A Hardware Based Solution for Freshness of Secure Onboard Communication in Vehicles

Information Technology has become eminent in the development of modern cars. More than 50 Electronic Control Units (ECUs) realize vehicular functions in hardware and software, ranging from engine control and infotainment to future autonomous driving systems. Not only the connections to the outside world pose new threats, also the in-vehicle communication between ECUs, realized with bus systems like CAN, needs to be protected against manipulation and replay of messages. Multiple countermeasures were presented in the past making use of Message Authentication Codes and specific values to provide message freshness, most prominently AUTOSAR’s Secure Onboard Communication (SecOC). However, the currently considered solutions exhibit deficiencies which are hard if not impossible to overcome within the scope of the respective approaches. In this paper we present a new, hardware-based approach that avoids these deficiencies and formally prove its freshness properties.

[1]  Christian Rossow,et al.  - vatiCAN - Vetted, Authenticated CAN Bus , 2016, CHES.

[2]  Carsten Rudolph,et al.  Authenticity and Provability - A Formal Framework , 2002, InfraSec.

[3]  Shwetak N. Patel,et al.  Experimental Security Analysis of a Modern Automobile , 2010, 2010 IEEE Symposium on Security and Privacy.

[4]  Philip Koopman,et al.  Flexible multicast authentication for time-triggered embedded control network applications , 2009, 2009 IEEE/IFIP International Conference on Dependable Systems & Networks.

[5]  Ingrid Verbauwhede,et al.  LiBrA-CAN: A Lightweight Broadcast Authentication Protocol for Controller Area Networks , 2012, CANS.

[6]  Francisco Rodríguez-Henríquez,et al.  Achieving confidentiality security service for CAN , 2005, 15th International Conference on Electronics, Communications and Computers (CONIELECOMP'05).

[7]  Qi Chen,et al.  The Study of Secure CAN Communication for Automotive Applications , 2017 .

[8]  Erland Jonsson,et al.  Efficient In-Vehicle Delayed Data Authentication Based on Compound Message Authentication Codes , 2008, 2008 IEEE 68th Vehicular Technology Conference.

[9]  Rüdiger Grimm,et al.  Binding telecooperation - a formal model for electronic commerce , 2001, Comput. Networks.

[10]  James F. Plusquellic,et al.  Secure communication over CANBus , 2017, 2017 IEEE 60th International Midwest Symposium on Circuits and Systems (MWSCAS).

[11]  Flavio D. Garcia,et al.  LeiA: A Lightweight Authentication Protocol for CAN , 2016, ESORICS.