University of Birmingham LeiA: A Lightweight Authentication Protocol for CAN

. Recent research into automotive security has shown that once a single vehicle component is compromised, it is often possible to take full control of the vehicle. This paper proposes LeiA , a lightweight authentication protocol for the Controller Area Network (CAN). This protocol allows critical vehicle Electronic Control Units (ECUs) to authenticate each other providing compartmentalisation and preventing a number of attacks e.g., where a compromised CD player is able to accel-erate the vehicle. LeiA is designed to run under the stringent time and bandwidth constraints of automotive applications and is backwards compatible with existing vehicle infrastructure. The protocol is suitable to be implemented using lightweight cryptographic primitives yet providing appropriate security levels by limiting the usage of every key in the system. The security of LeiA is proven under the unforgeability assumption of the MAC scheme under chosen message attacks ( uf-cma).

[1]  Flavio D. Garcia,et al.  Lock It and Still Lose It - on the (In)Security of Automotive Remote Keyless Entry Systems , 2016, USENIX Security Symposium.

[2]  Flemming Nielson,et al.  Formal Security Analysis of the MaCAN Protocol , 2014, IFM.

[3]  Yves Deswarte,et al.  Survey on security threats and protection mechanisms in embedded automotive networks , 2013, 2013 43rd Annual IEEE/IFIP Conference on Dependable Systems and Networks Workshop (DSN-W).

[4]  Ingrid Verbauwhede,et al.  LiBrA-CAN: A Lightweight Broadcast Authentication Protocol for Controller Area Networks , 2012, CANS.

[5]  Flavio D. Garcia,et al.  Gone in 360 Seconds: Hijacking with Hitag2 , 2012, USENIX Security Symposium.

[6]  Hovav Shacham,et al.  Comprehensive Experimental Analyses of Automotive Attack Surfaces , 2011, USENIX Security Symposium.

[7]  Christof Paar,et al.  Breaking KeeLoq in a Flash: On Extracting Keys at Lightning Speed , 2009, AFRICACRYPT.

[8]  Jürgen Teich,et al.  CAN+: A new backward-compatible Controller Area Network (CAN) protocol with up to 16× higher data rates. , 2009, 2009 Design, Automation & Test in Europe Conference & Exhibition.

[9]  Eli Biham,et al.  A Practical Attack on KeeLoq , 2008, Journal of Cryptology.

[10]  Gregory V. Bard,et al.  Algebraic and Slide Attacks on KeeLoq , 2008, FSE.

[11]  Serge Vaudenay,et al.  On Privacy Models for RFID , 2007, ASIACRYPT.

[12]  Andrey Bogdanov,et al.  Linear Slide Attacks on the KeeLoq Block Cipher , 2007, Inscrypt.

[13]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[14]  Flavio D. Garcia,et al.  Cryptanalysis of the Megamos Crypto Automotive Immobilizer , 2015, login Usenix Mag..

[15]  Flavio D. Garcia,et al.  Dismantling Megamos Crypto: Wirelessly Lockpicking a Vehicle Immobilizer , 2013, USENIX Security Symposium.

[16]  A. Hazem,et al.  LCAP - A Lightweight CAN Authentication Protocol for Securing In-Vehicle Networks , 2012 .

[17]  Ingrid Verbauwhede,et al.  CANAuth - A Simple, Backward Compatible Broadcast Authentication Protocol for CAN bus , 2011 .

[18]  Matti Valovirta,et al.  Experimental Security Analysis of a Modern Automobile , 2011 .