ABSTRACT
Automotive communication networks, represented by the CAN bus, are acclaimed for enabling real-time communication between vehicular ECUs but also criticized for their lack of effective security mechanisms. Various attacks have demonstrated that this security deficit renders a vehicle vulnerable to adversarial control that jeopardizes passenger safety. A recent standardization effort led by AUTOSAR has provided general guidelines for developing next-generation automotive communication technologies with built-in security mechanisms. A key security mechanism is message authentication between ECUs for countering message spoofing and replay attack. While many message authentication schemes have been proposed by previous work, the important issue of session key establishment with AUTOSAR compliance was not well addressed. In this paper, we fill this gap by proposing an AUTOSAR-compliant key management architecture that takes into account practical requirements imposed by the automotive environment. Based on this architecture, we describe a baseline session key distribution protocol called SKDC that realizes all designed security functionalities, and propose a novel secret-sharing-based protocol called SSKT that yields improved communication efficiency. Both SKDC and SSKT are customized for CAN/CAN-FD bus deployment. We implemented the two protocols on commercial microcontroller boards and evaluated their performance with hardware experiment and extrapolation analysis. The result shows while both protocols are performant, SSKT achieves superior computation and communication efficiency at scale.
- Jean-Philippe Aumasson, Samuel Neves, Zooko Wilcox-O’Hearn, and Christian Winnerlein. 2013. BLAKE2: simpler, smaller, fast as MD5. In International Conference on Applied Cryptography and Network Security. Springer, Berlin, Heidelberg, 119–135.Google ScholarDigital Library
- AUTOSAR. 2017. AUTOSAR Release 4.2.2: Specification of Module Secure Onboard Communication. https://www.autosar.org/fileadmin/user_upload/standards/classic/4-3/AUTOSAR_SWS_SecureOnboardCommunication.pdfGoogle Scholar
- Amos Beimel 1996. Secure schemes for secret sharing and key distribution. Technion-Israel Institute of technology, Haifa, Israel.Google Scholar
- Shimshon Berkovits. 1991. How to broadcast a secret. In Workshop on the Theory and Application of of Cryptographic Techniques. Springer, Berlin, Heidelberg, 535–541.Google ScholarCross Ref
- Rolf Blom. 1984. An optimal class of symmetric key generation systems. In Workshop on the Theory and Application of of Cryptographic Techniques. Springer, Berlin, Heidelberg, 335–338.Google Scholar
- Carlo Blundo, Alfredo De Santis, Amir Herzberg, Shay Kutten, Ugo Vaccaro, and Moti Yung. 1992. Perfectly-secure key distribution for dynamic conferences. In Annual international cryptology conference. Springer, Berlin, Heidelberg, 471–486.Google Scholar
- LIN Consortium. 2010. LIN Specification Package, Revision 2.2A.Google Scholar
- MOST Cooperation. 2004. MOST Specification Revision 2.3.Google Scholar
- Christof Ebert and Capers Jones. 2009. Embedded software: Facts, figures, and future. Computer 42, 4 (2009), 42–52.Google ScholarDigital Library
- Amos Fiat and Moni Naor. 1993. Broadcast encryption. In Annual International Cryptology Conference. Springer, Berlin, Heidelberg, 480–491.Google Scholar
- Bogdan Groza, Stefan Murvay, Anthony Van Herrewege, and Ingrid Verbauwhede. 2012. LiBrA-CAN: a lightweight broadcast authentication protocol for controller area networks. In International Conference on Cryptology and Network Security. Springer, Berlin, Heidelberg, 185–200.Google ScholarCross Ref
- Lein Harn. 1995. Efficient sharing (broadcasting) of multiple secrets. IEE Proceedings-Computers and Digital Techniques 142, 3(1995), 237–240.Google ScholarCross Ref
- L. Harn and C. Lin. 2010. Authenticated Group Key Transfer Protocol Based on Secret Sharing. IEEE Trans. Comput. 59, 6 (2010), 842–846.Google ScholarDigital Library
- Oliver Hartkopp, Cornel Reuber, and Roland Schilling. 2012. Message authenticated CAN. In 10th Int. Conf. on Embedded Security in Cars (ESCAR 2012), Berlin, Germany.Google Scholar
- Ahmed Hazem and HA Fahmy. 2012. LCAP - a lightweight can authentication protocol for securing in-vehicle networks. In 10th Int. Conf. on Embedded Security in Cars (ESCAR 2012), Berlin, Germany, Vol. 6.Google Scholar
- ISO. 2006. ISO 11898-3:2006 - Road vehicles - Controller area network (CAN) - Part 3: Low-speed, fault-tolerant, medium-dependent interface. Standard. International Organization for Standardization, Geneva, Switzerland.Google Scholar
- ISO. 2015. ISO 11898-1:2015 - Road vehicles - Controller area network (CAN) - Part 1: Data link layer and physical signalling. Standard. International Organization for Standardization, Geneva, Switzerland.Google Scholar
- ISO. 2016. ISO 11898-2:2016 - Road vehicles - Controller area network (CAN) - Part 2: High-speed medium access unit. Standard. International Organization for Standardization, Geneva, Switzerland.Google Scholar
- Karl Koscher, Alexei Czeskis, Franziska Roesner, Shwetak Patel, Tadayoshi Kohno, Stephen Checkoway, Damon McCoy, Brian Kantor, Danny Anderson, Hovav Shacham, 2010. Experimental security analysis of a modern automobile. In 2010 IEEE Symposium on Security and Privacy. IEEE, New York, NY, USA, 447–462.Google ScholarDigital Library
- Sekar Kulandaivel, Tushar Goyal, Arnav Kumar Agrawal, and Vyas Sekar. 2019. CANvas: fast and inexpensive automotive network mapping. In 28th USENIX Security Symposium (USENIX Security 19). USENIX Association, Berkeley, CA, 389–405.Google Scholar
- Ryo Kurachi, Yutaka Matsubara, Hiroaki Takada, Naoki Adachi, Yukihiro Miyashita, and Satoshi Horihata. 2014. CaCAN-centralized authentication system in CAN (controller area network). In 14th Int. Conf. on Embedded Security in Cars (ESCAR 2014), Hamburg, Germany.Google Scholar
- Chi Sung Laih, Jau Yien Lee, and Lein Harn. 1989. A new threshold scheme and its application in designing the conference key distribution cryptosystem. Inform. Process. Lett. 32, 3 (1989), 95–99.Google ScholarDigital Library
- Chih-Hung Li and Josef Pieprzyk. 1999. Conference key agreement from secret sharing. In Australasian Conference on Information Security and Privacy. Springer, Berlin, Heidelberg, 64–76.Google Scholar
- Rainer Makowitz and Christopher Temple. 2006. Flexray-a communication network for automotive control systems. In 2006 IEEE International Workshop on Factory Communication Systems. IEEE, New York, NY, USA, 207–212.Google ScholarCross Ref
- Charlie Miller and Chris Valasek. 2015. Remote exploitation of an unaltered passenger vehicle. Black Hat USA 2015(2015), 91.Google Scholar
- Dennis K Nilsson, Ulf E Larson, and Erland Jonsson. 2008. Efficient in-vehicle delayed data authentication based on compound message authentication codes. In 2008 IEEE 68th Vehicular Technology Conference. IEEE, New York, NY, USA, 1–5.Google ScholarCross Ref
- Stefan Nürnberger and Christian Rossow. 2016. –vatiCAN– vetted, authenticated CAN bus. In International Conference on Cryptographic Hardware and Embedded Systems. Springer, Berlin, Heidelberg, 106–124.Google ScholarCross Ref
- Hisashi Oguma, Akira Yoshioka, Makoto Nishikawa, Rie Shigetomi, Akira Otsuka, and Hideki Imai. 2008. New attestation based security architecture for in-vehicle communication. In IEEE GLOBECOM 2008-2008 IEEE Global Telecommunications Conference. IEEE, New York, NY, USA, 1–6.Google ScholarCross Ref
- Mert D Pesé, Troy Stacer, C Andrés Campos, Eric Newberry, Dongyao Chen, and Kang G Shin. 2019. LibreCAN: Automated CAN Message Translator. In Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security. ACM, New York, NY, USA, 2283–2300.Google ScholarDigital Library
- Andreea-Ina Radu and Flavio D Garcia. 2016. LeiA: A lightweight authentication protocol for CAN. In European Symposium on Research in Computer Security (ESORICS 2016). Springer, Cham, 283–300.Google ScholarCross Ref
- Robert Bosch GmbH. 1991. CAN Specification Version 2.0.Google Scholar
- Robert Bosch GmbH. 2012. CAN with Flexible Data-Rate Version 1.0.Google Scholar
- Hendrik Schweppe, Yves Roudier, Benjamin Weyl, Ludovic Apvrille, and Dirk Scheuermann. 2011. Car2x communication: securing the last meter-a cost-effective approach for ensuring trust in car2x applications using in-vehicle symmetric cryptography. In 2011 IEEE Vehicular Technology Conference (VTC Fall). IEEE, New York, NY, USA, 1–5.Google ScholarCross Ref
- Adi Shamir. 1979. How to share a secret. Commun. ACM 22, 11 (1979), 612–613.Google ScholarDigital Library
- Arduino Software. 2020. Arduino IDE Documentation. https://www.arduino.cc/en/GuideGoogle Scholar
- Seeed Studio. 2018. CAN BUS Shield. https://github.com/Seeed-Studio/CAN_BUS_ShieldGoogle Scholar
- Shane Tuohy, Martin Glavin, Ciarán Hughes, Edward Jones, Mohan Trivedi, and Liam Kilmartin. 2014. Intra-vehicle networks: A review. IEEE Transactions on Intelligent Transportation Systems 16, 2(2014), 534–545.Google ScholarDigital Library
- Jo Van Bulck, Jan Tobias Mühlberg, and Frank Piessens. 2017. VulCAN: Efficient component authentication and software isolation for automotive control networks. In Proceedings of the 33rd Annual Computer Security Applications Conference. ACM, New York, NY, USA, 225–237.Google ScholarDigital Library
- Anthony Van Herrewege, Dave Singelee, and Ingrid Verbauwhede. 2011. CANAuth - a simple, backward compatible broadcast authentication protocol for CAN bus. In ECRYPT Workshop on Lightweight Cryptography, Vol. 2011.Google Scholar
- Qiyan Wang and Sanjay Sawhney. 2014. VeCure: A practical security framework to protect the CAN bus of vehicles. In 2014 International Conference on the Internet of Things (IOT). IEEE, New York, NY, USA, 13–18.Google ScholarCross Ref
- Rhys Weatherley. 2018. Arduino Cryptography Library. https://rweather.github.io/arduinolibs/crypto.htmlGoogle Scholar
- Haohuang Wen, Qingchuan Zhao, Qi Alfred Chen, and Zhiqiang Lin. 2020. Automated Cross-Platform Reverse Engineering of CAN Bus Commands From Mobile Apps. In The 2020 Network and Distributed System Security Symposium (NDSS’20), San Diego, CA, USA.Google Scholar
- Samuel Woo, Hyo Jin Jo, In Seok Kim, and Dong Hoon Lee. 2016. A practical security architecture for in-vehicle CAN-FD. IEEE Transactions on Intelligent Transportation Systems 17, 8(2016), 2248–2261.Google ScholarDigital Library
- Werner Zimmermann and Ralf Schmidgall. 2006. Bussysteme in der Fahrzeugtechnik. Springer, Vieweg, Wiesbaden.Google Scholar
Index Terms
- Session Key Distribution Made Practical for CAN and CAN-FD Message Authentication
Recommendations
Performance analysis of broadcast authentication protocols on CAN-FD and FlexRay
WESS'15: Proceedings of the WESS'15: Workshop on Embedded Systems SecurityIn the light of the numerous reported attacks, designing cryptographic protocols for in-vehicle embedded networks was a constant preoccupation in the past few years. While several research proposals appeared, a concrete performance analysis of such ...
Attacks on quantum key distribution protocols that employ non-ITS authentication
We demonstrate how adversaries with large computing resources can break quantum key distribution (QKD) protocols which employ a particular message authentication code suggested previously. This authentication code, featuring low key consumption, is not ...
Response-Time Modeling of Controller Area Network (CAN)
ICDCN '09: Proceedings of the 10th International Conference on Distributed Computing and NetworkingA probabilistic approach to determine response-time distribution for messages in Controller Area Network (CAN) is presented here. CAN is a field bus level communication network for exchanging short real-time messages. CAN is mostly used to carry ...
Comments