Secure Broadcast with One-Time Signatures in Controller Area Networks

Broadcast authentication in Controller Area Networks CAN is subject to real time constraints that are hard to satisfy by expensive public key primitives. For this purpose the authors study here the use of one-time signatures which can be built on the most computationally efficient one-way functions. The authors use an enhancement of the classical Merkle signature as well as the more recently proposed HORS signature scheme. Notably, these two proposals offer different trade-offs, and they can be efficiently paired with time synchronization to reduce the overhead caused by the re-initialization of the public keys, which would otherwise require expensive authentication trees. The authors do outline clear bounds on the performance of such a solution and provide experimental results on development boards equipped with Freescale S12X, a commonly used automotive grade micro-controller. The authors also benefit from the acceleration offered by the XGATE co-processor available on S12X derivatives which significantly increases the computational performances.

[1]  Thomas P. von Hoff,et al.  Security for Industrial Communication Systems , 2005, Proceedings of the IEEE.

[2]  Elaine B. Barker,et al.  A Statistical Test Suite for Random and Pseudorandom Number Generators for Cryptographic Applications , 2000 .

[3]  Ralph C. Merkle,et al.  Secrecy, authentication, and public key systems , 1979 .

[4]  Adrian Perrig,et al.  The BiBa one-time signature and broadcast authentication protocol , 2001, CCS '01.

[5]  Ueli Maurer,et al.  Directed Acyclic Graphs, One-way Functions and Digital Signatures , 1994, CRYPTO.

[6]  Shwetak N. Patel,et al.  Experimental Security Analysis of a Modern Automobile , 2010, 2010 IEEE Symposium on Security and Privacy.

[7]  Sasikanth Avancha,et al.  Security for Sensor Networks , 2004 .

[8]  Ran Canetti,et al.  Efficient and Secure Source Authentication for Multicast , 2001, NDSS.

[9]  Leonid Reyzin,et al.  Better than BiBa: Short One-Time Signatures with Fast Signing and Verifying , 2002, ACISP.

[10]  Bogdan Groza,et al.  Secure Broadcast with One-Time Signatures in Controller Area Networks , 2011, 2011 Sixth International Conference on Availability, Reliability and Security.

[11]  Christof Paar,et al.  Secure In-Vehicle Communication , 2006 .

[12]  Ralph C. Merkle,et al.  A Digital Signature Based on a Conventional Encryption Function , 1987, CRYPTO.

[13]  Donggang Liu,et al.  Efficient Distribution of Key Chain Commitments for Broadcast Authentication in Distributed Sensor Networks , 2002, NDSS.

[14]  Donggang Liu,et al.  Multilevel μTESLA: Broadcast authentication for distributed sensor networks , 2004, TECS.

[15]  Robert Grover Brown,et al.  Introduction to random signal analysis and Kalman filtering , 1983 .

[16]  Ueli Maurer,et al.  On the Efficiency of One-Time Digital Signatures , 1996, ASIACRYPT.