ReCAN Data - Reverse engineering of Controller Area Networks

Published: 23-01-2020| Version 2 | DOI: 10.17632/76knkx3fzv.2
Mattia Zago,
Stefano Longari,
Andrea Tricarico,
Michele Carminati,
Manuel Gil Pérez,
Gregorio Martinez Perez,
Stefano Zanero


Abstract --------- This article details the methodology and the approach used to extract and decode the data obtained from the Controller Area Network (CAN) buses in three personal vehicles and four commercial trucks. The dataset is composed of two complementary parts, namely the raw data and the decoded ones. Along with the description of the data, this article also reports both hardware and software requirements to firstly extract the data from the vehicles and secondly decode the binary data frames to obtain the actual sensors' data. Finally, necessary code snippets have been described in pseudo-code and will be publicly available in a code repository. Preliminary results suggest that motivated enough actors may intercept, interact and recognize the vehicle data with consumer-grade technology, ultimately refuting, once-again, the security-through-obscurity paradigm used by automotive manufacturer as main defensive countermeasure. Keywords ---------- Automotive; Controller Area Network (CAN); Reverse Engineering; Dataset Type of data ------------- - RAW: CSV files with timestamp, CANline, ECU identifier, binary data - Decoded: CSV files with timestamp, CANline, ECU identifier, variable, value How data where acquired ---------------------------- Controller Area Network (CAN) buses have been accessed using a standard CAN connector and a CANtact board. The CAN Utils library, publicly available in the Linux Kernel, has been used to intercept the network traffic of the vehicle. Sensors data have been decoded using state-of-the-art algorithm. Source code for each step of the analysis is publicly available in the repository, as specified below. Parameters: - Cars: 500k baudrate, connected o the OBD-II port of each vehicle. - Trucks: 500k baudrate, connected both to the OBD-II port and to a second wire into a second CAN bus. Source code ------------- - Repository: ReCAN Source - Reverse engineering of Controller Area Networks - Provider: Github - Identification number: 10.5281/zenodo.3625715 - URL: Acknowledgments -------------------- This study was founded by a predoctoral grant from the Spanish National Cybersecurity Institute (INCIBE) within the program "Ayudas para la Excelencia de los Equipos de Investigación Avanzada en Ciberseguridad" ("Grants for the Excellence of Advanced Cybersecurity Research Teams"), with code INCIBEI-2015-27353; a predoctoral travel grant within the program "Ayudas para estancias en el estranjero de alumnos de doctorado en las líneas de actuación de Campus Mare Nostrum" ("Grants for stays abroad of Ph.D. students within the lines of action of Campus Mare Nostrum'').


Steps to reproduce

Phase 1: Using consumer-grade hardware we accessed the Controller Area Network (CAN) buses of three vehicles. CSV files contain the binary sequence for each CANline and identifier in the experiment time window. Phase 2: Raw data have been decoded and interpreted with well-known and previously validated algorithms to identify the sensors' variables. Decoded CSV files contain the sequence of values for each variable, identifier and CANline in the experiment time window. The code is fully available in the Source Code repository.