Broadcast Authentication in a Low Speed Controller Area Network
Controller Area Network (CAN) is a communication bus that has no cryptographic protection against malicious adversaries. Once isolated, the environments in which CAN operates are now opened to intruders and assuring broadcast authentication becomes a concern. To achieve this, public key primitives are not a solution because of the computational constraints, but symmetric primitives can be used with time synchronization at the cost of additional delays. Here we study several trade-offs on computational speed, memory and bandwidth having the main intention to depict the lower bounds on the efficiency of such protocols. For this purpose we use a wide spread controller from Freescale located somewhat on the edge of the market capable of low speed, fault tolerant CAN communication. To further improve the computations we also make use of the XGATE co-processor available on the S12X derivative. The performance of both hash functions and block ciphers is examined for efficient construction of the key chains.
KeywordsAuthentication Broadcast Controller area network
Unable to display preview. Download preview PDF.
- 1.ISO: CAN Specification Version 2.0. Robert BOSCH GmbH (1991)Google Scholar
- 2.ISO: ISO 11898-1. Road vehicles - Controller area network (CAN) - Part 1: Controller area network data link layer and medium access control. International Organization for Standardization (2003)Google Scholar
- 3.Charzinski, J.: Performance of the error detection mechanisms in can. In: Proceedings of the 1st International CAN Conference, pp. 20–29 (1994)Google Scholar
- 4.Lemke, K., Paar, C., Wolf, M.: Embedded Security in Cars Securing Current and Future Automotive IT Applications. Springer (2006)Google Scholar
- 5.Koscher, K., Czeskis, A., Roesner, F., Patel, S., Kohno, T., Checkoway, S., McCoy, D., Kantor, B., Anderson, D., Shacham, H., Savage, S.: Experimental security analysis of a modern automobile. In: IEEE Symposium on Security and Privacy (SP), pp. 447–462 (2010)Google Scholar
- 6.ISO: ISO 11898-4. Road vehicles - Controller area network (CAN) - Part 4: Time triggered communication. International Organization for Standardization (2004)Google Scholar
- 7.Perrig, A., Canetti, R., Song, D., Tygar, J.D.: SPINS: Security protocols for sensor networks. In: Seventh Annual ACM International Conference on Mobile Computing and Networks (MobiCom 2001), pp. 189–199 (2001)Google Scholar
- 8.Liu, D., Ning, P.: Efficient distribution of key chain commitments for broadcast authentication in distributed sensor networks. In: Proc. of the 10th Annual Network and Distributed System Security Symposium, pp. 263–276 (2003)Google Scholar
- 10.Perrig, A., Canetti, R., Tygar, J., Song, D.X.: Efficient authentication and signing of multicast streams over lossy channels. In: IEEE Symposium on Security and Privacy, pp. 56–73 (2000)Google Scholar
- 11.Perrig, A., Canetti, R., Song, D., Tygar, J.D.: Efficient and secure source authentication for multicast. Network and Distributed System Security Symposium, NDSS 2001, 35–46 (2001)Google Scholar
- 15.Freescale: MC9S12XDP512 Data Sheet, Rev. 2.21 (October 2009)Google Scholar
- 16.Mitchell, R.: Tutorial: Introducing the XGATE Module to Consumer and Industrial Application Developers, Freescale (March 2004)Google Scholar