LiBrA-CAN: A Lightweight Broadcast Authentication Protocol for Controller Area Networks

  • Bogdan Groza
  • Stefan Murvay
  • Anthony van Herrewege
  • Ingrid Verbauwhede
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7712)


Security in vehicular networks established itself as a highly active research area in the last few years. However, there are only a few results so far on assuring security for communication buses inside vehicles. Here we advocate the use of a protocol based entirely on simple symmetric primitives that takes advantage of two interesting procedures which we call key splitting and MAC mixing. Rather than achieving authentication independently for each node, we split authentication keys between groups of multiple nodes. This leads to a more efficient progressive authentication that is effective especially in the case when compromised nodes form only a minority and we believe such an assumption to be realistic in automotive networks. To gain more security we also account an interesting construction in which message authentication codes are amalgamated using systems of linear equations. We study several protocol variants which are extremely flexible allowing different trade-offs on bus load, computational cost and security level. Experimental results are presented on state-of-the-art Infineon TriCore controllers which are contrasted with low end controllers with Freescale S12X cores, all these devices are wide spread in the automotive industry. Finally, we discuss a completely backward compatible solution based on CAN+, a recent improvement of CAN.


Authentication Scheme Master Node Message Authentication Code Vehicular Network Controller Area Network 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Bar-El, H.: Intra-vehicle information security framework. In: Proceedings of 9th Embedded Security in Cars Conference, ESCAR (2009)Google Scholar
  2. 2.
    Chan, H., Perrig, A., Song, D.X.: Random key predistribution schemes for sensor networks. In: 2003 Proceedings of the Symposium on Security and Privacy, pp. 197–213. IEEE (2003)Google Scholar
  3. 3.
    Charlap, L.S., Rees, H.D., Robbins, D.P.: The asymptotic probability that a random biased matrix is invertible. Discrete Mathematics 82(2), 153–163 (1990)MathSciNetzbMATHCrossRefGoogle Scholar
  4. 4.
    Checkoway, S., McCoy, D., Kantor, B., Anderson, D., Shacham, H., Savage, S., Koscher, K., Czeskis, A., Roesner, F., Kohno, T.: Comprehensive experimental analyses of automotive attack surfaces. In: USENIX Security 2011 (2011)Google Scholar
  5. 5.
    Fiat, A., Naor, M.: Broadcast Encryption. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 480–491. Springer, Heidelberg (1994)Google Scholar
  6. 6.
    Groza, B., Murvay, P.-S.: Higher layer authentication for broadcast in Controller Area Networks. In: International Conference on Security and Cryptography, SECRYPT (2011)Google Scholar
  7. 7.
    Koscher, K., Czeskis, A., Roesner, F., Patel, S., Kohno, T., Checkoway, S., McCoy, D., Kantor, B., Anderson, D., Shacham, H., Savage, S.: Experimental security analysis of a modern automobile. In: 2010 IEEE Symposium on Security and Privacy, SP, pp. 447–462 (May 2010)Google Scholar
  8. 8.
    Naor, M., Pinkas, B.: Threshold Traitor Tracing. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 502–517. Springer, Heidelberg (1998)Google Scholar
  9. 9.
    Perrig, A., Canetti, R., Song, D.X., Tygar, J.D.: SPINS: Security protocols for sensor networks. In: Seventh Annual ACM International Conference on Mobile Computing and Networks, MobiCom 2001, pp. 189–199 (2001)Google Scholar
  10. 10.
    Perrig, A., Canetti, R., Tygar, J.D., Song, D.X.: Efficient authentication and signing of multicast streams over lossy channels. In: IEEE Symposium on Security and Privacy, pp. 56–73 (2000)Google Scholar
  11. 11.
    Roeder, T., Pass, R., Schneider, F.: Multi-verifier signatures. Journal of Cryptology 25(2), 310–348 (2012)MathSciNetzbMATHCrossRefGoogle Scholar
  12. 12.
    Van Herrewege, A., Singelee, D., Verbauwhede, I.: CANAuth-a simple, backward compatible broadcast authentication protocol for CAN bus. In: 9th Embedded Security in Cars Conference (2011)Google Scholar
  13. 13.
    Wolf, M., Weimerskirch, A., Paar, C.: Secure in-vehicle communication. In: Embedded Security in Cars, pp. 95–109 (2006)Google Scholar
  14. 14.
    Ziermann, T., Wildermann, S., Teich, J.: CAN+: A new backward-compatible Controller Area Network (CAN) protocol with up to 16x higher data rates. In: DATE, pp. 1088–1093. IEEE (2009)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Bogdan Groza
    • 1
  • Stefan Murvay
    • 1
  • Anthony van Herrewege
    • 2
  • Ingrid Verbauwhede
    • 2
  1. 1.Faculty of Automatics and ComputersPolitehnica University of TimisoaraRomania
  2. 2.ESAT/COSIC - IBBTKU LeuvenBelgium

Personalised recommendations