In a vehicular communication network, different Electronic Control Units (ECUs) of various components (such as the ignition, a steering wheel, transmission, gear controller, power controller, a vehicle control system, wheels, the display device, a braking system, wireless signal receiver, satellite positioning receiver, power source, and the like) may communicate with each other using the Controller Area Network (CAN) standard. This CAN standard is a message-based protocol designed to allow the microcontroller of the ECUs and other devices to communicate with each other in applications without a host computer. Positioned at each CAN node of the communication network, each ECU is ab e to send and receive messages, but not simultaneously. The CAN data transmission uses a lossless bit-wise arbitration method of contention resolution, where each frame possesses different priority levels as indicated by an arbitration field within the message (frame). Each message or frame includes a CAN identifier (ID) within the arbitration filed along with other information, such as, a control field, data field, cyclic redundancy check (CRC), acknowledgment (ACK) bits (including the ACK Slot bit and the ACK Delimiter bit) and other overhead. In case of an conflict, the arbitration method dictates that the message with the highest priority CAN ID is allowed to transmit.
Trouble arises when a hacker chooses to connect the CAN network, injecting invalid (falsified) messages (commands) having higher priority CAN IDs. At this point, the hacker is able to manipulate, for example, the car's engine, brakes, and security systems by wirelessly tapping into the CAN or any associated network coupled thereto. Further, by flooding the CAN network with a multiplicity of invalid messages, a hacker can stop valid messages from transmitting on the bus, which can cause severe issues. For example, when a hacker continues to flood the CAN bus with higher priority CAN IDs while the car is not on, the hacker may disable the car's ignition amongst many other functions. Further, flooding the CAN bus may result in starvation of required and expected periodic messages associated with a group of ECUs, forcing these to crash as well. It is within this context that the embodiments arise.