Network (CAN) bus standard was developed in the 1980s and is in widespread use in automobile, vehicular, aviation, and other networks. The CAN bus was introduced in the maritime environment with the adoption of the National Marine Electronics Association (NMEA) 2000 standard in the late-1990s. Many papers have been written about the CAN bus protocols and security vulnerabilities but there is sparse literature about use of the CAN bus in the maritime environment. Part I of this paper is a technical overview, describing CAN bus standards and operation, with particular attention to its use with the NMEA 2000 maritime communications standard. Part II of this paper describes security vulnerabilities in terms of loss of confidentiality, integrity, or availability of information (such as eavesdropping, denial-of-service, and spoofing), and mitigations specific to the maritime environment.

Słowa kluczowe

controller area network national marine electronics association cyber security maritime communication standard security vulnerabilities CAN Bus maritime environment

Wydawca

Faculty of Navigation, Gdynia Maritime University

Czasopismo

TransNav : International Journal on Marine Navigation and Safety of Sea Transportation

Rocznik

2021

Tom

Vol. 15 No. 3

Strony

531--540

Opis fizyczny

Bibliogr. 31 poz., rys., tab.

Twórcy

autor

Kessler G. C.

Fathom 5, Ormond Beach, Florida, USA

Bibliografia

1. Actisense: EBL Reader Software, https://www.actisense.com/acti_software/ebl-reader, last accessed 2021/03/01.
2. Anderson, L.C., Luft, L.A.: NMEA 2000® Applied. Presentation at RTCM Meeting, St. Petersburg, FL, May 2002, https://www.nmea.org/Assets/final_rtcm_2002_white_paper.pdf, last accessed 2021/03/01.
3. Applications of Controller Area Network (CAN) Bus: Polytechnic Hub, https://www.polytechnichub.com/applications-controller-area-network-can-bus/, last accessed 2021/03/01.
4. Bozdal, M., Randa, M., Samie, M., Jennions, I.: Hardware Trojan Enabled Denial of Service Attack on CAN Bus. Procedia Manufacturing. 16, 47–52 (2018). https://doi.org/10.1016/j.promfg.2018.10.158.
5. Bozdal, M., Samie, M., Aslam, S., Jennions, I.: Evaluation of CAN Bus Security Challenges. Sensors. 20, 8, (2020). https://doi.org/10.3390/s20082364.
6. Copperhill Technologies: A Brief Introduction to the SAE J1939 Protocol, https://copperhilltech.com/a-brief-introduction-to-the-sae-j1939-protocol/, last accessed 2021/03/01.
7. Corrigan, S.: Introduction to the Controller Area Network (CAN). Texas Instruments Application Report, SLOA 101, https://www.rpi.edu/dept/ecse/mps/sloa101.pdf, last accessed 2021/03/01.
8. CSS Electronics: ICS Alert (ICS-ALERT-17-209-01): CAN Bus Standard Vulnerability. U.S. Department of Homeland Security, https://us-cert.cisa.gov/ics/alerts/ICS-ALERT-17-209-01, last accessed 2021/03/01.
9. CSS Electronics: ICS Alert (ICS-ALERT-19-211-01): CAN Bus Network Implementations in Avionics. U.S. Department of Homeland Security, https://us-cert.cisa.gov/ics/alerts/ics-alert-19-211-01, last accessed 2021/03/01.
10. CSS Electronics: J1939 Explained - A Simple Intro, https://www.csselectronics.com/screen/page /simple-intro-j1939-explained/language/en, last accessed 2021/03/01.
11. Di Natale, M.: Understanding and Using the Controller Area Network. Radical Eye Software, https://inst.eecs.berkeley.edu/~ee249/fa08/Lectures/handout_canbus2.pdf, last accessed 2021/03/01.
12. Farsi, M., Ratcliff, K., Barbosa, M.: An overview of Controller Area Network. Computing & Control Engineering Journal. 10, 3, 113-120(7) (1999).
13. Fenster, C., Lee, G., Whitfield, W.: Machine Learning in Support of Anomalous Device Detection. U.S. Coast Guard Academy, Electrical Engineering Section (2019).
14. Furuno: Furuno CAN Bus Network Design Guide, https://www.furunousa.com/-/media/sites/furuno/document_library/technical_info/interfacing_and_installation/interfacing_and_installation/furuno_can_bus_network_design.pdf, last accessed 2021/03/01.
15. International Organization for Standardization: Road vehicles — Controller area network (CAN) — Part 1: Data link layer and physical signalling. ISO 118981-1. (2015).
16. International Organization for Standardization: Road vehicles — Controller area network (CAN) — Part 2: High-speed medium access unit. ISO 11898-2. (2016).
17. International Organization for Standardization: Road vehicles — Controller area network (CAN) — Part 3: Low-speed, fault-tolerant, medium-dependent interface. ISO 11898-3. (2006).
18. International Organization for Standardization: Road vehicles — Low-speed serial data communication — Part 1: General and definitions. ISO 11519-1. (1994).
19. Kessler, G.C.: An Overview of Cryptography, https://www.garykessler.net/library /crypto.html, last accessed 2021/03/01.
20. Lin, C., Sangiovanni-Vincentelli, A.: Cyber-Security for the Controller Area Network (CAN) Communication Protocol. In: 2012 International Conference on Cyber Security. pp. 1–7 (2012). https://doi.org/10.1109/CyberSecurity.2012.7.
21. Matsumoto, T., Hata, M., Tanabe, M., Yoshioka, K., Oishi, K.: A Method of Preventing Unauthorized Data Transmission in Controller Area Network. In: 2012 IEEE 75th Vehicular Technology Conference (VTC Spring). pp. 1–5 (2012). https://doi.org/10.1109/VETECS.2012.6240294.
22. National Marine Electronics Association (NMEA): NMEA 0183 Interface Standard, https://www.nmea.org/content/STANDARDS/NMEA_0183_Standard, last accessed 2021/03/01.
23. National Marine Electronics Association (NMEA): NMEA 2000® Interface Standard, https://www.nmea.org/content/STANDARDS/NMEA_2000, last accessed 2021/03/01.
24. National Marine Electronics Association (NMEA): OneNet Standard for IP Networking of Marine Electronic Devices, https://www.nmea.org/content/STANDARDS/OneNet, last accessed 2021/03/01.
25. Palanca, A., Evenchick, E., Maggi, F., Zanero, S.: A Stealth, Selective, Link-Layer Denial-of-Service Attack Against Automotive Networks. In: Polychronakis, M. and Meier, M. (eds.) Detection of Intrusions and Malware, and Vulnerability Assessment. pp. 185–206 Springer International Publishing, Cham (2017).
26. Payne, B.: Car Hacking: Accessing and Exploiting the CAN Bus Protocol. Journal of Cybersecurity Education, Research and Practice. 2019, 1, (2019).
27. Pfeiffer, O., Keydel, C.: Challenges of CANopen Node ID assignment, avoiding duplicates. Presented at the 1st International Mobile Machine Control (MMC) Conference (2013).
28. SAE International: SAE J1939 Standards Collection on the Web: Content, https://www.sae.org /standardsdev/groundvehicle/j1939a.htm, last accessed 2021/03/01.
29. U.S. Coast Guard: Cyber Incident Exposes Potential Vulnerabilities Onboard Commercial Vessels. Marine Safety Alert 06-19, https://www.dco.uscg.mil/Portals/9/DCO%20Documents /5p/CG-5PC/INV/Alerts/0619.pdf, last accessed 2021/03/01.
30. Zetter, K.: How digital detectives deciphered Stuxnet, the most menacing malware in history, https://arstechnica.com/tech-policy/news/2011/07/how-digital-detectives-deciphered-stuxnet-the-most-menacing-malware-in-history.ars, last accessed 2021/03/01.
31. Zimmermann, T., Bauer, J., Aschenbruck, N.: CryptoCAN – Ensuring Confidentiality in Controller Area Networks for Agriculture. In: Reinhardt, D., Langweg, H., Witt, B.C., and Fischer, M. (eds.) SICHERHEIT 2020. pp. 79–90 Gesellschaft für Informatik e.V., Bonn (2020). https://doi.org/10.18420/sicherheit2020_06.

Uwagi

Opracowanie rekordu ze środków MNiSW, umowa Nr 461252 w ramach programu "Społeczna odpowiedzialność nauki" - moduł: Popularyzacja nauki i promocja sportu (2021).

Typ dokumentu

Bibliografia

Identyfikator YADDA

bwmeta1.element.baztech-9cdfc8ae-7d9a-4b0e-9c51-b6355a9a0ceb