Full Program »
Session Key Distribution Made Practical for CAN and CAN-FD Message Authentication
Automotive communication networks, represented by CAN bus, are acclaimed for realizing real-time communication between resource-limited ECUs but often criticized for their lack of security measures. Various attacks have demonstrated that the lack of effective security measures renders an automotive communication network vulnerable to adversarial control that jeopardizes passenger safety. The recent standardization effort led by AUTOSAR has provided general guidelines for developing next-generation automotive communication technologies with built-in security mechanisms. A key security mechanism is message authentication between ECUs for countering message spoofing and replay attack. While various message authentication schemes have been proposed by previous work, the practical issue of session key establishment with AUTOSAR compliance received little attention. In this paper, we fill this gap by proposing a key management architecture which is AUTOSAR-compliant and also takes into account the practical requirements for session key establishment in automotive environments. Based on this architecture, we describe a baseline session key distribution protocol called SKDC that realizes all designed security functionalities, and propose a novel secret sharing-based protocol called SSKT that yields improved communication efficiency. Both protocols are customized for deployment in CAN and CAN-FD bus. We analyze their security under a practical threat model and evaluate their performance with hardware-based simulation. The results demonstrated SSKT's superior performance in computation and communication efficiency as well as overall protocol runtime.