论文信息 - Plug-and-Secure Communication for CAN

Plug-and-Secure Communication for CAN

Security is a topic of rapidly increasing importance in both automotive as well as industrial applications. This is driven by the current trend towards ubiquitously connected systems, a higher degree of automation, and the increasing openness of systems, with a multitude of interfaces and APIs that an attacker might use for malicious purposes. In today’s systems, the communication via CAN is often insecure. Although suitable concepts and cryptographic algorithms are basically available, the distribution of the required (symmetric) cryptographic keys between the involved nodes is still challenging. Currently, the key establishment comes along with either a high logistical / organizational effort or high complexity and/or costs. For that reason, we propose a novel approach for establishing and refreshing symmetric cryptographic keys between different nodes in a CAN network in a plug-and-play manner. Our approach captivates by its simplicity, low complexity and high cost-efficiency, and may be readily implemented without any modifications of standard CAN controllers.

Robert Bosch | Andreas Mueller | Timo Lothspeich

[1] Alfred Menezes,et al. Handbook of Applied Cryptography , 2018 .

[2] Hovav Shacham,et al. Comprehensive Experimental Analyses of Automotive Attack Surfaces , 2011, USENIX Security Symposium.

[3] Hugo Krawczyk,et al. HMAC: Keyed-Hashing for Message Authentication , 1997, RFC.

[4] Benjamin Glas,et al. Signal-based Automotive Communication Security and Its Interplay with Safety Requirements , 2012 .

[5] Alberto L. Sangiovanni-Vincentelli,et al. Cyber-Security for the Controller Area Network (CAN) Communication Protocol , 2012, 2012 International Conference on Cyber Security.

[6] Steven E. Shladover,et al. Potential Cyberattacks on Automated Vehicles , 2015, IEEE Transactions on Intelligent Transportation Systems.

[7] Whitfield Diffie,et al. New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[8] Shwetak N. Patel,et al. Experimental Security Analysis of a Modern Automobile , 2010, 2010 IEEE Symposium on Security and Privacy.

[9] Steven M. Bellovin,et al. Guidelines for Cryptographic Key Management , 2005, RFC.