– vatiCAN – Vetted, Authenticated CAN Bus

  • Stefan NürnbergerEmail author
  • Christian Rossow
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9813)


In recent years, several attacks have impressively demonstrated that the software running on embedded controllers in cars can be successfully exploited – often even remotely. The fact that components that were hitherto purely mechanical, such as connections to the brakes, throttle, and steering wheel, have been computerized makes digital exploits life-threatening. Because of the interconnectedness of sensors, controllers and actuators, any compromised controller can impersonate any other controller by mimicking its control messages, thus effectively depriving the driver of his control.

The fact that carmakers develop vehicles in evolutionary steps rather than as revolution, has led us to propose a backward-compatible authentication mechanism for the widely used CAN vehicle communication bus. vatiCAN allows recipients of a message to verify its authenticity via HMACs, while not changing CAN messages for legacy, non-critical components. In addition, vatiCAN detects and prevents attempts to spoof identifiers of critical components. We implemented a vatiCAN prototype and show that it incurs a CAN message latency of less than 4 ms, while giving strong guarantees against non-authentic messages.


Hash Function Authentication Scheme Replay Attack Controller Area Network Instrument Cluster 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.



This work was supported by the German Ministry for Education and Research (BMBF) through funding for the Center for IT-Security, Privacy and Accountability (CISPA).

Supplementary material


  1. 1.
    Balasch, J., et al.: Compact implementation and performance evaluation of hash functions in ATtiny devices. In: Mangard, S. (ed.) CARDIS 2012. LNCS, vol. 7771, pp. 158–172. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  2. 2.
    Checkoway, S., McCoy, D., Kantor, B., Anderson, D.,Shacham, H., Savage, S., Koscher, K., Czeskis, A., Roesner, F., Kohno, T., et al.: Comprehensive experimental analyses of automotive attack surfaces. In: USENIX Security Symposium (2011)Google Scholar
  3. 3.
  4. 4.
    Ebert, C., Jones, C.: Embedded software: facts, figures, and future. Computer 4, 42–52 (2009)CrossRefGoogle Scholar
  5. 5.
    Hanselmann, H.: Hardware-in-the loop simulation as a standard approach for development, customization, and production test of ECUs. Technical report, SAE Technical Paper (1993)Google Scholar
  6. 6.
    AUTOSAR Specifications 4.2 (2016).
  7. 7.
    ISO. ISO 11898-1:2003 Road Vehicles – Controller Area Network (CAN) – Part 1: Data Link Layer and Physical Signalling. International Organization for Standardization (ISO), Geneva (1993)Google Scholar
  8. 8.
    ISO. ISO/DIS 15765-2 Road Vehicles – Diagnostic Communication Over Controller Area Network (DoCAN) – Part 2: Transport Protocol and Network Layer Services. International Organization for Standardization (ISO), Geneva (2011)Google Scholar
  9. 9.
    ISO. ISO 14230-2:2013 Road Vehicles – Diagnostic Communication Over K-Line (DoK-Line) – Part 2: Data Link Layer. International Organization for Standardization (ISO), Geneva (2013)Google Scholar
  10. 10.
    Koscher, K., Czeskis, A., Roesner, F., Patel, S., Kohno, T., Checkoway, S., McCoy, D., Kantor, B., Anderson, D., Shacham, H., et al.: Experimental security analysis of a modern automobile. In: IEEE Symposium on Security and Privacy, pp. 447–462 (2010)Google Scholar
  11. 11.
    Leens, F.: An introduction to I2C and SPI protocols. IEEE Instrum. Meas. Mag. 12(1), 8–13 (2009)CrossRefGoogle Scholar
  12. 12.
    Matsumoto, T., Hata, M., Tanabe, M., Yoshioka, K., Oishi, K.: A method of preventing unauthorized data transmission in controller area network. In: Vehicular Technology Conference (VTC), pp. 1–5. IEEE (2012)Google Scholar
  13. 13.
    Navet, N., Simonot-Lion, F.: Automotive embedded systems handbook, CRC Press (2008)Google Scholar
  14. 14.
    Perrig, A., Canetti, R., Song, D., Tygar, J.D.: Efficient and secure source authentication for multicast. Netw. Distrib. Syst. Secur. Symp. (NDSS) 1, 35–46 (2001)Google Scholar
  15. 15.
    Perrig, A., Canetti, R., Tygar, J.D., Song, D.: Efficient authentication and signing of multicast streams over lossy channels. In: IEEE Symposium on Security and Privacy, pp. 56–73. IEEE (2000)Google Scholar
  16. 16.
    Van Herrewege, A., Singelee, D., Verbauwhede, I.: CANAuth – a simple, backward compatible broadcast authentication protocol for CAN bus. In: 2011 ECRYPT Workshop on Lightweight Cryptography (2011)Google Scholar
  17. 17.
    Wolf, M., Weimerskirch, A., Paar, C.: Security in automotive bus systems. In: Proceedings of the Workshop on Embedded Security in Cars (ESCAR) (2004)Google Scholar
  18. 18.
    Ziermann, T., Wildermann, S., Teich, J.: CAN+: a new backward-compatible controller area network (CAN) protocol with up to 16\(\times \) higher data rates. In: 2009 Design, Automation & Test in Europe Conference & Exhibition, DATE 2009, pp. 1088–1093. IEEE (2009)Google Scholar

Copyright information

© International Association for Cryptologic Research 2016

Authors and Affiliations

  1. 1.CISPASaarland UniversitySaarbrückenGermany

Personalised recommendations