The SAE MOBILUS platform will continue to be accessible and populated with high quality technical content during the coronavirus (COVID-19) pandemic. x

Your Selections

d’Eon, Greg
Show Only


Content Types







   This content is not included in your SAE MOBILUS subscription, or you are not logged in.

Power Analysis and Fault Attacks against Secure CAN: How Safe Are Your Keys?

SAE International Journal of Transportation Cybersecurity and Privacy

NewAE Technology Inc.-Colin O’Flynn, Greg d’Eon
  • Journal Article
  • 11-01-01-0001
Published 2018-02-14 by SAE International in United States
Designers of automotive systems find themselves pulled in an impossible number of directions. Systems must use the most advanced security features, but at the same time run on low-cost and resource-constrained hardware. Ultimately, an engineering trade-off will eventually be made regarding how encryption and key management is used on these systems, potentially leaving them vulnerable to attack. In this paper, we detail the applicability of side-channel power analysis and fault injection on automotive electronic systems, showing how these dangerous techniques can be used to break an otherwise secure system. We build a small example network using AES-CCM to implement an encrypted, authenticated CAN protocol. We demonstrate how open-source hardware and software can easily recover the encryption keys from some of these nodes with side-channel power analysis, and we recover a full firmware image from one device with a fault-injection attack using the same tools. We also discuss how these attacks can be improved to bypass some common countermeasures and be applied against devices in the real world, bypassing security on in-vehicle communication or over-the-air firmware…
This content contains downloadable datasets
Annotation ability available