It has been almost a decade since it was theorized that passenger vehicles could be remotely controllable by a malicious adversary. Lately, Charlie Miller and Chris Valasek demonstrated practical attacks on in-vehicle networks of passenger cars which could lead to severe consequences for both the vehicle and the driver. When it comes to heavy duty and commercial utility automobile the additional financial risk is always involved as such vehicles are regularly involved in critical functions like goods carriage, construction etc. Such attacks can adversely affect multiple stakeholders, vendors, commercial firms, truckers, and OEMs begin some of them. In this project, we explore the in-vehicle communication security aspects of commercial vehicles. In particular, we investigate security weaknesses of the SAE J1939 protocol stack and propose practically deployable solutions to counter some of the impending threats.


  • Cyber assurance of heavy trucks is a major concern with new designs as well as with supporting legacy systems.
  • Many cybersecurity experts and analysts are used to working with traditional IT networks and are familiar with a set of technologies that may not be directly useful in the commercial vehicle sector.
  • Security solutions should meet the real-time and resource constraints typically associated with automotive networking.
  • Adaptability to dynamic configurations of the commercial vehicle like those seen in trailers and marine systems.

Research Objectives

  • Prototype a remotely accessible testbed using actual hardware, sensor simulation, CAN, and J1939.
  • Exploit the openness of the CAN network and the J1939 protocol specifications.
  • Experiment with attack vectors, such as the potential vulnerabilities related to telematics units.
  • Investigate the capability needs of an intrusion detection system.

Recipient of the platinum award in CSU Ventures: Drivers of Innovation category at the CSU graduate showcase. Here is a poster that details on some aspects of our research.