This content is not included in your SAE MOBILUS subscription, or you are not logged in.
The Study of Secure CAN Communication for Automotive Applications
ISSN: 0148-7191, e-ISSN: 2688-3627
Published March 28, 2017 by SAE International in United States
This content contains downloadable datasetsAnnotation ability available
Cyber security is becoming increasingly critical in the car industry. Not only the entry points to the external world in the car need to be protected against potential attack, but also the on-board communication in the car require to be protected against attackers who may try to send unauthorized CAN messages. However, the current CAN network was not designed with security in mind. As a result, the extra measures have to be taken to address the key security properties of the secure CAN communication, including data integrity, authenticity, confidentiality and freshness. While integrity and authenticity can be achieved by using a relatively straightforward algorithms such as CMAC (Cipher-based Message Authentication Code) and Confidentiality can be handled by a symmetric encryption algorithm like AES128 (128-bit Advanced Encryption Standard), it has been recognized to be more challenging to achieve the freshness of CAN message. There has been a lot of research work on this topic in the past few years, however how to synchronize the CAN bus communication session upon each power-on of the car, has not been looked into thoroughly and evaluated in details.
A deeper look into the freshness and synchronization method is carried out in this paper. It firstly analyzes two ways to address the issue of “freshness of CAN message”, which are time-stamp-based and frame-counter-based respectively. A method with freshness values is then proposed to synchronize across multiple ECUs. Furthermore, it also shows the frame-counter-based approach is more ideal to meet automotive requirements with less complexity and communication payload overhead. In addition, the implementation and test of this approach are presented in the following part, in which the simulated replay attacks are detected and prevented successfully. Finally the limitations of the frame-counter approach are discussed and the further research plan is outlined. Such work is carried out on a hardware platform centered with Infineon 32-bit microcontrollers, i.e. AURIXTM TC234LP, which has an embedded HSM, i.e. Hardware Security Module.
|Technical Paper||Securing J1939 Communications Using Strong Encryption with FIPS 140-2|
|Technical Paper||Integrated Safety and Security Development in the Automotive Domain|
|Technical Paper||Hardware/Software Co-Design of an Automotive Embedded Firewall|
CitationZou, Q., Chan, W., Gui, K., Chen, Q. et al., "The Study of Secure CAN Communication for Automotive Applications," SAE Technical Paper 2017-01-1658, 2017, https://doi.org/10.4271/2017-01-1658.
Data Sets - Support Documents
|Unnamed Dataset 1|
- Koscher , K. , Czeskis , A. , Roesner , F. , Patel , S. , Experimental security analysis of a modern automobile Proceedings of the Symposium on Security and Privacy May 2010
- Ghosh , S. Automotive Cybersecurity SAE International June 2016
- Checkoway , S. , McCoy , D. , Kantor , B. , Anderson , D. , Comprehensive experimental analyses of automotive attack surfaces Proceedings of the USENIX Security Symposium August 2011
- Miller , C. and Valasek , C. A survey of remote automotive attack surfaces Technical report IOActive Inc. 09 Feb 2016
- Rouf , I. , Miller , R.D. , Mustafa , H.A. , Taylor , T. , Oh , S. , Security and privacy vulnerabilities of in-car wireless networks: a tire pressure monitoring system case study Proceedings of the USENIX Security Symposium August 2010
- Valasek , C. and Miller , C. Remote exploitation of an unaltered passenger vehicle Technical report IOActive Inc. 09 Feb 2016
- Glas , B. , Guajardo , J. , Hacioglu , H. , Ihle , M. , Signalbased automotive communication security and its interplay with safety requirements Embedded Security in Cars (ESCAR) Europe November 2012
- Groza , B. , Murvay , S. , van Herrewege , A. and Verbauwhede , I. LiBrA-CAN: a lightweight broadcast authentication protocol for controller area networks Pieprzyk , J. , Sadeghi , A.-R. , Manulis , M. CANS 2012 7712 Springer Heidelberg 2012
- Herrewege , A.V. and Verbauwhede , I. CANAuth - a simple, backward compatible broadcast authentication protocol for CAN bus ECRYPT Workshop on Lightweight Cryptography 2011 Louvain-la-Neuve, BE
- Szilagyi , C. and Koopman , P. Low cost multicast authentication via validity voting in time-triggered embedded control networks Proceedings of the Workshop on Embedded Systems Security 2010, ACM New York
- Szilagyi , C. and Koopman , P. Flexible multicast authentication for time-triggered embedded control network applications Proceedings of the International Conference on Dependable Systems and Networks 165 174 June 2009
- Zalman , R. and Mayer , A. A secure but still safe and low cost automotive communication technique Proc. of DAC 2014
- Lin , C. , Zhu , Q. , Phung C. , and Sangiovanni-Vincentelli , A. Security-aware mapping for CAN-based real-time distributed automotive systems Proc. of ICCAD 2013
- Advanced Encryption Standard (AES) FIPS PUB 197
- Stallings , W. Cryptograph and Network Security Principles and Practice Sixth Pearson Education, Inc. 2014
- Happel , A Secure communication for CAN FD CAN Newsletter 2014
- Cybersecurity Guidebook for Cyber-Physical Vehicle Systems January 2016
- Specification of Module Secure Onboard Communication, AUTOSAR Release 4.2.2
- Requirements on Module Secure Onboard Communication, AUTOSAR Release 4.2.2
- AUTOSAR Layered Software Architecture http://www.autosar.org/fileadmin/files/standards/classic/4-2/software-architecture/general/auxiliary/AUTOSAR_EXP_LayeredSoftwareArchitecture.pdf