Abstract
In the near future, connected vehicles are expected to offer the commuters even more convenience and self-autonomy, but at the same time be exposed to much more attacks. A particularly insidious threat to vehicles security is that an attacker may exploit the vulnerabilities of in-vehicle communication network to attack vehicles, such as spoofing CAN bus messages. In this paper, we are thus motivated to propose a solution for achieving authenticated CAN communications, towards ameliorating the threats faced by the in-vehicle communication network. Strictly aiming for practicality and acceptance by the industry, our solution has two salient features: (1) it relies on the industry-wide recognized in-vehicle communication architecture, without requiring addition of any extra hardware; (2) it makes use of standardized cryptographic techniques, without invoking any proprietary cryptographic primitives and mechanisms.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Staggs, J.: How to hack your mini cooper: reverse engineering can messages on passenger automobiles. Institute for Information Security
Valasek, C., Miller, C.: A survey of remote automotive attack surfaces. http://www.ioactive.com/pdfs/IOActive_Remote_Attack_Surfaces.pdf
Car Industry Three Years Behind Todays Cyber Threats. https://threatpost.com/car-industry-three-years-behind-todays-cyber-threats/116524/
Miller, C., Valasek, C.: Adventures in automotive networks and control units. http://www.ioactive.com/pdfs/IOActive_Adventures_in_Automotive_Networks_and_Control_Units.pdf
Miller, C., Valasek, C.: Car Hacking: For Poories
Smith, C.: Car Hacker’s Handbook (2016)
Valasek, C., Miller, C.: Remote Exploitation of an Unaltered Passenger Vehicle. http://www.ioactive.com/pdfs/IOActive_Remote_Car_Hacking.pdf
Car hacked on 60 minutes. Accessed July 2016 [Online]. http://www.cbsnews.com/news/car-hacked-on-60-minutes/
Samy kamkar - home. https://samy.pl/
Wolf, M., Weimerskirch, A., Wollinger, T.: State of the art: embedding security in vehicles. EURASIP J. Embedded Syst. 1, 1–16 (2007)
SAE J3061 (2016). http://standards.sae.org/wip/j3061/
Approaches for Vehicle Information Security, Information Technology Promotion Agency, Japan (2013)
E-safety vehicle intrusion protected applications (EVITA). http://evita-project.org/. Accessed July 2016
Preparing Secure Vehicle-to-X Communication Systems (PRESERVER). https://www.preserve-project.eu/. Accessed July 2016
Open Vehicular Secure Platform (OVERSEE). https://www.oversee-project.com/index.php?id=2. Accessed July 2016
Bruton, J.A.: Securing CAN Bus Communication: An Analysis of Cryptographic Approaches (2014)
Markantonakis, K., Mayes, K.: Secure Smart Embedded Devices, Platforms and Applications (2013)
Brooks, R.R., Yun, S.B., Deng, J.: Cyber-Physical Security of Automotive Information Technology. Elsevier Inc., Amsterdam (2012)
Van Herrewege, A., Singelee, D., Verbauwhede, I.: CANAuth – a simple, back- ward compatible broadcast authentication protocol for CAN bus. In: ECRYPT Workshop on Lightweight Cryptography 2011 (2011)
Groza, B., Murvay, S., Herrewege, A., Verbauwhede, I.: LiBrA-CAN: a lightweight broadcast authentication protocol for controller area networks. In: Pieprzyk, J., Sadeghi, A.-R., Manulis, M. (eds.) CANS 2012. LNCS, vol. 7712, pp. 185–200. Springer, Heidelberg (2012). doi:10.1007/978-3-642-35404-5_15
Ziermann, T., Wildermann, S., Teich, J.: CAN+: a new backward-compatible controller area network (CAN) protocol with up to 16x higher data rates. In: Design, Automation & Test in Europe Conference & Exhibition (DATE 2009), pp. 1088–1093. IEEE (2009)
Perrig, A., Canetti, R., Tygar, J., Song, D.: Efficient authentication and signing of multicast streams over lossy channels. In: Proceedings of the IEEE Symposium on Security and Privacy (SP 2000), Berkeley, CA, USA, pp. 56–73, May 2000
Perrig, A., Szewczyk, R., Wen, V., Culler, D., Tygar, J.D.: SPINS: security protocols for sensor networks. In: Seventh Annual International Conference on Mobile Computing and Networks (MobiCOM 2001), Rome, Italy, July 2001
Studer, A., Bai, F., Bellur, B., Perrig, A.: Flexible, extensible, and efficient VANET authentication. J. Commun. Netw. 11(6), 574–588 (2009)
Hartkopp, O., Reuber, C., Schilling, R.: MaCAN - message authenticated CAN. In: 10th International Conference on Embedded Security in Cars (ESCAR 2012), Berlin, Germany, vol. 6 (2012)
Hazem, A., Fahmy, H.A.: LCAP - a lightweight CAN authentication protocol for securing in-vehicle networks. In: 10th International Conference on Embedded Security in Cars (ESCAR 2012), Berlin, Germany, vol. 6 (2012)
Kurachi, R., Matsubara, Y., Takada, H., Adachi, N., Miyashita, Y., Horihata, S.: CaCAN centralised authentication system in CAN. In: 12th International Conference on Embedded Security in Cars (ESCAR 2014) (2014)
Radu, A.-I., Garcia, F.D.: LeiA: a lightweight authentication protocol for CAN. In: Askoxylakis, I., Ioannidis, S., Katsikas, S., Meadows, C. (eds.) ESORICS 2016. LNCS, vol. 9878. Springer, Heidelberg (2016). doi:10.1007/978-3-319-45741-3_15
Wolf, M., Weimerskirch, A., Paar, C.: Security in automotive bus systems. Workshop on Embedded Security in Cars (2004)
Researchers Hacked a Model S, But Tesla’s Already Release a Patch (2015). https://www.wired.com/2015/08/researchers-hacked-model-s-teslas-already/
ISO, IEC 9798-2: Information technology - Security techniques - Entity authentication - Part 2: Mechanisms using symmetric encipherment algorithms
Basin, D., Cremers, C., Meier, S.: Provably repairing the ISO/IEC 9798 standard for entity authentication. In: 1st International Conference on Theory and Practice of Software, POST 2012, pp. 129–148 (2012)
Acknowledgments
This work is supported by National Natural Science Funds of China (Grant No. 61402199) and Natural Science Funds of Guangdong (Grant No. 2015A030310017).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing AG
About this paper
Cite this paper
Wei, Z., Yang, Y., Li, T. (2016). Authenticated CAN Communications Using Standardized Cryptographic Techniques. In: Bao, F., Chen, L., Deng, R., Wang, G. (eds) Information Security Practice and Experience. ISPEC 2016. Lecture Notes in Computer Science(), vol 10060. Springer, Cham. https://doi.org/10.1007/978-3-319-49151-6_23
Download citation
DOI: https://doi.org/10.1007/978-3-319-49151-6_23
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-49150-9
Online ISBN: 978-3-319-49151-6
eBook Packages: Computer ScienceComputer Science (R0)