Practical Security Exploits of the FlexRay In-Vehicle Communication Protocol

  • Pal-Stefan MurvayEmail author
  • Bogdan Groza
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11391)


The ever increasing number of electronic control units inside a car demanded more complex buses with higher bandwidth capacities. But even the more recently designed in-vehicle network protocols, e.g., FlexRay, were engineered in thse absence of security concerns and thus they are highly vulnerable to adversarial interventions. In this work, we study the FlexRay protocol specification to identify features that can be used to mount various attacks. The attacks exploit both the physical layer and the data-link layer of the protocol to discard messages from the bus, i.e., DoS attacks, or to spoof messages by inserting adversarial frames and later discarding the genuine frames. We illustrate the feasibility of these attacks on an experimental setup composed of several FlexRay nodes implemented on automotive-grade controllers. While these attacks may not be a surprise, recognizing them may be relevant in preventing potential future exploits.


Security FlexRay Attacks DoS Automotive 



This work was supported by a grant of the Romanian Ministry of Research and Innovation, CNCS - UEFISCDI, project number PN-III-P1-1.1-PD-2016-1198, within PNCDI III.


  1. 1.
    FlexRay Communications System - Electrical Physical Layer Specification, Version 3.0.1. Standard, FlexRay Consortium (2010)Google Scholar
  2. 2.
    FlexRay Communications System - Protocol Specification, Version 3.0.1. Standard, FlexRay Consortium (2010)Google Scholar
  3. 3.
    Armengaud, E., Steininger, A., Horauer, M.: Automatic parameter identification in FlexRay based automotive communication networks. In: IEEE Conference on Emerging Technologies and Factory Automation, ETFA 2006, pp. 897–904. IEEE (2006)Google Scholar
  4. 4.
    Checkoway, S., McCoy, D., Kantor, B., et al.: Comprehensive experimental analyses of automotive attack surfaces. In: USENIX Security Symposium (2011)Google Scholar
  5. 5.
    Cho, K.T., Shin, K.G.: Error handling of in-vehicle networks makes them vulnerable. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 1044–1055. ACM (2016)Google Scholar
  6. 6.
    Heinz, M., Höss, V., Müller-Glaser, K.D.: Physical layer extraction of FlexRay configuration parameters. In: IEEE/IFIP International Symposium on Rapid System Prototyping, RSP 2009, pp. 173–180. IEEE (2009)Google Scholar
  7. 7.
    Huse, M.I.: FlexRay analysis, configuration parameter estimation, and adversaries. Master’s thesis, NTNU (2017)Google Scholar
  8. 8.
    ISO: 17458-1, Road vehicles - FlexRay communications system - part 1: general information and use case definition. Standard, International Organization for Standardization (2013)Google Scholar
  9. 9.
    ISO: 17458-2, Road vehicles - FlexRay communications system - part 2: data link layer specification. Standard, International Organization for Standardization (2013)Google Scholar
  10. 10.
    ISO: 17458-4, Road vehicles - FlexRay communications system - part 4: electrical physical layer specification. Standard, International Organization for Standardization (2013)Google Scholar
  11. 11.
    Koscher, K., Czeskis, A., Roesner, F., et al.: Experimental security analysis of a modern automobile. In: 2010 IEEE Symposium on Security and Privacy (SP), pp. 447–462. IEEE (2010)Google Scholar
  12. 12.
    Miller, C., Valasek, C.: Adventures in automotive networks and control units. DEF CON 21, 260–264 (2013)Google Scholar
  13. 13.
    Murvay, P.S., Groza, B.: DoS attacks on controller area networks by fault injections from the software layer. In: Proceedings of the 12th International Conference on Availability, Reliability and Security (ARES 2017), 3rd International Workshop on Secure Software Engineering (2017)Google Scholar
  14. 14.
    Nilsson, D.K., Larson, U.E., Picasso, F., Jonsson, E.: A first simulation of attacks in the automotive network communications protocol FlexRay. In: Corchado, E., Zunino, R., Gastaldo, P., Herrero, Á. (eds.) Proceedings of the International Workshop on Computational Intelligence in Security for Information Systems CISIS’08. ASC, vol. 53. Springer, Heidelberg (2009). Scholar
  15. 15.
    Palanca, A., Evenchick, E., Maggi, F., Zanero, S.: A stealth, selective, link-layer denial-of-service attack against automotive networks. In: Polychronakis, M., Meier, M. (eds.) DIMVA 2017. LNCS, vol. 10327, pp. 185–206. Springer, Cham (2017). Scholar
  16. 16.
    Wolf, M., Weimerskirch, A., Paar, C.: Security in automotive bus systems. In: Workshop on Embedded Security in Cars (2004)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.Department of Automation and Applied InformaticsPolitehnica University of TimisoaraTimisoaraRomania

Personalised recommendations