Abstract
Vehicle manufacturers are installing a large number of Electronic Control Units (ECU) inside vehicles. ECUs communicate among themselves via a Controller Area Network (CAN) to ensure better user experience and safety. CAN is considered as a de facto standard for efficient communication of an embedded control system network. However, it does not have sufficient built-in security features. The major challenges of securing CAN are that the hardware of the ECUs have limited computational power and the size of a CAN message is small. In this paper, a lightweight security solution, LaaCan is designed to secure CAN communication by adopting the Authenticated Encryption with Associated Data (AEAD) approach. The architecture ensures confidentiality, integrity, and authenticity of data transmission. The experimental results show that the delay of LaaCan can be reduced depending on hardware configurations. We consider it lightweight since it adds a low overhead regardless of performing encryption and authentication. We evaluate LaaCan using four metrics: communication overhead, network traffic load, cost of deployment, and compatibility with CAN specification. The evaluation results show that the proposed architecture keeps the network traffic unchanged, has low deployment cost, and is highly compatible with the specification of the protocol.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
Compatibility indicates the degree of change required in standard CAN protocol and it is a subjective metric.
References
AUTOSAR - enabling innovation. https://www.autosar.org/. Accessed 12 Apr 2020
Iso 11898–1:2003 - road vehicles - Controller Area Network (CAN) - part 1: Data link layer and physical signalling. https://www.iso.org/standard/33422.html. Accessed 12 Apr 2020
What is AUTOSAR and why is it important. https://www.fpt-software.com/automotive-tech-blog/what-is-autosar-and-why-is-it-important/. Accessed 12 Apr 2020
AbdAllah, E.G., Zulkernine, M., Gu, Y.X., Liem, C.: Towards defending connected vehicles against attacks. In: Proceedings of the Fifth European Conference on the Engineering of Computer-Based Systems, pp. 1–9 (2017)
Alam, M.S.U., Iqbal, S., Zulkernine, M., Liem, C.: Securing vehicle ECU communications and stored data. In: ICC 2019–2019 IEEE International Conference on Communications (ICC), pp. 1–6. IEEE (2019)
AUTOSAR: Specification of secure onboard communication. https://www.autosar.org/fileadmin/user_upload/standards/classic/4-3/AUTOSAR_SWS_SecureOnboardCommunication.pdf
Avatefipour, O., Malik, H.: State-of-the-art survey on in-vehicle network communication (CAN-Bus) security and vulnerabilities. Int. J. Comput. Sci. Netw. 6 (2017)
Bella, G., Biondi, P., Costantino, G., Matteucci, I.: Toucan: a protocol to secure controller area network (CAN). In: Proceedings of the ACM Workshop on Automotive Cybersecurity. AutoSec 2019, pp. 3–8. ACM, New York (2019)
Biham, E., Bitan, S., Gavril, E.: TCAN: authentication without cryptography on a CAN bus based on nodes location on the bus. In: 2018 Embedded Security in Cars, November 2018
Bittl, S.: Attack potential and efficient security enhancement of automotive bus networks using short macs with rapid key change. In: Sikora, A., Berbineau, M., Vinel, A., Jonsson, M., Pirovano, A., Aguado, M. (eds.) Communication Technologies for Vehicles. Nets4Cars/Nets4Trains/Nets4Aircraft 2014. LNCS, vol. 8435, pp. 113–125. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-06644-8_11
Boldt, B.: Automotive security in a CAN. https://www.electronicdesign.com/markets/automotive/article/21805532/automotive-security-in-a-can. Accessed 07 May 2020
Buttigieg, R., Farrugia, M., Meli, C.: Security issues in controller area networks in automobiles. In: 2017 18th International Conference on Sciences and Techniques of Automatic Control and Computer Engineering (STA), pp. 93–98, December 2017
De Santis, F., Schauer, A., Sigl, G.: ChaCha20-Poly1305 authenticated encryption for high-speed embedded IoT applications. In: Design, Automation Test in Europe Conference Exhibition (DATE), 2017, pp. 692–697, March 2017
Farag, W.A.: Cantrack: enhancing automotive CAN bus security using intuitive encryption algorithms. In: 2017 7th International Conference on Modeling, Simulation, and Applied Optimization (ICMSAO), pp. 1–5. IEEE (2017)
Groza, B., Murvay, S., van Herrewege, A., Verbauwhede, I.: LiBrA-CAN: a lightweight broadcast authentication protocol for controller area networks. In: Pieprzyk, J., Sadeghi, A.-R., Manulis, M. (eds.) CANS 2012. LNCS, vol. 7712, pp. 185–200. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-35404-5_15
Hu, Q., Luo, F.: Review of secure communication approaches for in-vehicle network. Int. J. Automot. Technol. 19(5), 879–894 (2018)
SAE International: Serial control and communications heavy duty vehicle network (2019)
Keller, J.: Best third-party Carplay apps. https://www.imore.com/best-third-party-carplay-apps (2018). Accessed 24 Dec 2019
Lin, C., Sangiovanni-Vincentelli, A.: Cyber-security for the controller area network (CAN) communication protocol. In: 2012 International Conference on Cyber Security, pp. 1–7, December 2012
Mouha, N., Mennink, B., Van Herrewege, A., Watanabe, D., Preneel, B., Verbauwhede, I.: Chaskey: an efficient MAC algorithm for 32-bit microcontrollers. In: Joux, A., Youssef, A. (eds.) SAC 2014. LNCS, vol. 8781, pp. 306–323. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-13051-4_19
Moukahal, L., Zulkernine, M.: Security vulnerability metrics for connected vehicles. In: 2019 IEEE 19th International Conference on Software Quality, Reliability and Security Companion (QRS-C), pp. 17–23. IEEE (2019)
Mundhenk, P., et al.: Security in automotive networks: lightweight authentication and authorization. ACM Trans. Des. Autom. Electron. Syst. (TODAES) 22(2), 25 (2017)
NG, C.: What is data integrity and how can you maintain it? https://www.varonis.com/blog/data-integrity/. Accessed 07 May 2020
Nir, Y.: ChaCha20 and poly1305 for IETF protocols. https://tools.ietf.org/html/rfc7539
R. Kurachi, Y. Matsubara, H.T.N.A.Y.M., Horihata, S.: CaCAN - centralized authentication system in CAN. In: 2014 Embedded Security in Cars, November 2014
Radu, A.-I., Garcia, F.D.: LeiA: a lightweight authentication protocol for CAN. In: Askoxylakis, I., Ioannidis, S., Katsikas, S., Meadows, C. (eds.) ESORICS 2016. LNCS, vol. 9879, pp. 283–300. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-45741-3_15
Silva, N.B., Pigatto, D.F., Martins, P.S., Branco, K.R.: Case studies of performance evaluation of cryptographic algorithms for an embedded system and a general purpose computer. J. Netw. Comput. Appl. 60, 130–143 (2016)
Studio, S.: CAN-Bus shield v2.0. http://wiki.seeedstudio.com/CAN-BUS_Shield_V2.0/
Sun, J., Iqbal, S., Seifollahpour Arabi, N., Zulkernine, M.: A classification of attacks to in-vehicle components (IVCs). Veh. Commun. 25, 100253 (2020)
Ujiie, Y., et al.: A method for disabling malicious can messages by using a centralized monitoring and interceptor ECU. In: 2015 Embedded Security in Cars (2015)
Van Herrewege, A., Singelee, D., Verbauwhede, I.: CANAuth-a simple, backward compatible broadcast authentication protocol for CAN bus. In: ECRYPT Workshop on Lightweight Cryptography, vol. 2011 (2011)
Wang, Q., Sawhney, S.: VeCure: a practical security framework to protect the CAN bus of vehicles. In: 2014 International Conference on the Internet of Things (IOT), pp. 13–18. IEEE (2014)
Woo, S., Jo, H.J., Lee, D.H.: A practical wireless attack on the connected car and security protocol for in-vehicle CAN. IEEE Trans. Intell. Transp. Syst. 16(2), 993–1006 (2015)
Yang, J., et al.: Data management for automotive ECUs based on hybrid RAM-NVM main memory. In: 2016 13th International Conference on Embedded Software and Systems (ICESS), pp. 74–79 (2016)
Ziermann, T., Wildermann, S., Teich, J.: CAN+: a new backward-compatible controller area network (CAN) protocol with up to 16x higher data rates. In: Proceedings of the Conference on Design, Automation and Test in Europe, pp. 1088–1093. European Design and Automation Association (2009)
Acknowledgments
This work is partially supported by the Natural Sciences and Engineering Research Council of Canada (NSERC) and the Canada Research Chairs (CRC) program. The authors would also like to thank Farnood Faghihi for reviewing the paper.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Hridoy, S.A.A., Zulkernine, M. (2020). LaaCan: A Lightweight Authentication Architecture for Vehicle Controller Area Network. In: Park, N., Sun, K., Foresti, S., Butler, K., Saxena, N. (eds) Security and Privacy in Communication Networks. SecureComm 2020. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 336. Springer, Cham. https://doi.org/10.1007/978-3-030-63095-9_12
Download citation
DOI: https://doi.org/10.1007/978-3-030-63095-9_12
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-63094-2
Online ISBN: 978-3-030-63095-9
eBook Packages: Computer ScienceComputer Science (R0)