EXT-TAURUM P2T: an Extended Secure CAN-FD Architecture for Road Vehicles

The automobile industry is no longer relying on pure mechanical systems; instead, it benefits from advanced Electronic Control Units (ECUs) in order to provide new and complex functionalities in the effort to move toward fully connected cars. However, connected cars provide a dangerous playground for hackers. Vehicles are becoming increasingly vulnerable to cyber attacks as they come equipped with more connected features and control systems. This situation may expose strategic assets in the automotive value chain. In this scenario, the Controller Area Network (CAN) is the most widely used communication protocol in the automotive domain. However, this protocol lacks encryption and authentication. Consequently, any malicious/hijacked node can cause catastrophic accidents and financial loss. Starting from the analysis of the vulnerability connected to the CAN communication protocol in the automotive domain, this paper proposes EXT-TAURUM P2T a new lowcost secure CAN-FD architecture for the automotive domain implementing secure communication among ECUs, a novel key provisioning strategy, intelligent throughput management, and hardware signature mechanisms. The proposed architecture has been implemented, resorting to a commercial Multi-Protocol Vehicle Interface module, and the obtained results experimentally demonstrate the approach’s feasibility.

[1]  Manel Velasco,et al.  Runtime Allocation of Optional Control Jobs to a Set of CAN-Based Networked Control Systems , 2010, IEEE Transactions on Industrial Informatics.

[2]  Bogdan Groza,et al.  Efficient Intrusion Detection With Bloom Filtering in Controller Area Networks , 2019, IEEE Transactions on Information Forensics and Security.

[3]  Alberto L. Sangiovanni-Vincentelli,et al.  Cyber-Security for the Controller Area Network (CAN) Communication Protocol , 2012, 2012 International Conference on Cyber Security.

[4]  Dong Hoon Lee,et al.  A Practical Security Architecture for In-Vehicle CAN-FD , 2016, IEEE Transactions on Intelligent Transportation Systems.

[5]  Alfred Menezes,et al.  Guide to Elliptic Curve Cryptography , 2004, Springer Professional Computing.

[6]  Bogdan Groza,et al.  Efficient Protocols for Secure Broadcast in Controller Area Networks , 2013, IEEE Transactions on Industrial Informatics.

[7]  Muhammad Waseem,et al.  A Critical Analysis on the Security Concerns of Internet of Things (IoT) , 2015 .

[8]  Tomas Olovsson,et al.  In-Vehicle CAN Message Authentication: An Evaluation Based on Industrial Criteria , 2017, 2017 IEEE 86th Vehicular Technology Conference (VTC-Fall).

[9]  Jae Wook Jeon,et al.  CAN FD performance analysis for ECU re-programming using the CANoe , 2014, The 18th IEEE International Symposium on Consumer Electronics (ISCE 2014).

[10]  Alberto L. Sangiovanni-Vincentelli,et al.  Security-Aware Modeling and Efficient Mapping for CAN-Based Real-Time Distributed Automotive Systems , 2015, IEEE Embedded Systems Letters.

[11]  2021 Design, Automation & Test in Europe Conference & Exhibition (DATE) , 2023, 2023 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[12]  Robert I. Davis,et al.  Controller Area Network (CAN): Response time analysis with offsets , 2012, 2012 9th IEEE International Workshop on Factory Communication Systems.

[13]  Julian Proenza,et al.  Quantitative Comparison of the Error-Containment Capabilities of a Bus and a Star Topology in CAN Networks , 2011, IEEE Transactions on Industrial Electronics.

[14]  Ramesh Karri,et al.  On Improving the Security of Logic Locking , 2016, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems.

[15]  Sascha Uhrig,et al.  Implementing AUTOSAR scheduling and resource management on an embedded SMT processor , 2009, SCOPES.

[16]  Yang Xiao,et al.  MAC Security and Security Overhead Analysis in the IEEE 802.15.4 Wireless Sensor Networks , 2006, EURASIP J. Wirel. Commun. Netw..

[17]  Jiajia Liu,et al.  In-Vehicle Network Attacks and Countermeasures: Challenges and Future Directions , 2017, IEEE Network.

[18]  Victor C. M. Leung,et al.  SOVCAN: Safety-Oriented Vehicular Controller Area Network , 2017, IEEE Communications Magazine.

[19]  Mirco Marchetti,et al.  Anomaly detection of CAN bus messages through analysis of ID sequences , 2017, 2017 IEEE Intelligent Vehicles Symposium (IV).

[20]  Franco Stellari,et al.  Verification of untrusted chips using trusted layout and emission measurements , 2014, 2014 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST).

[21]  Farinaz Koushanfar,et al.  Time-Bounded Authentication of FPGAs , 2011, IEEE Transactions on Information Forensics and Security.

[22]  Christoph Schmittner,et al.  ISO/SAE DIS 21434 Automotive Cybersecurity Standard - In a Nutshell , 2020, SAFECOMP Workshops.

[23]  Mohammad Zulkernine,et al.  Securing Vehicle ECU Communications and Stored Data , 2019, ICC 2019 - 2019 IEEE International Conference on Communications (ICC).

[24]  Alessandro Savino,et al.  Mitigation of Automotive Control Modules Hardware Replacement-based Attacks Through Hardware Signature , 2021, 2021 51st Annual IEEE/IFIP International Conference on Dependable Systems and Networks - Supplemental Volume (DSN-S).

[25]  RV Rashmi,et al.  Secure boot of Embedded Applications - A Review , 2018, 2018 Second International Conference on Electronics, Communication and Aerospace Technology (ICECA).

[26]  T. Madhubala,et al.  A novel logic locking technique for hardware security , 2017, 2017 IEEE International Conference on Electrical, Instrumentation and Communication Engineering (ICEICE).

[27]  Y. Hori,et al.  Performance evaluation of the first commercial PUF-embedded RFID , 2012, The 1st IEEE Global Conference on Consumer Electronics 2012.

[28]  Eric Armengaud,et al.  SAHARA: A security-aware hazard and risk analysis method , 2015, 2015 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[29]  Dong Hoon Lee,et al.  Identifying ECUs Using Inimitable Characteristics of Signals in Controller Area Networks , 2016, IEEE Transactions on Vehicular Technology.

[30]  Mohammad Samie,et al.  Evaluation of CAN Bus Security Challenges † , 2020, Sensors.

[31]  Robert Bosch,et al.  Comparison of Event-Triggered and Time-Triggered Concepts with Regard to Distributed Control Systems , 2004 .

[32]  Physical Unclonable Function Using Carbon Resistor , 2020, 2020 IEEE 9th Global Conference on Consumer Electronics (GCCE).

[33]  Mahdi Abadi,et al.  HPCMalHunter: Behavioral malware detection using hardware performance counters and singular value decomposition , 2014, 2014 4th International Conference on Computer and Knowledge Engineering (ICCKE).

[34]  Robert Bosch,et al.  CAN with Flexible Data-Rate , 2012 .

[35]  Victor C. M. Leung,et al.  Multilayer Consensus ECC-Based Password Authenticated Key-Exchange (MCEPAK) Protocol for Smart Grid System , 2013, IEEE Transactions on Smart Grid.

[36]  W. Schneider,et al.  World Forum for Harmonization of Vehicle Regulations (WP.29) , 2019 .

[37]  Sang Hyuk Son,et al.  Lightweight Authentication Method for Controller Area Network , 2016, 2016 IEEE 22nd International Conference on Embedded and Real-Time Computing Systems and Applications (RTCSA).

[38]  Bogdan Groza,et al.  Source Identification Using Signal Characteristics in Controller Area Networks , 2014, IEEE Signal Processing Letters.

[39]  Ioannis Savidis,et al.  Increased Output Corruption and Structural Attack Resilience for SAT Attack Secure Logic Locking , 2021, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems.

[40]  Georg Sigl,et al.  Low-latency X25519 hardware implementation: breaking the 100 microseconds barrier , 2017, Microprocess. Microsystems.

[41]  Alessandro Savino,et al.  TAURUM P2T: Advanced Secure CAN-FD Architecture for Road Vehicle , 2021, 2021 IEEE 27th International Symposium on On-Line Testing and Robust System Design (IOLTS).

[42]  Hanxing Chen,et al.  Research on the Controller Area Network , 2009, 2009 International Conference on Networking and Digital Society.

[43]  Robert I. Davis,et al.  Controller Area Network (CAN) Schedulability Analysis with FIFO Queues , 2011, 2011 23rd Euromicro Conference on Real-Time Systems.

[44]  Suwon Kang,et al.  Communication channel modeling of controller area network (CAN) , 2015, 2015 Seventh International Conference on Ubiquitous and Future Networks.

[45]  Daniel J. Bernstein,et al.  Curve25519: New Diffie-Hellman Speed Records , 2006, Public Key Cryptography.

[46]  Feng Yu,et al.  Security for Safety: A Path Toward Building Trusted Autonomous Vehicles , 2018, 2018 IEEE/ACM International Conference on Computer-Aided Design (ICCAD).

[47]  Roberto Passerone,et al.  Optimized Selection of Reliable and Cost-Effective Safety-Critical System Architectures , 2020, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems.

[48]  Sheila Frankel,et al.  The AES-CBC Cipher Algorithm and Its Use with IPsec , 2003, RFC.