CAN ID Shuffling Technique (CIST): Moving Target Defense Strategy for Protecting In-Vehicle CAN

New vehicles have become increasingly targeted for cyber-attacks as their rate of digitalization is accelerated. Research on vehicle hacking has highlighted the security vulnerabilities of in-vehicle controller area networks (CANs) as the biggest problem. In particular, a CAN does not offer access control, authentication, or confidentiality, so it fails to prevent reconnaissance operations conducted by an adversary. Because its static configuration (CAN ID, data frame transmission cycle, and data field format) is used in an in-vehicle network environment, the adversary can conduct reconnaissance and easily acquire information to be used for an attack. One of the moving target defense strategies, network address shuffling (NAS), is an extremely practical security solution that can prevent in-vehicle CAN reconnaissance acts. In this paper, we propose a CAN ID shuffling technique using NAS. Our proposed security solution aims to increase the cost burden for the adversary to analyze CAN data frames. To evaluate the performance of the proposed security solution, we conducted an evaluation based on a labcar. Our proposed security solution may be implemented without altering the unique characteristics of the CAN standard. Hence, it can be used as a practical countermeasure to solve the problems affecting in-vehicle CANs.