Performance analysis of broadcast authentication protocols on CAN-FD and FlexRay

In the light of the numerous reported attacks, designing cryptographic protocols for in-vehicle embedded networks was a constant preoccupation in the past few years. While several research proposals appeared, a concrete performance analysis of such protocols over a realistic network configuration is still absent from the literature. In this work we address the performance for various authentication protocols that were recently proposed for the two most prominent vehicular buses: FlexRay and CAN-FD. While a real-world vehicular network is still out of reach for our work, we achieve a first step in this direction by using a CANoe based simulation for these protocols over state-of-the-art automotive buses. This allows us to draw a more realistic perspective on the efficiency of existing proposals for bus authentication. Our results suggest that sharing symmetric keys between groups of nodes is the most realistic proposal as it creates a balance between bandwidth efficiency and security level.

[1]  M. Petró‐Turza,et al.  The International Organization for Standardization. , 2003 .

[2]  Hovav Shacham,et al.  Comprehensive Experimental Analyses of Automotive Attack Surfaces , 2011, USENIX Security Symposium.

[3]  Alberto L. Sangiovanni-Vincentelli,et al.  Security-aware mapping for TDMA-based real-time distributed systems , 2014, 2014 IEEE/ACM International Conference on Computer-Aided Design (ICCAD).

[4]  Ran Canetti,et al.  Efficient authentication and signing of multicast streams over lossy channels , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[5]  Alberto L. Sangiovanni-Vincentelli,et al.  Security-Aware Modeling and Efficient Mapping for CAN-Based Real-Time Distributed Automotive Systems , 2015, IEEE Embedded Systems Letters.

[6]  Sebastian Bittl,et al.  Attack Potential and Efficient Security Enhancement of Automotive Bus Networks Using Short MACs with Rapid Key Change , 2014, Nets4Cars/Nets4Trains/Nets4Aircraft.

[7]  Matti Valovirta,et al.  Experimental Security Analysis of a Modern Automobile , 2011 .

[8]  Ingrid Verbauwhede,et al.  CANAuth - A Simple, Backward Compatible Broadcast Authentication Protocol for CAN bus , 2011 .

[9]  Ingrid Verbauwhede,et al.  LiBrA-CAN: A Lightweight Broadcast Authentication Protocol for Controller Area Networks , 2012, CANS.

[10]  Hiroaki Takada,et al.  CaCAN: Centralized Authentication System in CAN (Controller Area Network) , 2016 .

[11]  Dong Hoon Lee,et al.  A Practical Wireless Attack on the Connected Car and Security Protocol for In-Vehicle CAN , 2015, IEEE Transactions on Intelligent Transportation Systems.

[12]  Philip Koopman,et al.  Flexible multicast authentication for time-triggered embedded control network applications , 2009, 2009 IEEE/IFIP International Conference on Dependable Systems & Networks.

[13]  Sasikanth Avancha,et al.  Security for Sensor Networks , 2004 .

[14]  Philip Koopman,et al.  Low cost multicast network authentication for embedded control systems , 2012 .

[15]  Robert Bosch,et al.  CAN with Flexible Data-Rate , 2012 .

[16]  Bogdan Groza,et al.  Efficient Protocols for Secure Broadcast in Controller Area Networks , 2013, IEEE Transactions on Industrial Informatics.

[17]  Qiyan Wang,et al.  VeCure: A practical security framework to protect the CAN bus of vehicles , 2014, 2014 International Conference on the Internet of Things (IOT).

[18]  Philip Koopman,et al.  Low cost multicast authentication via validity voting in time-triggered embedded control networks , 2010, WESS '10.