Abstract
A modern vehicle consists of more than 70 Electronic Control Unit (ECUs) which are responsible for controlling one or more subsystems in the vehicle. These ECUs are interconnected through a Controller Area Network (CAN) bus, which suffers from some limitations of data payload size, bandwidth, and the security issues. Therefore, to overcome the CAN bus limitations, CAN-FD (CAN with Flexible Data) has been introduced. CAN-FD has advantages over the CAN in terms of data payload size and the bandwidth. Still, security issues have not been considered in the design of CAN-FD. All those attacks that are possible to CAN bus are also applicable on CAN-FD. In 2016, Woo et. al proposed a security architecture for in-vehicle CAN-FD. They used an ISO 26262 standard that defines the safety level to determine the security requirements for each ECU, based on that they provided encryption, authentication, both or no security to each ECU. In this paper, we propose a new security architecture for the communication between ECUs on different channels through gateway ECU (GECU). Our experimental results also demonstrate that using an authenticated encryption scheme has better performance than applying individual primitives for encryption and authentication.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Can standardization. http://elearning.vector.com/index.php?&wbt_ls_seite_id=489557&root=378422&seite=vl_can_introduction_en
Comparing can FD with classical can. https://www.kvaser.com/wp-content/uploads/2016/10/comparing-can-fd-with-classical-can.pdf
Caesar: Competition for authenticated encryption: security, applicability, and robustness (2014). http://competitions.cr.yp.to/caesar.html
Can 2020: The future of can technology (2016). https://www.can-cia.org/news/cia-in-action/view/can-2020-the-future-of-can-technology/2016/3/21/
Bellare, M., Namprempre, C.: Authenticated encryption: relations among notions and analysis of the generic composition paradigm. J. Cryptol. 21(4), 469–491 (2008)
Berwanger, J., Peller, M., Griessbach, R.: Byteflight - a new protocol for safety critical applications (2000)
Can specification (1991). http://esd.cs.ucr.edu/webres/can20.pdf
Charette, R.N.: This car runs on code. IEEE Spectr. 46, 3 (2009)
Next generation car network- flexray (2006). http://www.fujitsu.com/downloads/CN/fmc/lsi/FlexRay-EN.pdf
Groza, B., Murvay, S., van Herrewege, A., Verbauwhede, I.: LiBrA-CAN: a lightweight broadcast authentication protocol for controller area networks. In: Pieprzyk, J., Sadeghi, A.-R., Manulis, M. (eds.) CANS 2012. LNCS, vol. 7712, pp. 185–200. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-35404-5_15
Florian Hartwich and Robert Bosch Gmbh. icc 2012 can in automation can with flexible data-rate, 2012
Hoppe, T., Dittman, J.: Sniffing/replay attacks on can buses: a simulated attack on the electric window lift classified using an adapted cert taxonomy. In: Proceedings of the 2nd Workshop on Embedded Systems Security (WESS) (2007)
Hoppe, T., Kiltz, S., Dittmann, J.: Security threats to automotive can networks – practical examples and selected short-term countermeasures. In: Harrison, M.D., Sujan, M.-A. (eds.) SAFECOMP 2008. LNCS, vol. 5219, pp. 235–248. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-87698-4_21
Huang, T., Zhou, J., Bytes, A.: ATG: an attack traffic generation tool for security testing of in-vehicle CAN bus. In: ARES (2018)
Huang, T., Zhou, J., Wang, Y., Cheng, A.: On the security of in-vehicle hybrid network: status and challenges. In: Liu, J.K., Samarati, P. (eds.) ISPEC 2017. LNCS, vol. 10701, pp. 621–637. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-72359-4_38
Kopetz, H.: Automotive electronics: present state and future prospects. In: Proceedings of the Twenty-Fifth International Conference on Fault-tolerant Computing, FTCS 1995, pp. 66–75. IEEE Computer Society, Washington, DC (1995)
Koscher, K., et al.: Experimental security analysis of a modern automobile. In: Proceedings of the 2010 IEEE Symposium on Security and Privacy, SP 2010, pp. 447–462. IEEE Computer Society, Washington, DC (2010)
Radu, A.-I., Garcia, F.D.: LeiA: a lightweight authentication protocol for can. In: ESORICS (2016)
Wang, Q., Sawhney, S.: VeCure: a practical security framework to protect the can bus of vehicles. In: 2014 International Conference on the Internet of Things (IOT), pp. 13–18, October 2014
Woo, S., Jo, H.J., Kim, I.S., Lee, D.H.: A practical security architecture for in-vehicle CAN-FD. IEEE Trans. Intell. Transp. Syst. 17(8), 2248–2261 (2016)
Woo, S., Jo, H.J., Lee, D.H.: A practical wireless attack on the connected car and security protocol for in-vehicle can. IEEE Trans. Intell. Transp. Syst. 16(2), 993–1006 (2015)
Wu, H., Preneel, B.: AEGIS: a fast authenticated encryption algorithm. In: Lange, T., Lauter, K., Lisoněk, P. (eds.) SAC 2013. LNCS, vol. 8282, pp. 185–201. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-43414-7_10
Wu, H., Preneel, B.: AEGIS: A Fast Authenticated Encryption Algorithm (v1) (2015). http://competitions.cr.yp.to/round1/aegisv1.pdf
Acknowledgement
This work was supported by SUTD start-up research grant SRG-ISTD-2017-124. The first author’s work was done during her internship in SUTD.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Agrawal, M., Huang, T., Zhou, J., Chang, D. (2019). CAN-FD-Sec: Improving Security of CAN-FD Protocol. In: Hamid, B., Gallina, B., Shabtai, A., Elovici, Y., Garcia-Alfaro, J. (eds) Security and Safety Interplay of Intelligent Software Systems. CSITS ISSA 2018 2018. Lecture Notes in Computer Science(), vol 11552. Springer, Cham. https://doi.org/10.1007/978-3-030-16874-2_6
Download citation
DOI: https://doi.org/10.1007/978-3-030-16874-2_6
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-16873-5
Online ISBN: 978-3-030-16874-2
eBook Packages: Computer ScienceComputer Science (R0)