Counter Attacks for Bus-off Attacks

  • Daisuke SoumaEmail author
  • Akira Mori
  • Hideki Yamamoto
  • Yoichi Hata
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11094)


Recent automotive systems are increasingly complex and networked. The situation has given rise to various cyber-attack methods. Cho and Shin introduced a new type of Denial of Service (DoS) attacks called bus-off attacks [2], which abuses certain properties of Control Area Network (CAN) used for vehicle control. They not only introduced a novel software based attack method but also proposed a countermeasure which resets the victim node to keep it from going into the disabled state. However, their countermeasure could not avoid unintended effects caused by the attack. In this paper, we propose a novel countermeasure for the bus-off attacks introduced by Cho and Shin. The method forces the node that started the bus-off attack into the disabled state in a way similar to the original bus-off attack. We have implemented the countermeasure and evaluated it in a real car environment to show the effectiveness of the method.


In-vehicle network Control Area Network (CAN) Bus-off attack Countermeasure 


  1. 1.
    Checkoway, S., et al.: Comprehensive experimental analyses of automotive attack surfaces. In: 20th USENIX Conference on Security (2011)Google Scholar
  2. 2.
    Cho, K., Shin, K.G.: Error handling of in-vehicle networks makes them vulnerable. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. ACM (2016)Google Scholar
  3. 3.
    Dagan, T., Wool, A.: Parrot, a software-only anti-spoofing defense system for the CAN bus. In: 5th Embedded Security in Cars (ESCAR Europe) (2016)Google Scholar
  4. 4.
    Dagan, T., Wool, A.: Testing the boundaries of the Parrot anti-spoofing defense system. In: 5th Embedded Security in Cars (ESCAR USA) (2017)Google Scholar
  5. 5.
    Hamada, Y., Inoue, M., Horihata, S., Kamemura, A.: Intrusion detection by density estimation of reception cycle periods for in-vehicle networks: a proposal. In: Presented at the 14th ESCAR Europe Conference, 16–17 November 2016Google Scholar
  6. 6.
    Hartkopp, O., Reuber, C., Schilling, R.: MaCAN - message authenticated CAN. In: Embedded Security in Cars (ESCAR) 2012, Berlin, Germany, November 2012Google Scholar
  7. 7.
    ISO 11898:2015 Road vehicles - Controller area network (CAN) (2015)Google Scholar
  8. 8.
    Koscher, K., et al.: Experimental security analysis of a modern automobile. In: 2010 IEEE Symposium on Security and Privacy (SP), pp. 447–462. IEEE (2010)Google Scholar
  9. 9.
    Kameoka, R., Kubota, T., Shiozaki, M., Shirahata, M., Kurachi, R., Fujino, T.: Bus-off attack against CAN ECU using stuff error injection from Raspberry Pi. In: Proceedings of Symposium on Cryptography and Information Security (SCIS), Japan (2017). (in Japaneses)Google Scholar
  10. 10.
    Lin, C.W., Sangiovanni-Vincentelli, A.: Cyber-security for the controller area network (CAN) communication protocol. ASE Sci. J. 1(2), 80–92 (2012)Google Scholar
  11. 11.
    Muter, M., Asaj, N.: Entropy-based anomaly detection for in-vehicle networks. In: IEEE Intelligent Vehicle Symposium, pp. 1110–1115 (2011)Google Scholar
  12. 12.
    Matsumoto, T., Hata, M., Tanabe, M., Yoshioka, K., Oishi, K.: A method of preventing unauthorized data transmission in controller area network. In: IEEE Vehicular Technology Conference (VTC Spring), pp. 1–5. IEEE (2012)Google Scholar
  13. 13.
    Miller, C., Valasek, C.: Adventures in automotive networks and control units. DEFCON 21, 260–264 (2013)Google Scholar
  14. 14.
    Miller, C., Valasek, C.: A survey of remote automotive attack surfaces. Black Hat USA (2014)Google Scholar
  15. 15.
    Miller, C., Valasek, C.: Remote exploitation of an unaltered passenger vehicle. Black Hat USA (2015)Google Scholar
  16. 16.
    Markovitz, M., Wool, A.: Field classification, modeling and anomaly detection in unknown CAN bus networks. In: Presented at the 13th ESCAR Europe Conference, 11–12 November 2015Google Scholar
  17. 17.
    Nie, S., Liu, L., Du, Y.: Free-fall: hacking TESLA from wireless to CAN bus. Black Hat USA (2016)Google Scholar
  18. 18.
    Nilsson, D.K., Larson, U.E., Jonsson, E.: Efficient in-vehicle delayed data authentication based on compound message authentication codes. In: Vehicular Technology Conference VTC (2008)Google Scholar
  19. 19.
    Palanca, A., Evenchick, E., Maggi, F., Zanero, S.: A stealth, selective, link-layer denial-of-service attack against automotive networks. In: Polychronakis, M., Meier, M. (eds.) DIMVA 2017. LNCS, vol. 10327, pp. 185–206. Springer, Cham (2017). Scholar
  20. 20.
    Song, H.M., Kim, H.R., Kim, H.K.: Intrusion detection system based on the analysis of time intervals of CAN messages for in-vehicle network. In: ICOIN (2016)Google Scholar
  21. 21.
    Taylor, A., Japkowicz, N.: Frequency-based anomaly detection for the automotive CAN bus. In: WCICSS (2015)Google Scholar
  22. 22.
    Wasicek, A., Pese, M., Weimerskirch, A., Burakova, Y., Singh, K.: Context-aware intrusion detection in automotive control system. In: Presented at the 5th ESCAR USA Conference, USA, 21–22 June 2017Google Scholar
  23. 23.
    Wolf, M., Weimerskirch, A., Paar, C.: Secure in-vehicle communication. In: Lemke, K., Paar, C., Wolf, M. (eds.) Embedded Security in Cars, pp. 95–109. Springer, Heidelberg (2006). Scholar

Copyright information

© Springer Nature Switzerland AG 2018

Authors and Affiliations

  • Daisuke Souma
    • 1
    Email author
  • Akira Mori
    • 1
  • Hideki Yamamoto
    • 1
    • 2
  • Yoichi Hata
    • 1
    • 2
  1. 1.National Institute of Advanced Industrial Science and TechnologyIkedaJapan
  2. 2.Sumitomo Electric Industries, Ltd.OsakaJapan

Personalised recommendations