Refined Attack Categorization and Risk Assessment for Automotive CAN Bus: Application on Instrument Panel Cluster

The improvement of technology leads to more complicated systems in the automotive industry, necessitating new security requirements for critical functions of emerging features. The Controller Area Network (CAN) bus, a significant communication protocol used in vehicles, enables data exchange between various electronic control units (ECUs). Despite its common application, the CAN bus is vulnerable to a wide range of cyberattacks due to its lack of built-in security features. This paper focuses on the security of the CAN bus, particularly the potential attack vectors targeting the instrument panel cluster (IPC) via the CAN bus. Different types of attacks are analyzed, and a CAN bus specific attack framework is proposed, including eavesdropping, spoofing, data insertion, protocol, authentication, denial of service attacks (ESDPAD). These attacks are evaluated based on their impact on vehicle safety and functionality using Threat Analysis and Risk Assessment (TARA) method. Attack vectors identified in the TARA are performed on a test setup to see the impacts on the IPC.