Formal Security Analysis of the MaCAN Protocol

Embedded real-time network protocols such as the CAN bus cannot rely on off-the-shelf schemes for authentication, because of the bandwidth limitations imposed by the network. As a result, both academia and industry have proposed custom protocols that meet such constraints, with solutions that may be deemed insecure if considered out of context. MaCAN is one such compatible authentication protocol, proposed by Volkswagen Research and a strong candidate for being adopted by the automotive industry.

[1]  Shuai Li,et al.  Facet: Streaming over Videoconferencing for Censorship Circumvention , 2014, WPES.

[2]  Ingrid Verbauwhede,et al.  LiBrA-CAN: A Lightweight Broadcast Authentication Protocol for Controller Area Networks , 2012, CANS.

[3]  Gavin Lowe,et al.  A hierarchy of authentication specifications , 1997, Proceedings 10th Computer Security Foundations Workshop.

[4]  Ludovic Apvrille,et al.  Car2X Communication: Securing the Last Meter - A Cost-Effective Approach for Ensuring Trust in Car2X Applications Using In-Vehicle Symmetric Cryptography , 2011, 2011 IEEE Vehicular Technology Conference (VTC Fall).

[5]  Jürgen Teich,et al.  CAN+: A new backward-compatible Controller Area Network (CAN) protocol with up to 16× higher data rates. , 2009, 2009 Design, Automation & Test in Europe Conference & Exhibition.

[6]  Shwetak N. Patel,et al.  Experimental Security Analysis of a Modern Automobile , 2010, 2010 IEEE Symposium on Security and Privacy.

[7]  Ben Smyth,et al.  ProVerif 1.85: Automatic Cryptographic Protocol Verifier, User Manual and Tutorial , 2011 .

[8]  Mark Ryan,et al.  StatVerif: Verification of Stateful Processes , 2011, CSF.

[9]  David A. Wagner,et al.  Proceedings of the 20th USENIX conference on Security , 2011 .

[10]  Robert Bosch,et al.  CAN with Flexible Data-Rate , 2012 .

[11]  Bruno Blanchet,et al.  An efficient cryptographic protocol verifier based on prolog rules , 2001, Proceedings. 14th IEEE Computer Security Foundations Workshop, 2001..

[12]  Sebastian Mödersheim Abstraction by set-membership: verifying security protocols and web services with databases , 2010, CCS '10.

[13]  Alan Burns,et al.  Controller Area Network (CAN) schedulability analysis: Refuted, revisited and revised , 2007, Real-Time Systems.

[14]  Morris J. Dworkin,et al.  SP 800-38B. Recommendation for Block Cipher Modes of Operation: the CMAC Mode for Authentication , 2005 .

[15]  Bruno Blanchet,et al.  Automatic verification of correspondences for security protocols , 2008, J. Comput. Secur..

[16]  Hovav Shacham,et al.  Comprehensive Experimental Analyses of Automotive Attack Surfaces , 2011, USENIX Security Symposium.

[17]  Ingrid Verbauwhede,et al.  CANAuth - A Simple, Backward Compatible Broadcast Authentication Protocol for CAN bus , 2011 .