Broadcast Authentication in a Low Speed Controller Area Network

  • Bogdan Groza
  • Pal-Stefan Murvay
Part of the Communications in Computer and Information Science book series (CCIS, volume 314)


Controller Area Network (CAN) is a communication bus that has no cryptographic protection against malicious adversaries. Once isolated, the environments in which CAN operates are now opened to intruders and assuring broadcast authentication becomes a concern. To achieve this, public key primitives are not a solution because of the computational constraints, but symmetric primitives can be used with time synchronization at the cost of additional delays. Here we study several trade-offs on computational speed, memory and bandwidth having the main intention to depict the lower bounds on the efficiency of such protocols. For this purpose we use a wide spread controller from Freescale located somewhat on the edge of the market capable of low speed, fault tolerant CAN communication. To further improve the computations we also make use of the XGATE co-processor available on the S12X derivative. The performance of both hash functions and block ciphers is examined for efficient construction of the key chains.


Authentication Broadcast Controller area network 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    ISO: CAN Specification Version 2.0. Robert BOSCH GmbH (1991)Google Scholar
  2. 2.
    ISO: ISO 11898-1. Road vehicles - Controller area network (CAN) - Part 1: Controller area network data link layer and medium access control. International Organization for Standardization (2003)Google Scholar
  3. 3.
    Charzinski, J.: Performance of the error detection mechanisms in can. In: Proceedings of the 1st International CAN Conference, pp. 20–29 (1994)Google Scholar
  4. 4.
    Lemke, K., Paar, C., Wolf, M.: Embedded Security in Cars Securing Current and Future Automotive IT Applications. Springer (2006)Google Scholar
  5. 5.
    Koscher, K., Czeskis, A., Roesner, F., Patel, S., Kohno, T., Checkoway, S., McCoy, D., Kantor, B., Anderson, D., Shacham, H., Savage, S.: Experimental security analysis of a modern automobile. In: IEEE Symposium on Security and Privacy (SP), pp. 447–462 (2010)Google Scholar
  6. 6.
    ISO: ISO 11898-4. Road vehicles - Controller area network (CAN) - Part 4: Time triggered communication. International Organization for Standardization (2004)Google Scholar
  7. 7.
    Perrig, A., Canetti, R., Song, D., Tygar, J.D.: SPINS: Security protocols for sensor networks. In: Seventh Annual ACM International Conference on Mobile Computing and Networks (MobiCom 2001), pp. 189–199 (2001)Google Scholar
  8. 8.
    Liu, D., Ning, P.: Efficient distribution of key chain commitments for broadcast authentication in distributed sensor networks. In: Proc. of the 10th Annual Network and Distributed System Security Symposium, pp. 263–276 (2003)Google Scholar
  9. 9.
    Liu, D., Ning, P.: Multilevel μtesla: Broadcast authentication for distributed sensor networks. ACM Trans. Embed. Comput. Syst. 3, 800–836 (2004)CrossRefGoogle Scholar
  10. 10.
    Perrig, A., Canetti, R., Tygar, J., Song, D.X.: Efficient authentication and signing of multicast streams over lossy channels. In: IEEE Symposium on Security and Privacy, pp. 56–73 (2000)Google Scholar
  11. 11.
    Perrig, A., Canetti, R., Song, D., Tygar, J.D.: Efficient and secure source authentication for multicast. Network and Distributed System Security Symposium, NDSS 2001, 35–46 (2001)Google Scholar
  12. 12.
    Lamport, L.: Password authentication with insecure communication. Commun. ACM 24, 770–772 (1981)CrossRefGoogle Scholar
  13. 13.
    Bergadano, F., Cavagnino, D., Crispo, B.: Individual authentication in multiparty communications. Computers & Security 21, 719–735 (2002)CrossRefGoogle Scholar
  14. 14.
    Anderson, R., Bergadano, F., Crispo, B., Lee, J.H., Manifavas, C., Needham, R.: A new family of authentication protocols. SIGOPS Oper. Syst. Rev. 32, 9–20 (1998)CrossRefGoogle Scholar
  15. 15.
    Freescale: MC9S12XDP512 Data Sheet, Rev. 2.21 (October 2009)Google Scholar
  16. 16.
    Mitchell, R.: Tutorial: Introducing the XGATE Module to Consumer and Industrial Application Developers, Freescale (March 2004)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Bogdan Groza
    • 1
  • Pal-Stefan Murvay
    • 1
  1. 1.Department of Automatics and Applied InformaticsPolitehnica University of TimisoaraRomania

Personalised recommendations