Abstract
The Controller Area Network (CAN) is the most used standard for communication inside vehicles. CAN relies on frame broadcast to exchange data payloads between different Electronic Control Units (ECUs) which manage critical or comfort functions such as cruise control or air conditioning. CAN is distinguished by its simplicity, its real-time application compatibility and its low deployment cost. However, CAN major drawback is its lack of security support. Indeed, CAN does not provide protections against attacks such as intrusion, injection or impersonation. In this work, we propose a framework for CAN security based on Trivium and Grain, two well-known lightweight stream ciphers. We define a simple authentication and key exchange protocol for ECUs. In addition, we extend CAN with the support of confidentiality and integrity for at least critical frames.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
All new automotive microcontrollers come with a secure memory area dedicated to keys storage. Freescale McKinley, Infineon AURIX or Boundary Devices Nitrogen6X and Sabrelite are examples of such microcontrollers.
- 2.
Note that same SIMD instruction sets exist also for ARM architecture. They are called Scalable Vector Extension (SVE).
References
Robert, C.: This car runs on code. http://spectrum.ieee.org/transportation/systems/this-car-runs-on-code
Bosch: CAN Specification Version 2.0, September 1991
Hoppe, T., Kiltz, S., Dittmann, J.: Security threats to automotive CAN networks - practical examples and selected short-term countermeasures. In: Proceedings of the 27th International Conference on Computer Safety, Reliability, and Security (SAFECOMP 2008) (2008)
Nilsson, D.K., Larson, U.E.: Simulated attacks on CAN buses: vehicle virus. In: Proceedings of the Fifth International Conference on Communication Systems and Networks (AsiaCSN 2008) (2008)
Koscher, K., et al.: Experimental security analysis of a modern automobile. In: Proceedings of the 2010 IEEE Symposium on Security and Privacy (2010)
Checkoway, S., et al.: Comprehensive experimental analyses of automotive attack surfaces. In: Proceedings of the 20th USENIX Conference on Security
Schneider, D.: Jeep hacking 101
Tencent Keen Security Lab: Experimental security research of tesla autopilot
De Cannière, C., Preneel, B.: Trivium. In: Robshaw, M., Billet, O. (eds.) New Stream Cipher Designs. LNCS, vol. 4986, pp. 244–266. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-68351-3_18
Ågren, M., Hell, M., Johansson, T., Meier, W.: Grain-128a: a new version of grain-128 with optional authentication. IJWMC 5, 48–59 (2011)
Oguma, H., Yoshioka, A., Nishikawa, M., Shigetomi, R., Otsuka, A., Imai, H.: New attestation based security architecture for in-vehicle communication. In: IEEE Global Telecommunications Conference (GLOBECOM 2008) (2008)
Szilagyi, C., Koopman, P.: Flexible multicast authentication for time-triggered embedded control network applications. In: 2009 IEEE/IFIP International Conference on Dependable Systems Networks (2009)
Schweppe, H., Roudier, Y., Weyl, B., Apvrille, L., Scheuermann, D.: Car2X communication: securing the last meter -A cost-effective approach for ensuring trust in Car2X applications using in-vehicle symmetric cryptography. In: 4th IEEE International Symposium on Wireless Vehicular Communications (WiVeC 2011) (2011)
Lin, C.W., Sangiovanni-Vincentelli, A.: Cyber-security for the Controller Area Network (CAN) communication protocol. In: 2012 International Conference on Cyber Security (CyberSecurity 2012) (2012)
Groza, B., Murvay, S., van Herrewege, A., Verbauwhede, I.: LiBrA-CAN: a lightweight broadcast authentication protocol for controller area networks. In: Pieprzyk, J., Sadeghi, A.-R., Manulis, M. (eds.) CANS 2012. LNCS, vol. 7712, pp. 185–200. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-35404-5_15
Groza, B., Murvay, S.: Efficient Protocols for secure broadcast in controller area networks. IEEE Trans. Industr. Inf. 9(4), 2034–2042 (2013)
Perrig, A., Canetti, R., Song, D., Tygar, J.D.: Efficient and secure source authentication for multicast. In: 2001 Network and Distributed System Security Symposium, pp. 35–46 (2001)
Hoppen, T., Kiltz, S., Dittmann, J.: Security threats to automotive CAN networks-Practical examples and selected short-term countermeasures. Reliab. Eng. Syst. Saf. 96(1), 11–25 (2011)
Kleberger, P., Olovsson, T., Jonsson, E.: Security aspects of the in-vehicle network in the connected car. In: 2011 IEEE Intelligent Vehicles Symposium, pp. 528–533, June 2011
Larson, U., Nilsson, D., Jonsson, E.: An approach to specification-based attack detection for in-vehicle networks. In: 2008 IEEE Intelligent Vehicles Symposium, pp. 220–225, June 2008
Hoppe, T., Kiltz, S., Dittmann, J.: Adaptive dynamic reaction to automotive IT security incidents using multimedia car environment. In: Fourth International Conference on Information Assurance and Security (ISA 2008) (2008)
Boudguiga, A., Klaudel, W., Boulanger, A., Chiron, P.: A simple intrusion detection method for controller area network. In: 2016 IEEE International Conference on Communications (ICC), pp. 1–7, May 2016
Nürnberger, S., Rossow, C.: – vatiCAN – Vetted, authenticated CAN bus. In: Gierlichs, B., Poschmann, A.Y. (eds.) CHES 2016. LNCS, vol. 9813, pp. 106–124. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53140-2_6
Groza, B., Popa, L., Murvay, P.-S.: INCANTA - INtrusion detection in controller area networks with time-covert authentication. In: Hamid, B., Gallina, B., Shabtai, A., Elovici, Y., Garcia-Alfaro, J. (eds.) CSITS/ISSA -2018. LNCS, vol. 11552, pp. 94–110. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-16874-2_7
Bella, G., Biondi, P., Costantino, G., Matteucci, I.: TOUCAN: a protocol to secure controller area network. In: Proceedings of the ACM Workshop on Automotive Cybersecurity, AutoSec 2019, pp. 3–8. ACM, New York (2019)
Dolev, D., Yao, A.: On the security of public key protocols. IEEE Trans. Inform. Theory 29, 198–208 (1983)
ETSI TS 102 893 v1.1.1: Intelligent Transport Systems (ITS); Security; Threat, Vulnerability and Risk Analysis (TVRA). ETSI WG5 Technical report, pp. 1–29, March 2010
Henniger, O., Apvrille, L., Fuchs, A., Roudier, Y., Ruddle, A., Weyl, B.: Security requirements for automotive on-board networks. In: 2009 9th International Conference on Intelligent Transport Systems Telecommunications, pp. 641–646, October 2009
Monteuuis, J.P., Boudguiga, A., Zhang, J., Labiod, H., Servel, A., Urien, P.: Sara: Security automotive risk analysis method. In: Proceedings of the 4th ACM Workshop on Cyber-Physical System Security, CPSS 2018, pp. 3–14. ACM, New York (2018)
Boudguiga, A., Boulanger, A., Chiron, P., Klaudel, W., Labiod, H., Seguy, J.C.: RACE: risk analysis for cooperative engines. In: 7th International Conference on New Technologies, Mobility and Security (NTMS 2015) (2015)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Boudguiga, A., Letailleur, J., Sirdey, R., Klaudel, W. (2019). Enhancing CAN Security by Means of Lightweight Stream-Ciphers and Protocols. In: Romanovsky, A., Troubitsyna, E., Gashi, I., Schoitsch, E., Bitsch, F. (eds) Computer Safety, Reliability, and Security. SAFECOMP 2019. Lecture Notes in Computer Science(), vol 11699. Springer, Cham. https://doi.org/10.1007/978-3-030-26250-1_19
Download citation
DOI: https://doi.org/10.1007/978-3-030-26250-1_19
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-26249-5
Online ISBN: 978-3-030-26250-1
eBook Packages: Computer ScienceComputer Science (R0)