Nowadays vehicles have an internal network consisting of more than 100 microcontrollers, so-called Electronic Control Units (ECUs), which control core functionalities, active safety, diagnostics, comfort and infotainment. The Controller Area Network (CAN) bus is one of the most widespread bus technologies in use, and thus is a primary target for attackers. AUTOSAR, an open system platform for vehicles, introduced in version 4.3 SecOC Profile 3, a counter-based solution to provide freshness in authenticated messages to protect the system against replay attacks. In this paper, we analyse and assess this method regarding safety constraints and usability, and discuss design considerations when implementing such a system. Furthermore, we propose a novel security profile addressing the identified deficiencies which allows faster resynchronisation when only truncated counter values are transmitted. Finally, we evaluate our solution in an experimental setup in regard to communication overhead and time to synchronise the freshness counter.
[1]
Radha Poovendran,et al.
The AES-CMAC Algorithm
,
2006,
RFC.
[2]
Qi Chen,et al.
The Study of Secure CAN Communication for Automotive Applications
,
2017
.
[3]
Frank Piessens,et al.
VulCAN: Efficient Component Authentication and Software Isolation for Automotive Control Networks
,
2017,
ACSAC.
[4]
Sigrid Gürgens,et al.
A Hardware Based Solution for Freshness of Secure Onboard Communication in Vehicles
,
2018,
CyberICPS/SECPRE@ESORICS.
[5]
Christian Rossow,et al.
- vatiCAN - Vetted, Authenticated CAN Bus
,
2016,
CHES.
[6]
Tomas Olovsson,et al.
In-Vehicle CAN Message Authentication: An Evaluation Based on Industrial Criteria
,
2017,
2017 IEEE 86th Vehicular Technology Conference (VTC-Fall).