Existing CAN security research lacks a systematic survey, hindering rigorous assessment of attack severity, defense efficacy, and root causes of vulnerabilities—leading to misconceptions such as “CAN is inherently insecure” or “novel bus architectures can fully replace CAN.” Method: This work establishes the first comprehensive CAN security knowledge framework encompassing adversaries, attack vectors, and defense mechanisms; proposes quantitative models for evaluating attack severity and defense effectiveness; and conducts a cross-architectural comparison of three emerging in-vehicle buses via systematic literature analysis and formal security verification. Contribution/Results: We demonstrate that shared security weaknesses across these buses stem from generic design constraints—not CAN-specific limitations. CAN exhibits substantial defensibility, most vulnerabilities are bus-agnostic, and next-generation architectures fail to eliminate foundational issues. Our framework provides both theoretical grounding and practical guidance for automotive communication security research.

For decades, the Controller Area Network (CAN) has served as the primary in-vehicle bus (IVB) and extended its use to many non-vehicular systems. Over the past years, CAN security has been intensively scrutinized, yielding extensive research literature. Despite its wealth, the literature lacks structured systematization, complicating efforts to assess attack severity, defense efficacy, identify security gaps, or root causes. This leaves non experts uncertain about the relevancy of specific attacks or defenses to their systems, inadvertently portraying CAN as irredeemably insecure. Further, the introduction of new IVB technologies--CAN evolutions, add-ons, and alternative buses--with heightened security claims risks fostering the misconception that merely adopting these technologies resolves CAN's security challenges. This paper systematizes existing CAN security knowledge, presenting a comprehensive taxonomy and assessment models of attackers, attacks, and defenses. It identifies replicable attacks and defense gaps, investigating their root causes as inherent, accidental, unique, or universal. It then extrapolates these insights to emerging IVB technologies by formally analyzing three emerging IVBs to identify shared root causes with CAN and assess their ability to close security gaps. The findings challenge common perceptions, demonstrating that CAN is more securable than perceived, that most insecurity root causes are shared across IVBs, and that merely adopting newer IVB technology does not solve persistent security issues. The paper concludes by highlighting future research directions to secure IVB communication down the road.