skip to main content
research-article

LiBrA-CAN: Lightweight Broadcast Authentication for Controller Area Networks

Published: 06 April 2017 Publication History

Abstract

Despite realistic concerns, security is still absent from vehicular buses such as the widely used Controller Area Network (CAN). We design an efficient protocol based on efficient symmetric primitives, taking advantage of two innovative procedures: splitting keys between nodes and mixing authentication tags. This results in a higher security level when compromised nodes are in the minority, a realistic assumption for automotive networks. Experiments are performed on state-of-the-art Infineon TriCore controllers, contrasted with low-end Freescale S12X cores, while simulations are provided for the recently released CAN-FD standard. To gain compatibility with existent networks, we also discuss a solution based on CAN+.

References

[1]
H. Bar-El. 2009. Intra-vehicle information security framework. In Proceedings of 9th Embedded Security in Cars Conference (ESCAR’09).
[2]
S. Bittl. 2014. Attack potential and efficient security enhancement of automotive bus networks using short MACs with rapid key change. In Communication Technologies for Vehicles. Springer, 113--125.
[3]
D. Boneh, G. Durfee, and M. Franklin. 2001. Lower bounds for multicast message authentication. In Advances in Cryptology (EUROCRYPT’01). Springer, 437--452.
[4]
A. Bruni, M. Sojka, F. Nielson, and H. R. Nielson. 2014. Formal security analysis of the MaCAN protocol. In Integrated Formal Methods. Springer, 241--255.
[5]
R. Canetti, J. Garay, G. Itkis, D. Micciancio, M. Naor, and B. Pinkas. 1999. Multicast security: A taxonomy and some efficient constructions. In Proceedings of 18th Annual Joint Conference of the IEEE Computer and Communications Societies (INFOCOM’99), Vol. 2. IEEE, 708--716.
[6]
G. Cena and A. Valenzano. 1999. Overclocking of controller area networks. Electronics Letters 35, 22 (Oct. 1999), 1923--1925.
[7]
H. Chan, A. Perrig, and D. Song. 2003. Random key predistribution schemes for sensor networks. In Proceedings of the IEEE Symposium on Security and Privacy. IEEE, 197--213.
[8]
L. S. Charlap, H. D. Rees, and D. P. Robbins. 1990. The asymptotic probability that a random biased matrix is invertible. Discrete Mathematics 82, 2 (1990), 153--163.
[9]
S. Checkoway, D. McCoy, B. Kantor, D. Anderson, H. Shacham, S. Savage, K. Koscher, A. Czeskis, Fr. Roesner, and T. Kohno. 2011. Comprehensive experimental analyses of automotive attack surfaces. In USENIX Security.
[10]
A. Fiat and M. Naor. 1994. Broadcast encryption. In Advances in Cryptology (CRYPTO’93). Springer, 480--491.
[11]
B. Groza, P.-S. Murvay, A.Van Herrewege, and I. Verbauwhede. 2012. LiBrA-CAN: A lightweight broadcast authentication protocol for controller area networks. In Proceedings of the 11th International Conference on Cryptology and Network Security (CANS’12). Springer-Verlag, LNCS.
[12]
B. Groza and S. Murvay. 2013. Efficient protocols for secure broadcast in controller area networks. IEEE Transactions on Industrial Informatics 9, 4 (2013), 2034--2042.
[13]
O. Hartkopp, C. Reuber, and R. Schilling. 2012. Macan-message authenticated can. In Proceedings of the 10th International Conference on Embedded Security in Cars (ESCAR’12).
[14]
T. Hoppe and J. Dittman. 2007. Sniffing/replay attacks on CAN Buses: A simulated attack on the electric window lift classified using an adapted CERT taxonomy. In Proceedings of the 2nd Workshop on Embedded Systems Security (WESS’07).
[15]
T. Hoppe, S. Kiltz, and J. Dittmann. 2008. Security threats to automotive CAN networks--practical examples and selected short-term countermeasures. In Proceedings of 27th International Conference on Computer Safety, Reliability, and Security. 235--248.
[16]
International Organization for Standardization 2003. ISO 11898-1. Road Vehicles - Controller Area Network (CAN) - Part 1: Controller Area Network Data Link Layer and Medium Access Control. International Organization for Standardization.
[17]
K. Koscher, A. Czeskis, F. Roesner, S. Patel, T. Kohno, S. Checkoway, D. McCoy, B. Kantor, D. Anderson, H. Shacham, and S. Savage. 2010. Experimental security analysis of a modern automobile. In Proceedings of the IEEE Symposium on Security and Privacy. 447--462.
[18]
R. Kurachi, Y. Matsubara, H. Takada, N. Adachi, Y. Miyashita, and S. Horihata. 2014. CaCAN - Centralized authentication system in CAN (controller area network). In Proceedings of the 14th International Conference on Embedded Security in Cars (ESCAR’14).
[19]
J. Leohold. 2004. Communication requirements for automotive systems. In Proceedings of the Keynote Speech 5th IEEE International Workshop on Factory Communication Systems. Vienna University of Technology.
[20]
C.-W. Lin, Q. Zhu, and A. Sangiovanni-Vincentelli. 2015. Security-aware modeling and efficient mapping for CAN-based real-time distributed automotive systems. IEEE Embedded Systems Letters 7, 1 (2015), 11--14.
[21]
M. Naor and B. Pinkas. 1998. Threshold traitor tracing. In Advances in Cryptology (CRYPTO’98). Springer, 502--517.
[22]
A. Perrig, R. Canetti, D. Song, and J. D. Tygar. 2001. SPINS: Security protocols for sensor networks. In Proceedings of the 7th Annual ACM International Conference on Mobile Computing and Networks (MobiCom’01). 189--199.
[23]
A. Perrig, R. Canetti, J. D. Tygar, and D. X. Song. 2000. Efficient authentication and signing of multicast streams over lossy channels. In Proceedings of the IEEE Symposium on Security and Privacy. 56--73.
[24]
Robert BOSCH GmbH 1991. CAN Specification Version 2.0. Robert BOSCH GmbH.
[25]
Robert BOSCH GmbH 2012. CAN with Flexible Data-Rate Version 1.0. Robert BOSCH GmbH.
[26]
T. Roeder, R. Pass, and F. B. Schneider. 2012. Multi-verifier signatures. Journal of Cryptology 25, 2 (2012), 310--348.
[27]
V. Shoup. 2004. Sequences of games: A tool for taming complexity in security proofs. IACR Cryptology ePrint Archive 2004 (2004), 332.
[28]
I. Studnia, V. Nicomette, E. Alata, Y. Deswarte, M. Kaâniche, and Y. Laarouchi. 2013. Survey on security threats and protection mechanisms in embedded automotive networks. In Proceedings of the 43rd Annual IEEE/IFIP Conference on Dependable Systems and Networks Workshop (DSN-W’13). IEEE, 1--12.
[29]
C. Szilagyi and P. Koopman. 2009. Flexible multicast authentication for time-triggered embedded control network applications. In Proceedings of the IEEE/IFIP International Conference on Dependable Systems 8 Networks. IEEE, 165--174.
[30]
C. Szilagyi and P. Koopman. 2010. Low cost multicast authentication via validity voting in time-triggered embedded control networks. In Proceedings of the 5th Workshop on Embedded Systems Security. ACM, 10.
[31]
C. J. Szilagyi. 2012. Low Cost Multicast Network Authentication for Embedded Control Systems. Ph.D. Dissertation. PhD Thesis, Carnegie Mellon University.
[32]
A. Van Herrewege, D. Singelee, and I. Verbauwhede. 2011. CANAuth-A simple, backward compatible broadcast authentication protocol for CAN bus. In Proceedings of the 9th Embedded Security in Cars Conference.
[33]
Q. Wang and S. Sawhney. 2014. VeCure: A practical security framework to protect the CAN bus of vehicles. In Proceedings of the International Conference on the Internet of Things (IOT’14). IEEE, 13--18.
[34]
M. Wolf, A. Weimerskirch, and C. Paar. 2006. Secure in-vehicle communication. Embedded Security in Cars. Springer, 95--109.
[35]
S. Woo, H. J. Jo, and D. H. Lee. 2015. A practical wireless attack on the connected car and security protocol for in-vehicle CAN. IEEE Transactions on Intelligent Transportation Systems 16, 2 (2015), 993--1006.
[36]
T. Ziermann, S. Wildermann, and J. Teich. 2009. CAN+: A new backward-compatible Controller Area Network (CAN) protocol with up to 16x higher data rates. In Proceedings of Design, Automation 8 Test in Europe Conference 8 Exhibition (DATE). IEEE, 1088--1093.

Cited By

View all
  • (2025)DSR-CAAP: A Novel Denial of Service Resilient Channel-Aware Authenticated Key Exchange Protocol Suite for SAE J1939IEEE Transactions on Industrial Informatics10.1109/TII.2024.345275821:1(445-454)Online publication date: Jan-2025
  • (2024)CAN-MM: Multiplexed Message Authentication Code for Controller Area Network Message Authentication in Road VehiclesIEEE Transactions on Vehicular Technology10.1109/TVT.2024.340298673:10(14661-14673)Online publication date: Oct-2024
  • (2024)Efficient Crypto Engine for Authenticated Encryption, Data Traceability, and Replay Attack Detection Over CAN Bus NetworkIEEE Transactions on Network Science and Engineering10.1109/TNSE.2023.331254511:1(1008-1025)Online publication date: Jan-2024
  • Show More Cited By

Index Terms

  1. LiBrA-CAN: Lightweight Broadcast Authentication for Controller Area Networks

    Recommendations

    Comments

    Information & Contributors

    Information

    Published In

    cover image ACM Transactions on Embedded Computing Systems
    ACM Transactions on Embedded Computing Systems  Volume 16, Issue 3
    Special Issue on Embedded Computing for IoT, Special Issue on Big Data and Regular Papers
    August 2017
    610 pages
    ISSN:1539-9087
    EISSN:1558-3465
    DOI:10.1145/3072970
    Issue’s Table of Contents
    Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

    Publisher

    Association for Computing Machinery

    New York, NY, United States

    Journal Family

    Publication History

    Published: 06 April 2017
    Accepted: 01 November 2016
    Revised: 01 February 2016
    Received: 01 October 2014
    Published in TECS Volume 16, Issue 3

    Permissions

    Request permissions for this article.

    Check for updates

    Author Tags

    1. CAN bus
    2. authentication
    3. broadcast
    4. cryptography

    Qualifiers

    • Research-article
    • Research
    • Refereed

    Funding Sources

    • Hercules Foundation
    • European Commission through the ICT
    • Research Council KU Leuven: GOA TENSE
    • POSDRU
    • Flemish Government through FWO
    • POSDRU Romania

    Contributors

    Other Metrics

    Bibliometrics & Citations

    Bibliometrics

    Article Metrics

    • Downloads (Last 12 months)40
    • Downloads (Last 6 weeks)2
    Reflects downloads up to 16 Feb 2025

    Other Metrics

    Citations

    Cited By

    View all
    • (2025)DSR-CAAP: A Novel Denial of Service Resilient Channel-Aware Authenticated Key Exchange Protocol Suite for SAE J1939IEEE Transactions on Industrial Informatics10.1109/TII.2024.345275821:1(445-454)Online publication date: Jan-2025
    • (2024)CAN-MM: Multiplexed Message Authentication Code for Controller Area Network Message Authentication in Road VehiclesIEEE Transactions on Vehicular Technology10.1109/TVT.2024.340298673:10(14661-14673)Online publication date: Oct-2024
    • (2024)Efficient Crypto Engine for Authenticated Encryption, Data Traceability, and Replay Attack Detection Over CAN Bus NetworkIEEE Transactions on Network Science and Engineering10.1109/TNSE.2023.331254511:1(1008-1025)Online publication date: Jan-2024
    • (2024)A Lightweight and Confidential Communication Scheme for On-Vehicle ECUsIEEE Network: The Magazine of Global Internetworking10.1109/MNET.2024.336594638:3(34-40)Online publication date: 20-Feb-2024
    • (2024)CAN Security Acceleration And Its Verification2024 2nd International Conference on Networking, Embedded and Wireless Systems (ICNEWS)10.1109/ICNEWS60873.2024.10731019(1-6)Online publication date: 22-Aug-2024
    • (2024)Functional Safety Evaluation for Cybersecurity Measures in Low-End Automotive Control Units2024 11th International Conference on Dependable Systems and Their Applications (DSA)10.1109/DSA63982.2024.00023(96-105)Online publication date: 2-Nov-2024
    • (2024)Secure Communication on CAN-Bus Using Sporadic Authenticated Encryption2024 5th CPSSI International Symposium on Cyber-Physical Systems (Applications and Theory) (CPSAT)10.1109/CPSAT64082.2024.10745422(1-8)Online publication date: 16-Oct-2024
    • (2024)Blockchain integration for in-vehicle CAN bus intrusion detection systems with ISO/SAE 21434 compliant reportingScientific Reports10.1038/s41598-024-58694-414:1Online publication date: 8-Apr-2024
    • (2024)A Tale of Two Automotive Security Services: A Formal AnalysisThe 17th International Conference Interdisciplinarity in Engineering10.1007/978-3-031-54674-7_33(441-458)Online publication date: 2-Apr-2024
    • (2023)An Evaluation Framework for Intrusion Prevention Systems on Serial Data Bus NetworksProceedings of the 2023 ACM Asia Conference on Computer and Communications Security10.1145/3579856.3582810(481-493)Online publication date: 10-Jul-2023
    • Show More Cited By

    View Options

    Login options

    Full Access

    View options

    PDF

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader

    Figures

    Tables

    Media

    Share

    Share

    Share this Publication link

    Share on social media