论文信息 - Higher layer authentication for broadcast in Controller Area Networks

Higher layer authentication for broadcast in Controller Area Networks

Controller Area Network (CAN) is a bus commonly used by controllers. The traditional view assumes that controllers operate in secure perimeters, but, as the degree of interconnectivity with the outside world increases, these networks may become open to intruders and CAN has no protection against Dolev-Yao adversaries. For this purpose one can implement security on higher layers. Here we design and implement a broadcast authentication protocol based on the well known paradigm of using one-way chains and time synchronization. In this way we can benefit from the use of symmetric primitives without the need of secret shared keys. As process control is a time critical operation, different to sensor networks where the life-time of the node is potentially the main limitation, here the authentication delay is the main optimization criteria. Several trade-offs are studied for this purpose in order to alleviate shortcomings on computational speed, memory, bandwidth and to assure a uniform bus-load. As for the experimental setup, we used S12 microcontrollers from Freescale to implement the proposed solution. To speed up cryptographic operations we also make use of the XGATE co-processor available on S12X.

Bogdan Groza | Pal-Stefan Murvay

[1] Ran Canetti,et al. Efficient authentication and signing of multicast streams over lossy channels , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[2] Joachim Charzinski. Performance of the Error Detection Mechanisms in CAN , 1994 .

[3] Ran Canetti,et al. Efficient and Secure Source Authentication for Multicast , 2001, NDSS.

[4] Leslie Lamport,et al. Password authentication with insecure communication , 1981, CACM.

[5] Matti Valovirta,et al. Experimental Security Analysis of a Modern Automobile , 2011 .

[6] Charalampos Manifavas,et al. A new family of authentication protocols , 1998, OPSR.

[7] Donggang Liu,et al. Efficient Distribution of Key Chain Commitments for Broadcast Authentication in Distributed Sensor Networks , 2002, NDSS.

[8] Christof Paar,et al. Embedded Security in Cars: Securing Current and Future Automotive IT Applications , 2005 .

[9] Sasikanth Avancha,et al. Security for Sensor Networks , 2004 .

[10] Juha Kortelainen,et al. Variants of Multicollision Attacks on Iterated Hash Functions , 2010, Inscrypt.

[11] Donggang Liu,et al. Multilevel μTESLA: Broadcast authentication for distributed sensor networks , 2004, TECS.

[12] Bruno Crispo,et al. Individual Authentication in Multiparty Communications , 2002, Comput. Secur..