Abstract
Security in vehicular networks established itself as a highly active research area in the last few years. However, there are only a few results so far on assuring security for communication buses inside vehicles. Here we advocate the use of a protocol based entirely on simple symmetric primitives that takes advantage of two interesting procedures which we call key splitting and MAC mixing. Rather than achieving authentication independently for each node, we split authentication keys between groups of multiple nodes. This leads to a more efficient progressive authentication that is effective especially in the case when compromised nodes form only a minority and we believe such an assumption to be realistic in automotive networks. To gain more security we also account an interesting construction in which message authentication codes are amalgamated using systems of linear equations. We study several protocol variants which are extremely flexible allowing different trade-offs on bus load, computational cost and security level. Experimental results are presented on state-of-the-art Infineon TriCore controllers which are contrasted with low end controllers with Freescale S12X cores, all these devices are wide spread in the automotive industry. Finally, we discuss a completely backward compatible solution based on CAN+, a recent improvement of CAN.
Access provided by Autonomous University of Puebla. Download to read the full chapter text
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Bar-El, H.: Intra-vehicle information security framework. In: Proceedings of 9th Embedded Security in Cars Conference, ESCAR (2009)
Chan, H., Perrig, A., Song, D.X.: Random key predistribution schemes for sensor networks. In: 2003 Proceedings of the Symposium on Security and Privacy, pp. 197–213. IEEE (2003)
Charlap, L.S., Rees, H.D., Robbins, D.P.: The asymptotic probability that a random biased matrix is invertible. Discrete Mathematics 82(2), 153–163 (1990)
Checkoway, S., McCoy, D., Kantor, B., Anderson, D., Shacham, H., Savage, S., Koscher, K., Czeskis, A., Roesner, F., Kohno, T.: Comprehensive experimental analyses of automotive attack surfaces. In: USENIX Security 2011 (2011)
Fiat, A., Naor, M.: Broadcast Encryption. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 480–491. Springer, Heidelberg (1994)
Groza, B., Murvay, P.-S.: Higher layer authentication for broadcast in Controller Area Networks. In: International Conference on Security and Cryptography, SECRYPT (2011)
Koscher, K., Czeskis, A., Roesner, F., Patel, S., Kohno, T., Checkoway, S., McCoy, D., Kantor, B., Anderson, D., Shacham, H., Savage, S.: Experimental security analysis of a modern automobile. In: 2010 IEEE Symposium on Security and Privacy, SP, pp. 447–462 (May 2010)
Naor, M., Pinkas, B.: Threshold Traitor Tracing. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 502–517. Springer, Heidelberg (1998)
Perrig, A., Canetti, R., Song, D.X., Tygar, J.D.: SPINS: Security protocols for sensor networks. In: Seventh Annual ACM International Conference on Mobile Computing and Networks, MobiCom 2001, pp. 189–199 (2001)
Perrig, A., Canetti, R., Tygar, J.D., Song, D.X.: Efficient authentication and signing of multicast streams over lossy channels. In: IEEE Symposium on Security and Privacy, pp. 56–73 (2000)
Roeder, T., Pass, R., Schneider, F.: Multi-verifier signatures. Journal of Cryptology 25(2), 310–348 (2012)
Van Herrewege, A., Singelee, D., Verbauwhede, I.: CANAuth-a simple, backward compatible broadcast authentication protocol for CAN bus. In: 9th Embedded Security in Cars Conference (2011)
Wolf, M., Weimerskirch, A., Paar, C.: Secure in-vehicle communication. In: Embedded Security in Cars, pp. 95–109 (2006)
Ziermann, T., Wildermann, S., Teich, J.: CAN+: A new backward-compatible Controller Area Network (CAN) protocol with up to 16x higher data rates. In: DATE, pp. 1088–1093. IEEE (2009)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Groza, B., Murvay, S., van Herrewege, A., Verbauwhede, I. (2012). LiBrA-CAN: A Lightweight Broadcast Authentication Protocol for Controller Area Networks. In: Pieprzyk, J., Sadeghi, AR., Manulis, M. (eds) Cryptology and Network Security. CANS 2012. Lecture Notes in Computer Science, vol 7712. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-35404-5_15
Download citation
DOI: https://doi.org/10.1007/978-3-642-35404-5_15
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-35403-8
Online ISBN: 978-3-642-35404-5
eBook Packages: Computer ScienceComputer Science (R0)