An Approach to using Honeypots in In-Vehicle Networks Vilhelm Verendel, Dennis K. Nilsson, Ulf E. Larson, Erland Jonsson Department of Computer Science and Engineering Chalmers University of Technology SE-412 96 Gothenburg, Sweden Email: {vive,dennis.nilsson,ulf.larson,erland.jonsson}@chalmers.se Abstract— An emerging trend among automobile manufacturers is to introduce wireless technology in the vehicles. By allowing wireless communication, real-time information exchange between vehicles as well as between infrastructure and vehicles becomes a reality. This communication allows for road condition reporting, decision making, and remote diagnostics and firmware updates over-the-air, creating a complex critical infrastructure involving vehicles, road-side equipment, and firmware issuers. Allowing external parties wireless access to the vehicle creates a potential entry-point for cyber attacks. Since the safety of the driver depends on correct vehicle operation it is of utmost importance that the in-vehicle network is sufficiently protected against attacks. If we can learn the attackers’ preferences, techniques, and weaknesses in existing systems, we can use this information to design security solutions for the in-vehicle network. In this paper, we present and discuss the use of honeypots as a means of collecting such attacker information. We show how to design a vehicle honeypot, how to gather data from attackers, and discuss how to process and analyze the gathered data. Furthermore, we provide a discussion where we highlight important issues related to using honeypots in vehicles. I. I NTRODUCTION Modern vehicles typically contain 50-70 embedded com- puters forming in-vehicle networks which are responsible for most vehicle functionality including cruise control, GPS navigation, and parking assistance. Recent advances in wire- less technology have allowed for improved connectivity with vehicles. Emerging trends are infrastructure-to-vehicle and vehicle-to-vehicle communication to provide road and traffic condition information, and remote diagnostics and firmware updates over-the-air. This development creates a complex critical infrastructure involving vehicles, road-side equipment, and firmware issuers which exposes the previously isolated in- vehicle networks to a whole new range of threats collectively known as cyber attacks. The traditional in-vehicle network has a robust foundation for protecting the safety of the vehicle and the driver. However, protection against deliberate attacks has not yet been required and is therefore practically non-existent. Since it is highly plausible that attackers will attempt to subvert the wireless infrastructure and the in-vehicle networks when opportunity is raised, security protection is of utmost importance. Further- more, in contrast to non-critical systems, attacks may have severe consequences for the drivers, e.g. vehicle crashes, and therefore prevention and early detection of attacks becomes a critical activity. However, prevention and detection require knowledge of attacker behavior and how attacks manifest themselves in the vehicle. A commonly used method to collect attack data for threats on the Internet is to deploy a honeypot system to attract attackers and to subsequently study and learn their behavior. In this paper, we investigate how honeypots can be a vital component in the process of creating a secure wireless infrastructure for vehicle communication. The main contributions of this paper are as follows: • We propose a design solution for a vehicle honeypot, and develop three vehicle simulation models. • We describe an operational scenario which illustrates how the vehicle honeypot can be used for gathering attack data, and how the data subsequently can be analyzed at a processing center. • We provide a detailed discussion on vehicle honeypots which highlights important issues and possible limitations of our approach. The remainder of the paper is outlined as follows: Section II discusses related work in the field of in-vehicle security. Section III introduces the honeypot concept, the wireless infrastructure, and the structure of the in-vehicle network, and Section IV introduces the vehicle honeypot design and the operational scenario. Furthermore, in Section V we discuss important observations regarding the vehicle honeypot con- cept, in Section VI we outline and discuss future work, and in Section VII, the paper is concluded. II. RELATED WORK Earlier research on the in-vehicle network has mainly fo- cused on safety issues; therefore, the available literature on security aspects is scarce. The few items of related work that do address the security aspects are presented below. Wolf et al. [1] present several weaknesses in the CAN and FlexRay bus protocols. Weaknesses include confidentiality and authenticity problems. However, the paper does not give any specific attack examples. Hoppe et al. [2] give an example of a combined sniffing and replay attack on the CAN bus. This attack is simulated in a tool, and shows how the ECUs can be attacked. The paper does not describe other types of attacks. Lang et al. [3] describe a simulated sniffing and replay attack on the CAN bus and the implications of such an attack. A number of safety-related aspects are discussed but the discussion about the actions an attacker can take is limited. 978-1-4244-1722-3/08/$25.00 ©2008 IEEE. 1