The Study of Secure CAN Communication for Automotive Applications 2017-01-1658

Cyber security is becoming increasingly critical in the car industry. Not only the entry points to the external world in the car need to be protected against potential attack, but also the on-board communication in the car require to be protected against attackers who may try to send unauthorized CAN messages. However, the current CAN network was not designed with security in mind. As a result, the extra measures have to be taken to address the key security properties of the secure CAN communication, including data integrity, authenticity, confidentiality and freshness. While integrity and authenticity can be achieved by using a relatively straightforward algorithms such as CMAC (Cipher-based Message Authentication Code) and Confidentiality can be handled by a symmetric encryption algorithm like AES128 (128-bit Advanced Encryption Standard), it has been recognized to be more challenging to achieve the freshness of CAN message. There has been a lot of research work on this topic in the past few years, however how to synchronize the CAN bus communication session upon each power-on of the car, has not been looked into thoroughly and evaluated in details.

A deeper look into the freshness and synchronization method is carried out in this paper. It firstly analyzes two ways to address the issue of “freshness of CAN message”, which are time-stamp-based and frame-counter-based respectively. A method with freshness values is then proposed to synchronize across multiple ECUs. Furthermore, it also shows the frame-counter-based approach is more ideal to meet automotive requirements with less complexity and communication payload overhead. In addition, the implementation and test of this approach are presented in the following part, in which the simulated replay attacks are detected and prevented successfully. Finally the limitations of the frame-counter approach are discussed and the further research plan is outlined. Such work is carried out on a hardware platform centered with Infineon 32-bit microcontrollers, i.e. AURIXTM TC234LP, which has an embedded HSM, i.e. Hardware Security Module.