Visible to the public AuthentiCAN: a Protocol for Improved Security over CAN

TitleAuthentiCAN: a Protocol for Improved Security over CAN
Publication TypeConference Paper
Year of Publication2020
AuthorsMarasco, E. O., Quaglia, F.
Conference Name2020 Fourth World Conference on Smart Trends in Systems, Security and Sustainability (WorldS4)
Date Publishedjul
Keywordsactual data sources, actuator, actuator security, actuators, added security features, authentication, authetication methods, called AuthentiCAN, CAN-FD, car manufacturers, composability, compromised devices, computer network security, continuous progress, controller area network, controller area networks, cryptographic protocols, data confidentiality, data-unit transfer, destination ECUs, different ECUs, efficient networks, electronic control units, electronic equipments, Encryption, encryption system, fast protocols, Human Behavior, improved security, latest infotainment technologies, malicious frames, Metrics, mobile phones, modern cars work, Protocols, pubcrawl, Public key, Receivers, reliable networks, Resiliency, road safety, security risk, sensor data, simple networks, synergic manner, user interactions, vehicular ad hoc networks, vehicular protocol
AbstractThe continuous progress of electronic equipments has influenced car manufacturers, leading to the integration of the latest infotainment technologies and providing connection to external devices, such as mobile phones. Modern cars work with ECUs (Electronic Control Units) that handle user interactions and sensor data, by also sending information to actuators using simple, reliable and efficient networks with fast protocols, like CAN (Controller Area Network). This is the most used vehicular protocol, which allows interconnecting different ECUs, making them interact in a synergic manner. On the down side, there is a security risk related to the exposition of malicious ECU's frames-possibly generated by compromised devices-which can lead to the possibility to remote control all the car equipments (like brakes and others) by an attacker. We propose a solution to this problem, designing an authentication and encryption system above CAN, called AuthentiCAN. Our proposal is tailored for the evolution of CAN called CAN-FD, and avoids the possibility for an attacker to inject malicious frames that are not discarded by the destination ECUs. Also, we avoid the possibility for an attacker to learn the interactions that occur across ECUs, with the objective of maliciously replaying messages-which would lead the actuator's logic to be no longer compliant with the actual data sources. We also present a simulation study of our solution, where we provide an assessment of its overhead, e.g. in terms of reduction of the throughput of data-unit transfer over CAN-FD, caused by the added security features.
Citation Keymarasco_authentican_2020