HIGHER LAYER AUTHENTICATION FOR BROADCAST IN CONTROLLER AREA NETWORKS

Bogdan Groza, Pal-Stefan Murvay

2011

Abstract

Controller Area Network (CAN) is a bus commonly used by controllers. The traditional view assumes that controllers operate in secure perimeters, but, as the degree of interconnectivity with the outside world increases, these networks may become open to intruders and CAN has no protection against Dolev-Yao adversaries. For this purpose one can implement security on higher layers. Here we design and implement a broadcast authentication protocol based on the well known paradigm of using one-way chains and time synchronization. In this way we can benefit from the use of symmetric primitives without the need of secret shared keys. As process control is a time critical operation, different to sensor networks where the life-time of the node is potentially the main limitation, here the authentication delay is the main optimization criteria. Several trade-offs are studied for this purpose in order to alleviate shortcomings on computational speed, memory, bandwidth and to assure a uniform bus-load. As for the experimental setup, we used S12 microcontrollers from Freescale to implement the proposed solution. To speed up cryptographic operations we also make use of the XGATE co-processor available on S12X.

References

  1. Anderson, R., Bergadano, F., Crispo, B., Lee, J.-H., Manifavas, C., and Needham, R. (1998). A new family of authentication protocols. SIGOPS Oper. Syst. Rev., 32:9-20.
  2. Anderson, R., Bergadano, F., Crispo, B., Lee, J.-H., Manifavas, C., and Needham, R. (1998). A new family of authentication protocols. SIGOPS Oper. Syst. Rev., 32:9-20.
  3. Bergadano, F., Cavagnino, D., and Crispo, B. (2002). Individual authentication in multiparty communications. Computers & Security, 21(8):719 - 735.
  4. Bergadano, F., Cavagnino, D., and Crispo, B. (2002). Individual authentication in multiparty communications. Computers & Security, 21(8):719 - 735.
  5. BOSCH (1991). CAN Specification Version 2.0. Robert BOSCH GmbH.
  6. BOSCH (1991). CAN Specification Version 2.0. Robert BOSCH GmbH.
  7. Charzinski, J. (1994). Performance of the error detection mechanisms in can. In Proceedings of the 1st International CAN Conference, pages 20-29.
  8. Charzinski, J. (1994). Performance of the error detection mechanisms in can. In Proceedings of the 1st International CAN Conference, pages 20-29.
  9. Freescale (2004). MC9S12XDP512 Data Sheet, Rev. 2.21, October 2009. Freescale.
  10. Freescale (2004). MC9S12XDP512 Data Sheet, Rev. 2.21, October 2009. Freescale.
  11. ISO (2003). ISO 11898-1. Road vehicles - Controller area network (CAN) - Part 1: Controller area network data link layer and medium access control. International Organization for Standardization.
  12. ISO (2003). ISO 11898-1. Road vehicles - Controller area network (CAN) - Part 1: Controller area network data link layer and medium access control. International Organization for Standardization.
  13. ISO (2004). ISO 11898-4. Road vehicles - Controller area network (CAN) - Part 4: Time triggered communication. International Organization for Standardization.
  14. ISO (2004). ISO 11898-4. Road vehicles - Controller area network (CAN) - Part 4: Time triggered communication. International Organization for Standardization.
  15. Koscher, K., Czeskis, A., Roesner, F., Patel, S., Kohno, T., Checkoway, S., McCoy, D., Kantor, B., Anderson, D., Shacham, H., and Savage, S. (2010). Experimental security analysis of a modern automobile. In Security and Privacy (SP), 2010 IEEE Symposium on, pages 447 -462.
  16. Koscher, K., Czeskis, A., Roesner, F., Patel, S., Kohno, T., Checkoway, S., McCoy, D., Kantor, B., Anderson, D., Shacham, H., and Savage, S. (2010). Experimental security analysis of a modern automobile. In Security and Privacy (SP), 2010 IEEE Symposium on, pages 447 -462.
  17. Lamport, L. (1981). Password authentication with insecure communication. Commun. ACM, 24:770-772.
  18. Lamport, L. (1981). Password authentication with insecure communication. Commun. ACM, 24:770-772.
  19. Lemke, K., Paar, C., and Wolf, M. (2006). Embedded Security in Cars Securing Current and Future Automotive IT Applications. Springer Verlag.
  20. Lemke, K., Paar, C., and Wolf, M. (2006). Embedded Security in Cars Securing Current and Future Automotive IT Applications. Springer Verlag.
  21. Liu, D. and Ning, P. (2003). Efficient distribution of key chain commitments for broadcast authentication in distributed sensor networks. In Proc. of the 10th Annual Network and Distributed System Security Symposium, pages 263-276.
  22. Liu, D. and Ning, P. (2003). Efficient distribution of key chain commitments for broadcast authentication in distributed sensor networks. In Proc. of the 10th Annual Network and Distributed System Security Symposium, pages 263-276.
  23. Liu, D. and Ning, P. (2004). Multilevel µtesla: Broadcast authentication for distributed sensor networks. ACM Trans. Embed. Comput. Syst., 3:800-836.
  24. Liu, D. and Ning, P. (2004). Multilevel µtesla: Broadcast authentication for distributed sensor networks. ACM Trans. Embed. Comput. Syst., 3:800-836.
  25. Macchetti, M. and Rivard, P. (2005). Small-scale variants of the secure hash standard. In ECRYPT workshop on RFID and lightweight cryptography.
  26. Macchetti, M. and Rivard, P. (2005). Small-scale variants of the secure hash standard. In ECRYPT workshop on RFID and lightweight cryptography.
  27. Mitchell, R. (2004). Tutorial: Introducing the XGATE Module to Consumer and Industrial Application Developers, March 2006. Freescale.
  28. Mitchell, R. (2004). Tutorial: Introducing the XGATE Module to Consumer and Industrial Application Developers, March 2006. Freescale.
  29. Perrig, A., Canetti, R., Song, D., and Tygar, J. D. (2001a). Efficient and secure source authentication for multicast. In Network and Distributed System Security Symposium, NDSS 7801, pages 35-46.
  30. Perrig, A., Canetti, R., Song, D., and Tygar, J. D. (2001a). Efficient and secure source authentication for multicast. In Network and Distributed System Security Symposium, NDSS 7801, pages 35-46.
  31. Perrig, A., Canetti, R., Song, D., and Tygar, J. D. (2001b). Spins: Security protocols for sensor networks. In Seventh Annual ACM International Conference on Mobile Computing and Networks (MobiCom 2001), pages 189-199.
  32. Perrig, A., Canetti, R., Song, D., and Tygar, J. D. (2001b). Spins: Security protocols for sensor networks. In Seventh Annual ACM International Conference on Mobile Computing and Networks (MobiCom 2001), pages 189-199.
  33. Perrig, A., Canetti, R., Tygar, J., and Song, D. X. (2000). Efficient authentication and signing of multicast streams over lossy channels. In IEEE Symposium on Security and Privacy, pages 56-73.
  34. Perrig, A., Canetti, R., Tygar, J., and Song, D. X. (2000). Efficient authentication and signing of multicast streams over lossy channels. In IEEE Symposium on Security and Privacy, pages 56-73.
  35. Steurer, M. E. (2006). Multicollision attacks on iterated hash functions. Technical report.
  36. Steurer, M. E. (2006). Multicollision attacks on iterated hash functions. Technical report.
Download


Paper Citation


in Harvard Style

Groza B. and Murvay P. (2011). HIGHER LAYER AUTHENTICATION FOR BROADCAST IN CONTROLLER AREA NETWORKS . In Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2011) ISBN 978-989-8425-71-3, pages 188-197. DOI: 10.5220/0003522201880197


in Harvard Style

Groza B. and Murvay P. (2011). HIGHER LAYER AUTHENTICATION FOR BROADCAST IN CONTROLLER AREA NETWORKS . In Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2011) ISBN 978-989-8425-71-3, pages 188-197. DOI: 10.5220/0003522201880197


in Bibtex Style

@conference{secrypt11,
author={Bogdan Groza and Pal-Stefan Murvay},
title={HIGHER LAYER AUTHENTICATION FOR BROADCAST IN CONTROLLER AREA NETWORKS},
booktitle={Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2011)},
year={2011},
pages={188-197},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0003522201880197},
isbn={978-989-8425-71-3},
}


in Bibtex Style

@conference{secrypt11,
author={Bogdan Groza and Pal-Stefan Murvay},
title={HIGHER LAYER AUTHENTICATION FOR BROADCAST IN CONTROLLER AREA NETWORKS},
booktitle={Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2011)},
year={2011},
pages={188-197},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0003522201880197},
isbn={978-989-8425-71-3},
}


in EndNote Style

TY - CONF
JO - Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2011)
TI - HIGHER LAYER AUTHENTICATION FOR BROADCAST IN CONTROLLER AREA NETWORKS
SN - 978-989-8425-71-3
AU - Groza B.
AU - Murvay P.
PY - 2011
SP - 188
EP - 197
DO - 10.5220/0003522201880197


in EndNote Style

TY - CONF
JO - Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2011)
TI - HIGHER LAYER AUTHENTICATION FOR BROADCAST IN CONTROLLER AREA NETWORKS
SN - 978-989-8425-71-3
AU - Groza B.
AU - Murvay P.
PY - 2011
SP - 188
EP - 197
DO - 10.5220/0003522201880197