research-article

Gatekeeper: A Gateway-based Broadcast Authentication Protocol for the In-Vehicle Ethernet

Authors:

Qingzhao Zhang,

André Weimerskirch,

Z. Morley MaoAuthors Info & Claims

ASIA CCS '22: Proceedings of the 2022 ACM on Asia Conference on Computer and Communications Security

Pages 494 - 507

https://doi.org/10.1145/3488932.3517396

Published: 30 May 2022 Publication History

Abstract

Automotive Ethernet is considered to be the next-generation in-vehicle network, because of its high bandwidth, high throughput, and low cost characteristics. However, no common standard has been established for the security protocol of Automotive Ethernet. While there are a few candidates, including MACsec, IPsec, and TLS, there is no widely favored candidate. Most importantly, existing candidates cannot fully satisfy the requirements of in-vehicle communication, specifically source authentication for broadcast/multicast communication. In this paper, we conduct a comprehensive analysis in both security and performance of existing security protocol candidates and identify source authentication and Denial-of-Service (DoS) prevention as two essential but missing properties in these candidates. We propose Gatekeeper, a gateway-based broadcast authentication protocol to ensure source authentication. In general, Gatekeeper introduces an on-path authenticator, which co-locates with the in-vehicle gateway or domain controllers and helps receivers to verify the sender's identity. To defend against DoS threats, we further integrate the time-lock puzzle with Gatekeeper to slow down malicious traffic. Our performance evaluation results show that Gatekeeper only results in 0.03 ms latency overhead for CAN data transmission and outperforms TESLA on both CAN and LiDAR transmission scenarios, highlighting the effectiveness and efficiency of Gatekeeper.

Supplementary Material

MP4 File (ASIA-CCS22-fp212.mp4)

A novel and practical gateway-based broadcast authentication protocol for the in-vehicle Ethernet

Download
31.71 MB

References

[1]

Emad Aliwa, Omer Rana, Charith Perera, and Peter Burnap. 2021. Cyberattacks and Countermeasures for In-Vehicle Networks. ACM Comput. Surv. (2021).

[2]

AUTOSAR. 2019. Specification of secure onboard communication. AUTOSAR CP R19--11 (2019).

[3]

Elaine Barker, Allen Roginsky, and Richard Davis. 2020. Recommendation for cryptographic key generation (Revision 2). (2020). https://doi.org/10.6028/NIST.SP.800-133r2

[4]

David A. Basin, Jannik Dreier, Lucca Hirschi, Sasa Radomirovic, Ralf Sasse, and Vincent Stettler. 2018. A Formal Analysis of 5G Authentication. In Proc. ACM CCS, David Lie, Mohammad Mannan, Michael Backes, and XiaoFeng Wang (Eds.).

Digital Library

[5]

Stephen Checkoway, Damon McCoy, Brian Kantor, Danny Anderson, Hovav Shacham, Stefan Savage, Karl Koscher, Alexei Czeskis, Franziska Roesner, and Tadayoshi Kohno. 2011. Comprehensive Experimental Analyses of Automotive Attack Surfaces. In Proc. USENIX Security.

[6]

Kyong-Tak Cho and Kang G. Shin. 2016. Fingerprinting Electronic Control Units for Vehicle Intrusion Detection. In Proc. USENIX Security.

[7]

Cas Cremers and Martin Dehnel-Wild. 2019. Component-Based Formal Analysis of 5G-AKA: Channel Assumptions and Session Confusion. In Proc. NDSS.

[8]

Cas Cremers, Marko Horvat, Jonathan Hoyland, Sam Scott, and Thyla van der Merwe. 2017. A Comprehensive Symbolic Analysis of TLS 1.3. In Proc. ACM CCS, Bhavani M. Thuraisingham, David Evans, Tal Malkin, and Dongyan Xu (Eds.).

[9]

Cas Cremers, Marko Horvat, Sam Scott, and Thyla van der Merwe. 2016. Automated Analysis and Verification of TLS 1.3: 0-RTT, Resumption and Delayed Authentication. In Proc. IEEE S&P.

[10]

Cas Cremers, Benjamin Kiesl, and Niklas Medinger. 2020. A Formal Analysis of IEEE 802.11's WPA2: Countering the Kracks Caused by Cracking the Counters. In Proc. USENIX Security, Srdjan Capkun and Franziska Roesner (Eds.).

[11]

Wu-chang Feng. 2003. The case for TCP/IP puzzles. In Proc. SIGCOMM Workshop on FDNA.

[12]

George Gross, Brian Weis, and Dragan Ignjatic. 2008. Multicast Extensions to the Security Architecture for the Internet Protocol. RFC 5374. https://rfc-editor.org/rfc/rfc5374.txt

[13]

Bogdan Groza, Pal-Stefan Murvay, Anthony Van Herrewege, and Ingrid Verbauwhede. 2017. LiBrA-CAN: Lightweight Broadcast Authentication for Controller Area Networks. ACM Trans. Embed. Comput. Syst. (2017).

[14]

Guardknox. 2021. Automotive Zonal Architecture - Guardknox. https://tinyurl.com/2p8ztb2a.

[15]

Peter Hank, Steffen Mü ller, Ovidiu Vermesan, and Jeroen Van den Keybus. 2013. Automotive ethernet: in-vehicle networking and smart mobility. In Proc. DATE, Enrico Macii (Ed.).

[16]

Hugh Harney, Andrea Colegrove, Uri Meth, and George Gross. 2006. GSAKMP: Group Secure Association Key Management Protocol. RFC 4535. https://rfc-editor.org/rfc/rfc4535.txt

Digital Library

[17]

Shengtuo Hu, Qi Alfred Chen, Jiwon Joung, Can Carlak, Yiheng Feng, Z. Morley Mao, and Henry X. Liu. 2020. CVShield: Guarding Sensor Data in Connected Vehicle with Trusted Execution Environment.

[18]

Shengtuo Hu, Qi Alfred Chen, Jiachen Sun, Yiheng Feng, Z Morley Mao, and Henry X Liu. 2021. Automated Discovery of Denial-of-Service Vulnerabilities in Connected Vehicle Protocols. In Proc. USENIX Security.

[19]

Syed Hussain, Omar Chowdhury, Shagufta Mehnaz, and Elisa Bertino. 2018. LTEInspector: A Systematic Approach for Adversarial Testing of 4G LTE. In Proc NDSS.

[20]

Syed Rafiul Hussain, Mitziu Echeverria, Imtiaz Karim, Omar Chowdhury, and Elisa Bertino. 2019. 5GReasoner: A Property-Directed Security and Privacy Analysis Framework for 5G Cellular Network Protocol. In Proc. ACM CCS.

Digital Library

[21]

IEEE. 2016. ISO/IEC/IEEE International Standard - Information technology -- Telecommunications and information exchange between systems -- Local and metropolitan area networks -- Specific requirements -- Part 1BA: Audio video bridging (AVB) systems. ISO/IEC/IEEE 8802--1BA First edition 2016-10-15 (2016).

[22]

IEEE. 2018. IEEE Standard for Local and metropolitan area networks-Media Access Control (MAC) Security. IEEE Std 802.1AE-2018 (Revision of IEEE Std 802.1AE-2006) (2018).

[23]

IEEE. 2020. P802.1DG -- TSN Profile for Automotive In-Vehicle Ethernet Communications. https://1.ieee802.org/tsn/802-1dg/.

[24]

Ixia. 2014. Automotive Ethernet: An Overview. https://tinyurl.com/ysahfdbj.

[25]

Aris Jules and John Brainard. 1999. Client-puzzles: a cryptographic defense against connection depletion. In Proc. NDSS.

[26]

Charlie Kaufman, Paul E. Hoffman, Yoav Nir, Pasi Eronen, and Tero Kivinen. 2014. Internet Key Exchange Protocol Version 2 (IKEv2). RFC 7296. https://rfc-editor.org/rfc/rfc7296.txt

[27]

Stephen Kent. 2005 a. IP Authentication Header. RFC 4302. https://rfc-editor.org/rfc/rfc4302.txt

[28]

Stephen Kent. 2005 b. IP Encapsulating Security Payload (ESP). RFC 4303. https://rfc-editor.org/rfc/rfc4303.txt

[29]

Sye Loong Keoh, Sandeep Kumar, Oscar Garcia-Morchon, Esko Dijk, and Akbar Rahman. 2014. DTLS-based Multicast Security in Constrained Environments. Internet-Draft draft-keoh-dice-multicast-security-08. https://datatracker.ietf.org/doc/html/draft-keoh-dice-multicast-security-08 Work in Progress.

[30]

Jun Young Kim, Ralph Holz, Wen Hu, and Sanjay Jha. 2017. Automated Analysis of Secure Internet of Things Protocols. In Proc. ACSAC.

Digital Library

[31]

Tiffany Hyun-Jin Kim, Cristina Basescu, Limin Jia, Soo Bum Lee, Yih-Chun Hu, and Adrian Perrig. 2014. Lightweight source authentication and path validation. In Proc. ACM SIGCOMM.

[32]

Karl Koscher, Alexei Czeskis, Franziska Roesner, Shwetak Patel, Tadayoshi Kohno, Stephen Checkoway, Damon McCoy, Brian Kantor, Danny Anderson, Hovav Shacham, and Stefan Savage. 2010. Experimental Security Analysis of a Modern Automobile. In Proc. IEEE S&P.

Digital Library

[33]

Jan Lastinec and Ladislav Hudec. 2015. A performance analysis of IPSec/AH protocol for automotive environment. In Proc. CompSysTech, Boris Rachev and Angel Smrikarov (Eds.).

Digital Library

[34]

Jan Lastinec and Ladislav Hudec. 2021. A study of securing in-vehicle communication using IPSEC protocol. Journal of Electrical Engineering (2021).

[35]

Timm Lauser, Daniel Zelle, and Christoph Krauß. 2020. Security Analysis of Automotive Protocols. In Proc. CSCS, Bjö rn Brü cher, Oliver Wasenmüller, Mario Fritz, Hans-Joachim Hof, and Christoph Krauß (Eds.).

Digital Library

[36]

Youngwoo Lee and KyoungSoo Park. 2013. Meeting the real-time constraints with standard Ethernet in an in-vehicle network. In Proc. IEEE IV.

[37]

Hyung-Taek Lim, Kay Weckemann, and Daniel Herrscher. 2011. Performance Study of an In-Car Switched Ethernet Network without Prioritization. In Proc. Nets4Cars/Nets4Trains.

[38]

Maggie Lim. 2021. Automotive Ethernet: The Future of In-Vehicle Networking. https://blogs.keysight.com/blogs/tech/sim-des.entry.html/2021/06/10/automotive_ethernet-E6FB.html.

[39]

Xin Liu, Ang Li, Xiaowei Yang, and David Wetherall. 2008. Passport: Secure and Adoptable Source Authentication. In Proc. USENIX NSDI.

[40]

Roger Lucas. 2017. DTLS Multicast. Internet-Draft draft-lucas-dtls-multicast-00. https://datatracker.ietf.org/doc/html/draft-lucas-dtls-multicast-00 Work in Progress.

[41]

Miao Ma. 2005. Mitigating Denial of Service Attacks with Password Puzzles. In Proc. ITCC.

Digital Library

[42]

Kirsten Matheus and Thomas Königseder. 2017. Chapter 6: Ethernet in Automotive System Development 2 ed.). Cambridge University Press, 241--263. https://doi.org/10.1017/9781316869543.008

[43]

Simon Meier, Benedikt Schmidt, Cas Cremers, and David A. Basin. 2013. The TAMARIN Prover for the Symbolic Analysis of Security Protocols. In Proc. CAV.

[44]

Charlie Miller and Chris Valasek. 2015. Remote exploitation of an unaltered passenger vehicle. Black Hat USA (2015).

[45]

NIST NSRC. 2021 a. Benchmarking Round 2 Candidates on Microcontrollers. https://tinyurl.com/vy8udwm4.

[46]

NIST NSRC. 2021 b. Lightweight Cryptography | NSRC. https://tinyurl.com/5c3wtwxw.

[47]

Adrian Perrig, Ran Canetti, Dawn Song, Professor Doug Tygar, and Bob Briscoe. 2005. Timed Efficient Stream Loss-Tolerant Authentication (TESLA): Multicast Source Authentication Transform Introduction. RFC 4082. https://rfc-editor.org/rfc/rfc4082.txt

[48]

Adrian Perrig, Ran Canetti, Dawn Xiaodong Song, and J. D. Tygar. 2001. Efficient and Secure Source Authentication for Multicast. In Proc. NDSS.

[49]

Adrian Perrig, Ran Canetti, J Doug Tygar, and Dawn Song. 2002. The TESLA broadcast authentication protocol. Rsa Cryptobytes (2002).

[50]

Adrian Perrig, Ran Canetti, J. D. Tygar, and Dawn Xiaodong Song. 2000. Efficient Authentication and Signing of Multicast Streams over Lossy Channels. In Proc. IEEE S&P.

[51]

Mert D Pesé, Jay W Schauer, Junhui Li, and Kang G Shin. 2021. S2-CAN: Sufficiently Secure Controller Area Network. In Proc. ACSAC.

Digital Library

[52]

Eric Rescorla. 2018. The Transport Layer Security (TLS) Protocol Version 1.3. RFC 8446. https://rfc-editor.org/rfc/rfc8446.txt

[53]

Eric Rescorla and Nagendra Modadugu. 2012. Datagram Transport Layer Security Version 1.2. RFC 6347. https://rfc-editor.org/rfc/rfc6347.txt

[54]

Ronald L Rivest, Adi Shamir, and David A Wagner. 1996. Time-lock puzzles and timed-release crypto. (1996).

[55]

NXP Semiconductors. 2018. MPC5748G Microcontroller Data Sheet. https://tinyurl.com/sna8mm4h.

[56]

NXP Semiconductors. 2019. MPC-LS-VNP-RDB Fact Sheet. https://www.nxp.com/docs/en/fact-sheet/MPCLSVNPRDBFS.pdf.

[57]

Suratose Tritilanunt. 2010. Performance Evaluation of Non-parallelizable Client Puzzles for Defeating DoS Attacks in Authentication Protocols. In Proc. DBSec.

[58]

Velodyne. 2015. Velodyne LiDAR. https://tinyurl.com/mc2duyeb.

[59]

Haohuang Wen, Qi Alfred Chen, and Zhiqiang Lin. 2020. Plug-N-Pwned: Comprehensive Vulnerability Analysis of OBD-II Dongles as A New Over-the-Air Attack Surface in Automotive IoT. In Proc. USENIX Security.

[60]

Daniel Zelle, Christoph Krauß, Hubert Strauß, and Karsten Schmidt. 2017. On Using TLS to Secure In-Vehicle Networks. In Proc. ARES.

Digital Library

Cited By

Durlik IMiller TKostecka EZwierzewicz ZŁobodzińska A(2024)Cybersecurity in Autonomous Vehicles—Are We Ready for the Challenge?Electronics10.3390/electronics1313265413:13(2654)Online publication date: 6-Jul-2024
https://doi.org/10.3390/electronics13132654
Yi XLi GLi JDing A(2024)RepFTI: Representation-Fused Function-Type Inference for Vehicular Secure Software SystemsApplied Sciences10.3390/app1411450214:11(4502)Online publication date: 24-May-2024
https://doi.org/10.3390/app14114502
Jing PCai ZCao YYu LDu YZhang WQian CLuo XNie SWu S(2024)Revisiting Automotive Attack Surfaces: a Practitioners’ Perspective2024 IEEE Symposium on Security and Privacy (SP)10.1109/SP54263.2024.00080(2348-2365)Online publication date: 19-May-2024
https://doi.org/10.1109/SP54263.2024.00080
Show More Cited By

Index Terms

Gatekeeper: A Gateway-based Broadcast Authentication Protocol for the In-Vehicle Ethernet
1. Networks
  1. Network protocols
    1. Network protocol design
2. Security and privacy
  1. Network security
    1. Security protocols

Recommendations

Poster: Post-Quantum Identity-Based Matching Encryption with Revocable Decryption Key
CCS '24: Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security

In recent years, scholars have developed Identity-Based Matching Encryption (IB-ME), which enables both the sender and the receiver to specify identities, ensuring ciphertext confidentiality only when these identities match. Building on this concept, our ...
Modeling inter-signal arrival times for accurate detection of CAN bus signal injection attacks: a data-driven approach to in-vehicle intrusion detection
CISRC '17: Proceedings of the 12th Annual Conference on Cyber and Information Security Research

Modern vehicles rely on hundreds of on-board electronic control units (ECUs) communicating over in-vehicle networks. As external interfaces to the car control networks (such as the on-board diagnostic (OBD) port, auxiliary media ports, etc.) become ...
A performance analysis of IPSec/AH protocol for automotive environment
CompSysTech '15: Proceedings of the 16th International Conference on Computer Systems and Technologies

With increasing the connectivity of today's vehicles it is necessary to consider the security of such communication. This paper deals with the security requirements for in-vehicle network traffic and presents a performance analysis of IPSec/AH protocol ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

ASIA CCS '22: Proceedings of the 2022 ACM on Asia Conference on Computer and Communications Security

May 2022

1291 pages

ISBN:9781450391405

DOI:10.1145/3488932

General Chairs:
Yuji Suga
Internet Initiative Japan Inc., Japan
,
Kouichi Sakurai
Kyushu University, Japan
,
Program Chairs:
Xuhua Ding
Singapore Management University, Singapore
,
Kazue Sako
Waseda University, Japan

Copyright © 2022 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 30 May 2022

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

ASIA CCS '22

Sponsor:

SIGSAC

ASIA CCS '22: ACM Asia Conference on Computer and Communications Security

May 30 - June 3, 2022

Nagasaki, Japan

Acceptance Rates

Overall Acceptance Rate 418 of 2,322 submissions, 18%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

7
Total Citations
View Citations
432
Total Downloads

Downloads (Last 12 months)109
Downloads (Last 6 weeks)16

Reflects downloads up to 06 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Durlik IMiller TKostecka EZwierzewicz ZŁobodzińska A(2024)Cybersecurity in Autonomous Vehicles—Are We Ready for the Challenge?Electronics10.3390/electronics1313265413:13(2654)Online publication date: 6-Jul-2024
https://doi.org/10.3390/electronics13132654
Yi XLi GLi JDing A(2024)RepFTI: Representation-Fused Function-Type Inference for Vehicular Secure Software SystemsApplied Sciences10.3390/app1411450214:11(4502)Online publication date: 24-May-2024
https://doi.org/10.3390/app14114502
Jing PCai ZCao YYu LDu YZhang WQian CLuo XNie SWu S(2024)Revisiting Automotive Attack Surfaces: a Practitioners’ Perspective2024 IEEE Symposium on Security and Privacy (SP)10.1109/SP54263.2024.00080(2348-2365)Online publication date: 19-May-2024
https://doi.org/10.1109/SP54263.2024.00080
Oh SDo YLee MKim JJeon J(2023)Performance Enhancement of CAN/Ethernet Automotive Gateway with a CAN Data Reduction AlgorithmElectronics10.3390/electronics1213277712:13(2777)Online publication date: 22-Jun-2023
https://doi.org/10.3390/electronics12132777
Han MKwak BKim H(2023)TOW-IDS: Intrusion Detection System Based on Three Overlapped Wavelets for Automotive EthernetIEEE Transactions on Information Forensics and Security10.1109/TIFS.2022.322189318(411-422)Online publication date: 2023
https://doi.org/10.1109/TIFS.2022.3221893
Jianjun Z(2023)A Novel Cross Validated Information Security Framework for Digital Information Systems2023 International Conference on Inventive Computation Technologies (ICICT)10.1109/ICICT57646.2023.10134138(1133-1138)Online publication date: 26-Apr-2023
https://doi.org/10.1109/ICICT57646.2023.10134138
Shibly KHossain MInoue HTaenaka YKadobayashi Y(2023)A Feature-Aware Semi-Supervised Learning Approach for Automotive Ethernet2023 IEEE International Conference on Cyber Security and Resilience (CSR)10.1109/CSR57506.2023.10224976(426-431)Online publication date: 31-Jul-2023
https://doi.org/10.1109/CSR57506.2023.10224976
Chen SLiu JLi MWang LLiu JYang J(2023)Research on verification method of Gatekeeper model of Internet of Vehicles protocol for time constraints2023 IEEE 6th International Conference on Automation, Electronics and Electrical Engineering (AUTEEE)10.1109/AUTEEE60196.2023.10408565(380-383)Online publication date: 15-Dec-2023
https://doi.org/10.1109/AUTEEE60196.2023.10408565

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten