An Attack-Resilient Source Authentication Protocol in Controller Area Network

Ki Dong Kang; Youngmi Baek; Seonghun Lee; Sang Hyuk Son

doi:10.1109/ANCS.2017.25

An Attack-Resilient Source Authentication Protocol in Controller Area Network

Ki Dong Kang, Youngmi Baek, Seonghun Lee, Sang Hyuk Son

Daegu Gyeongbuk Institute of Science and Technology

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

26 Scopus citations

Abstract

While vehicle to everything (V2X) communication enables safety-critical automotive control systems to better support various connected services to improve safety and convenience of drivers, they also allow automotive attack surfaces to increase dynamically in modern vehicles. Many researchers as well as hackers have already demonstrated that they can take remote control of the targeted car by exploiting the vulnerabilities of in-vehicle networks such as Controller Area Networks (CANs). For assuring CAN security, we focus on how to authenticate electronic control units (ECUs) in real-time by addressing the security challenges of in-vehicle networks. In this paper, we propose a novel and lightweight authentication protocol with an attack-resilient tree algorithm, which is based on one-way hash chain. The protocol can be easily deployed in CAN by performing a firmware update of ECU. We have shown analytically that the protocol achieves a high level of security. In addition, the performance of the proposed protocol is validated on CANoe simulator for virtual ECUs and Freescale S12XF used in real vehicles. The results show that our protocol is more efficient than other authentication protocol in terms of authentication time, response time, and service delay.

Original language	English
Title of host publication	Proceedings - 2017 ACM/IEEE Symposium on Architectures for Networking and Communications Systems, ANCS 2017
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	109-118
Number of pages	10
ISBN (Electronic)	9781509063864
DOIs	https://doi.org/10.1109/ANCS.2017.25
State	Published - 30 Jun 2017
Event	13th ACM/IEEE Symposium on Architectures for Networking and Communications Systems, ANCS 2017 - Beijing, China Duration: 18 May 2017 → 19 May 2017

Publication series

Name	Proceedings - 2017 ACM/IEEE Symposium on Architectures for Networking and Communications Systems, ANCS 2017

Conference

Conference	13th ACM/IEEE Symposium on Architectures for Networking and Communications Systems, ANCS 2017
Country/Territory	China
City	Beijing
Period	18/05/17 → 19/05/17

Bibliographical note

Publisher Copyright:
© 2017 IEEE.

Keywords

Controller Area Network
Cyber-Physical Systems (CPS)
authentication
in-vehicle network security

Access to Document

10.1109/ANCS.2017.25

Cite this

Kang, K. D., Baek, Y., Lee, S., & Son, S. H. (2017). An Attack-Resilient Source Authentication Protocol in Controller Area Network. In Proceedings - 2017 ACM/IEEE Symposium on Architectures for Networking and Communications Systems, ANCS 2017 (pp. 109-118). Article 7966910 (Proceedings - 2017 ACM/IEEE Symposium on Architectures for Networking and Communications Systems, ANCS 2017). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/ANCS.2017.25

Kang, Ki Dong ; Baek, Youngmi ; Lee, Seonghun et al. / An Attack-Resilient Source Authentication Protocol in Controller Area Network. Proceedings - 2017 ACM/IEEE Symposium on Architectures for Networking and Communications Systems, ANCS 2017. Institute of Electrical and Electronics Engineers Inc., 2017. pp. 109-118 (Proceedings - 2017 ACM/IEEE Symposium on Architectures for Networking and Communications Systems, ANCS 2017).

@inproceedings{62fd464b524d445b9e6a44f965f1df74,

title = "An Attack-Resilient Source Authentication Protocol in Controller Area Network",

abstract = "While vehicle to everything (V2X) communication enables safety-critical automotive control systems to better support various connected services to improve safety and convenience of drivers, they also allow automotive attack surfaces to increase dynamically in modern vehicles. Many researchers as well as hackers have already demonstrated that they can take remote control of the targeted car by exploiting the vulnerabilities of in-vehicle networks such as Controller Area Networks (CANs). For assuring CAN security, we focus on how to authenticate electronic control units (ECUs) in real-time by addressing the security challenges of in-vehicle networks. In this paper, we propose a novel and lightweight authentication protocol with an attack-resilient tree algorithm, which is based on one-way hash chain. The protocol can be easily deployed in CAN by performing a firmware update of ECU. We have shown analytically that the protocol achieves a high level of security. In addition, the performance of the proposed protocol is validated on CANoe simulator for virtual ECUs and Freescale S12XF used in real vehicles. The results show that our protocol is more efficient than other authentication protocol in terms of authentication time, response time, and service delay.",

keywords = "Controller Area Network, Cyber-Physical Systems (CPS), authentication, in-vehicle network security",

author = "Kang, \{Ki Dong\} and Youngmi Baek and Seonghun Lee and Son, \{Sang Hyuk\}",

note = "Publisher Copyright: {\textcopyright} 2017 IEEE.; 13th ACM/IEEE Symposium on Architectures for Networking and Communications Systems, ANCS 2017 ; Conference date: 18-05-2017 Through 19-05-2017",

year = "2017",

month = jun,

day = "30",

doi = "10.1109/ANCS.2017.25",

language = "English",

series = "Proceedings - 2017 ACM/IEEE Symposium on Architectures for Networking and Communications Systems, ANCS 2017",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "109--118",

booktitle = "Proceedings - 2017 ACM/IEEE Symposium on Architectures for Networking and Communications Systems, ANCS 2017",

}

Kang, KD, Baek, Y, Lee, S & Son, SH 2017, An Attack-Resilient Source Authentication Protocol in Controller Area Network. in Proceedings - 2017 ACM/IEEE Symposium on Architectures for Networking and Communications Systems, ANCS 2017., 7966910, Proceedings - 2017 ACM/IEEE Symposium on Architectures for Networking and Communications Systems, ANCS 2017, Institute of Electrical and Electronics Engineers Inc., pp. 109-118, 13th ACM/IEEE Symposium on Architectures for Networking and Communications Systems, ANCS 2017, Beijing, China, 18/05/17. https://doi.org/10.1109/ANCS.2017.25

An Attack-Resilient Source Authentication Protocol in Controller Area Network. / Kang, Ki Dong; Baek, Youngmi; Lee, Seonghun et al.
Proceedings - 2017 ACM/IEEE Symposium on Architectures for Networking and Communications Systems, ANCS 2017. Institute of Electrical and Electronics Engineers Inc., 2017. p. 109-118 7966910 (Proceedings - 2017 ACM/IEEE Symposium on Architectures for Networking and Communications Systems, ANCS 2017).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - An Attack-Resilient Source Authentication Protocol in Controller Area Network

AU - Kang, Ki Dong

AU - Baek, Youngmi

AU - Lee, Seonghun

AU - Son, Sang Hyuk

PY - 2017/6/30

Y1 - 2017/6/30

N2 - While vehicle to everything (V2X) communication enables safety-critical automotive control systems to better support various connected services to improve safety and convenience of drivers, they also allow automotive attack surfaces to increase dynamically in modern vehicles. Many researchers as well as hackers have already demonstrated that they can take remote control of the targeted car by exploiting the vulnerabilities of in-vehicle networks such as Controller Area Networks (CANs). For assuring CAN security, we focus on how to authenticate electronic control units (ECUs) in real-time by addressing the security challenges of in-vehicle networks. In this paper, we propose a novel and lightweight authentication protocol with an attack-resilient tree algorithm, which is based on one-way hash chain. The protocol can be easily deployed in CAN by performing a firmware update of ECU. We have shown analytically that the protocol achieves a high level of security. In addition, the performance of the proposed protocol is validated on CANoe simulator for virtual ECUs and Freescale S12XF used in real vehicles. The results show that our protocol is more efficient than other authentication protocol in terms of authentication time, response time, and service delay.

AB - While vehicle to everything (V2X) communication enables safety-critical automotive control systems to better support various connected services to improve safety and convenience of drivers, they also allow automotive attack surfaces to increase dynamically in modern vehicles. Many researchers as well as hackers have already demonstrated that they can take remote control of the targeted car by exploiting the vulnerabilities of in-vehicle networks such as Controller Area Networks (CANs). For assuring CAN security, we focus on how to authenticate electronic control units (ECUs) in real-time by addressing the security challenges of in-vehicle networks. In this paper, we propose a novel and lightweight authentication protocol with an attack-resilient tree algorithm, which is based on one-way hash chain. The protocol can be easily deployed in CAN by performing a firmware update of ECU. We have shown analytically that the protocol achieves a high level of security. In addition, the performance of the proposed protocol is validated on CANoe simulator for virtual ECUs and Freescale S12XF used in real vehicles. The results show that our protocol is more efficient than other authentication protocol in terms of authentication time, response time, and service delay.

KW - Controller Area Network

KW - Cyber-Physical Systems (CPS)

KW - authentication

KW - in-vehicle network security

UR - http://www.scopus.com/inward/record.url?scp=85027677325&partnerID=8YFLogxK

U2 - 10.1109/ANCS.2017.25

DO - 10.1109/ANCS.2017.25

M3 - Conference contribution

AN - SCOPUS:85027677325

T3 - Proceedings - 2017 ACM/IEEE Symposium on Architectures for Networking and Communications Systems, ANCS 2017

SP - 109

EP - 118

BT - Proceedings - 2017 ACM/IEEE Symposium on Architectures for Networking and Communications Systems, ANCS 2017

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 13th ACM/IEEE Symposium on Architectures for Networking and Communications Systems, ANCS 2017

Y2 - 18 May 2017 through 19 May 2017

ER -

Kang KD, Baek Y, Lee S , Son SH. An Attack-Resilient Source Authentication Protocol in Controller Area Network. In Proceedings - 2017 ACM/IEEE Symposium on Architectures for Networking and Communications Systems, ANCS 2017. Institute of Electrical and Electronics Engineers Inc. 2017. p. 109-118. 7966910. (Proceedings - 2017 ACM/IEEE Symposium on Architectures for Networking and Communications Systems, ANCS 2017). doi: 10.1109/ANCS.2017.25

An Attack-Resilient Source Authentication Protocol in Controller Area Network

Abstract

Publication series

Conference

Bibliographical note

Keywords

Access to Document

Other files and links

Fingerprint

Cite this