LeiA: A Lightweight Authentication Protocol for CAN

  • Andreea-Ina Radu
  • Flavio D. Garcia
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9879)


Recent research into automotive security has shown that once a single vehicle component is compromised, it is often possible to take full control of the vehicle. This paper proposes LeiA, a lightweight authentication protocol for the Controller Area Network (CAN). This protocol allows critical vehicle Electronic Control Units (ECUs) to authenticate each other providing compartmentalisation and preventing a number of attacks e.g., where a compromised CD player is able to accelerate the vehicle. LeiA is designed to run under the stringent time and bandwidth constraints of automotive applications and is backwards compatible with existing vehicle infrastructure. The protocol is suitable to be implemented using lightweight cryptographic primitives yet providing appropriate security levels by limiting the usage of every key in the system. The security of LeiA is proven under the unforgeability assumption of the MAC scheme under chosen message attacks (uf-cma).



This research was partly sponsored by EPSRC, through industrial CASE award 14220107. The authors are thankful to Paul Sanderson and David Battersby for their support.


  1. 1.
    AUTOSAR: AUTOSAR Specification 4.2.
  2. 2.
    Bogdanov, A.: Linear slide attacks on the keeloq block cipher. In: Pei, D., Yung, M., Lin, D., Wu, C. (eds.) Inscrypt 2007. LNCS, vol. 4990, pp. 66–80. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  3. 3.
    Bruni, A., Sojka, M., Nielson, F., Nielson, H.R.: Formal security analysis of the MaCAN protocol. In: Albert, E., Sekerinski, E. (eds.) IFM 2014. LNCS, vol. 8739, pp. 241–255. Springer, Heidelberg (2014)Google Scholar
  4. 4.
    Checkoway, S., McCoy, D., Kantor, B., Anderson, D., Shacham, H., Savage, S., Koscher, K., Czeskis, A., Roesner, F., Kohno, T., et al.: Comprehensive experimental analyses of automotive attack surfaces. In: 20th USENIX Security Symposium (USENIX Security 2011), San Francisco (2011)Google Scholar
  5. 5.
    Courtois, N.T., Bard, G.V., Wagner, D.: Algebraic and slide attacks on KeeLoq. In: Nyberg, K. (ed.) FSE 2008. LNCS, vol. 5086, pp. 97–115. Springer, Heidelberg (2008)Google Scholar
  6. 6.
    Dolev, D., Yao, A.C.: On the security of public key protocols. IEEE Trans. Inf. Theory 29(2), 198–208 (1983)MathSciNetCrossRefzbMATHGoogle Scholar
  7. 7.
    Garcia, F.D., Oswald, D., Kasper, T., Pavlidès, P.: Lock it and still lose it - on the (in)security of automotive remote keyless entry systems. In: 25nd USENIX Security Symposium (USENIX Security 2016). USENIX Association (to appear, 2016)Google Scholar
  8. 8.
    Greenberg, A.: Hackers Remotely Kill a Jeep on the Highway - with me in it (2015).
  9. 9.
    Groza, B., Murvay, S., van Herrewege, A., Verbauwhede, I.: LiBrA-CAN: a lightweight broadcast authentication protocol for controller area networks. In: Pieprzyk, J., Sadeghi, A.-R., Manulis, M. (eds.) CANS 2012. LNCS, vol. 7712, pp. 185–200. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  10. 10.
    Hartkopp, O., Reuber, C., Schilling, R.: MaCAN - message authenticated CAN. In: 10th International Conference on Embedded Security in Cars (ESCAR 2012), Berlin, Germany, vol. 6 (2012)Google Scholar
  11. 11.
    Hazem, A., Fahmy, H.A.: LCAP - a lightweight CAN authentication protocol for securing in-vehicle networks. In: 10th International Conference on Embedded Security in Cars (ESCAR 2012), Berlin, Germany, vol. 6 (2012)Google Scholar
  12. 12.
    Indesteege, S., Keller, N., Dunkelman, O., Biham, E., Preneel, B.: A practical attack on KeeLoq. In: Smart, N.P. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 1–18. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  13. 13.
    ISO: 11898–1: 2003 - Road Vehicles - Controller Area Network. International Organization for Standardization, Geneva, Switzerland (2003)Google Scholar
  14. 14.
    Kasper, M., Kasper, T., Moradi, A., Paar, C.: Breaking KeeLoq in a flash: on extracting keys at lightning speed. In: Preneel, B. (ed.) AFRICACRYPT 2009. LNCS, vol. 5580, pp. 403–420. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  15. 15.
    Koscher, K., Czeskis, A., Roesner, F., Patel, S., Kohno, T., Checkoway, S., McCoy, D., Kantor, B., Anderson, D., Shacham, H., et al.: Experimental Security Analysis of a Modern Automobile. In: 31st IEEE Symposium on Security & Privacy (S&P 2010), pp. 447–462. IEEE (2010)Google Scholar
  16. 16.
    Kurachi, R., Matsubara, Y., Takada, H., Adachi, N., Miyashita, Y., Horihata, S.: CaCAN - centralised authentication system in CAN. In: 12th International Conference on Embedded Security in Cars (ESCAR 2014) (2014)Google Scholar
  17. 17.
    Miller, C., Valasek, C.: Remote Exploitation of an Unaltered Passenger Vehicle (2015).
  18. 18.
    Studnia, I., Nicomette, V., Alata, E., Deswarte, Y., Kaâniche, M., Laarouchi, Y.: Survey on security threats and protection mechanisms in embedded automotive networks. In: 2013 43rd Annual IEEE/IFIP Conference on Dependable Systems and Networks Workshop (DSN-W 2013), pp. 1–12. IEEE (2013)Google Scholar
  19. 19.
    Van Herrewege, A., Singelee, D., Verbauwhede, I.: CANAuth - a simple, backward compatible broadcast authentication protocol for CAN bus. In: ECRYPT Workshop on Lightweight Cryptography 2011 (2011)Google Scholar
  20. 20.
    Vaudenay, S.: On privacy models for RFID. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 68–87. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  21. 21.
    Verdult, R., Garcia, F.D.: Cryptanalysis of the megamos crypto automotive immobilizer. In: USENIX; login, vol. 40(6), pp. 17–22. USENIX Association (2015)Google Scholar
  22. 22.
    Verdult, R., Garcia, F.D., Balasch, J.: Gone in 360 seconds: Hijacking with Hitag2. In: 21st USENIX Security Symposium (USENIX Security 2012), pp. 237–252 (2012)Google Scholar
  23. 23.
    Ziermann, T., Wildermann, S., Teich, J.: CAN+: A new backward-compatible controller area network (CAN) Protocol with up to 16x Higher Data Rates. In: Design, Automation & Test in Europe Conference & Exhibition (DATE 2009), pp. 1088–1093. IEEE (2009)Google Scholar
  24. 24.
    Verdult, R., Garcia, F.D., Ege, B.: Dismantling megamos crypto: wirelessly lockpicking a vehicle immobilizer. In: 22nd USENIX Security Symposium (USENIX Security 2013), pp. 703–718. USENIX Association (2015)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2016

Authors and Affiliations

  1. 1.School of Computer ScienceUniversity of BirminghamBirminghamUK

Personalised recommendations