We propose a lightweight construction, a modification of Vanstone’s MAC construction, for the message authentication of the communication between Electronic Control Units (ECUs) in distributed car control systems. The proposed approach can solve the task of error control and authentication in unified algorithmic technology, called MAC (Message Authentication Code) with ECC (Error Correction Code). We follow a provable approach in the design of the cryptographic primitive, where we quantify the security measures in the parameters of the system. Provable security approaches are missing in the field of secure in-vehicle communication.
References
[1]
BOSCH (1991) CAN Specifications. Version 2.0, BOSCH, Gerlingen.
[2]
Koscher, K., Czeskis, A., Roesner, F., Patel, S., Kohno, T., Checkoway, S., et al. (2010) Experimental Security Analysis of a Modern Automobile. Proceedings of the 2010 IEEE Symposium on Security and Privacy, Berkeley, 16-19 May 2010, 447-462. https://doi.org/10.1109/SP.2010.34
[3]
Palanca, A., Evenchick, E., Maggi, F. and Zanero, S. (2017) A Stealth, Selective, Link-Layer Denial-of-Service Attack Against Automotive Networks. International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, Bonn, 6-7 July 2017, 185-206. https://doi.org/10.1007/978-3-319-60876-1_9
[4]
Radu, A.I. and Garcia, F.D. (2016) LeiA: A Lightweight Authentication Protocol for CAN. Proceedings of the 21st European Symposium on Research in Computer Security, Heraklion, 26-30 September 2016, 283-300. https://doi.org/10.1007/978-3-319-45741-3_15
[5]
Wolf, M., Weimerskirch, A. and Paar, C. (2006) Secure In-Vehicle Communication, In: Lemke, K., Paar, C. and Wolf, M., Eds., Embedded Security in Cars, Springer Berlin, Heidelberg, 95-109. https://doi.org/10.1007/3-540-28428-1_6
[6]
Nilsson, D.K. and Larson, U. (2009) A Defense-in-Depth Approach to Securing the Wireless Vehicle Infrastructure. Journal of Networks, 4, 552-564.
[7]
Glas, B., Guajardo, J., Hacioglu, H., Ihle, M., Wehefritz, K. and Yavuz, A. (2012) Signal-Based Automotive Communication Security and Its Interplay with Safety Requirements. Proceedings of the Embedded Security in Cars Conference, Berlin, 28-29 November 2012, 93-109.
[8]
Groza, B., Murvay, S., van Herrewege, A. and Verbauwhede, I. (2012) LiBrA-CAN: A Lightweight Broadcast Authentication Protocol for Controller Area Networks. Proceedings of the 2012 International Conference on Cryptology and Network Security, Darmstadt, 12-14 December, 185-200. https://doi.org/10.1007/978-3-642-35404-5_15
[9]
Zou, Q., et al. (2017) The Study of Secure CAN Communication for Automotive Applications. SAE World Congress Experience 2017, Cobo Center, 4-6 April 2017. https://doi.org/10.4271/2017-01-1658
[10]
Mundhenk, P., Paverd, A., Mrowca, A., Steinhorst, S., Lukasiewycz, M., Fahmy, S.A., et al. (2017) Security in Automotive Networks: Lightweight Authentication and Authorization. ACM Transactions on Design Automation of Electronic Systems, 22, 1-25. https://doi.org/10.1145/2960407
[11]
Huynh Le, V., den Hartog, J. and Zannone, N. (2018) Security and Privacy for Innovative Automotive Applications: A Survey. Computer Communications. 132, 17-41. https://doi.org/10.1016/j.comcom.2018.09.010
[12]
Lin, C.W., Zhu, Q., Phung, C. and Sangiovanni-Vincentelli, A. (2013) Security-Aware Mapping for CAN-Based Real-Time Distributed Automotive Systems. 2013 IEEE/ ACM International Conference on Computer-Aided Design, San Jose, 18-21 Nov. 2013, 115-121. https://doi.org/10.1109/ICCAD.2013.6691106
[13]
Han, G., Zeng, H.B., Li, Y.P. and Dou, W.H. (2014) SAFE: Security-Aware FlexRay Scheduling Engine. 2014 Design, Automation & Test in Europe Conference & Exhibition, Dresden, 24-28 March 2014, 1-4. https://doi.org/10.7873/DATE.2014.021
[14]
Van Herrewege, A., Singelee, A.D. and Verbauwhede, I. (2011) CANAuth—A Simple, Backward Compatible Broadcast Authentication Protocol for CAN Bus. Proceedings of the ECRYPT Workshop on Lightweight Cryptography, Louvainla-Neuve, 28-29 November 2011, 220-235.
[15]
Wang, Q. and Sawhney, S. (2014) VeCure: A Practical Security Framework to Protect the CAN Bus of Vehicles. Proceedings of the 2014 International Conference on the Internet of Things, Cambridge, 6-8 October 2014, 13-18. https://doi.org/10.1109/IOT.2014.7030108
[16]
Siddiqui, A.S., Gui, Y., Plusquellic, J. and Saqib, F. (2017) Secure Communication over CANBus. 2017 IEEE 60th International Midwest Symposium on Circuits and Systems, Boston, 6-9 August 2017, 1264-1267. https://doi.org/10.1109/MWSCAS.2017.8053160
[17]
Escherich, R., Ledendecker, I., Schmal, C., Kuhls, B., Grothe, C. and Scharberth, F. (2009) SHE—Secure Hardware Extension Functional Specification. Hersteller-Initiative Software (HIS) AK Security.
[18]
Bernstein, D.J. (2009) Cost Analysis of Hash Collisions: Will Quantum Computers Make SHARCS Obsolete? Manuscript. http://cr.yp.to/hash/collisioncost-20090823.pdf
[19]
Zalman, R. and Mayer, A. (2014) A Secure but Still Safe and Low Cost Automotive Communication Technique. Proceedings of the 51st Annual Design Automation Conference, San Francisco, June, 2014, 1-5. https://doi.org/10.1145/2593069.2603850
[20]
Krawczyk, H. (1994) LFSR-Based Hashing and Authentication. Annual International Cryptology Conference, Santa Barbara, 21-25 August 1994, 129-139. https://doi.org/10.1007/3-540-48658-5_15
[21]
Lam, C.Y., Gong, G. and Vanstone, S. (2002) Message Authentication Code with Error Correction Capability. International Conference on Information and Communications Security, Singapore, 9-12 December 2002, 354-366. https://doi.org/10.1007/3-540-36159-6_30
[22]
Mahboob, A. and Ikram, N. (2005) Lookup Table Based Multiplication Technique for GF(2m) with Cryptographic Significance. IEE Proceedings—Communications, 152, 965-974. http://dx.doi.org/10.1049/ip-com:20050022
[23]
Chen, Y.J., Lu, S.S., Fu, C., Blaauw, D., Dreslinski, R. and Mudge, T. (2017) A Programmable Galois Field Processor for the Internet of Things. Proceedings of the 44th Annual International Symposium on Computer Architecture, Toronto, June 2017, 55-68. https://doi.org/10.1145/3079856.3080227
