This content is not included in your SAE MOBILUS subscription, or you are not logged in.

Power Analysis and Fault Attacks against Secure CAN: How Safe Are Your Keys?

Journal Article
11-01-01-0001
ISSN: 2572-1046, e-ISSN: 2572-1054
Published February 14, 2018 by SAE International in United States
Power Analysis and Fault Attacks against Secure CAN: How Safe Are Your Keys?
Sector:
Citation: O’Flynn, C. and d’Eon, G., "Power Analysis and Fault Attacks against Secure CAN: How Safe Are Your Keys?," SAE Int. J. Transp. Cyber. & Privacy 1(1):3-18, 2018, https://doi.org/10.4271/11-01-01-0001.
Language: English

Abstract:

Designers of automotive systems find themselves pulled in an impossible number of directions. Systems must use the most advanced security features, but at the same time run on low-cost and resource-constrained hardware. Ultimately, an engineering trade-off will eventually be made regarding how encryption and key management is used on these systems, potentially leaving them vulnerable to attack.
In this paper, we detail the applicability of side-channel power analysis and fault injection on automotive electronic systems, showing how these dangerous techniques can be used to break an otherwise secure system. We build a small example network using AES-CCM to implement an encrypted, authenticated CAN protocol. We demonstrate how open-source hardware and software can easily recover the encryption keys from some of these nodes with side-channel power analysis, and we recover a full firmware image from one device with a fault-injection attack using the same tools. We also discuss how these attacks can be improved to bypass some common countermeasures and be applied against devices in the real world, bypassing security on in-vehicle communication or over-the-air firmware updates.
With these demonstrations in mind, we emphasize the importance of using strong encryption and authentication keys with proper key management and distribution methods. We discuss methods for mitigating these side-channel and fault attacks, and we use these methods to provide guidelines for creating a system architecture that is secure against these hardware attacks.