Browse Publications Technical Papers 2019-01-0098

Optimizing CAN Bus Security with In-Place Cryptography 2019-01-0098

Today’s vehicles rely on multiple interconnected networks of Electronic Control Units (ECUs) that govern almost every automotive function - from engine timing and traction control to side-mirror adjustment and GPS. In-vehicle networks used for inter-ECU communication, most commonly the CAN bus, were not designed with cybersecurity in mind, and as a result, communication by corrupt devices connected to the bus is not authenticated.
A multitude of attack vectors allow attackers to control a device on the bus; reports abound of successful hacking of vehicles, by exploiting vulnerable devices and by spoofing messages.
Such remote-connectivity and physical-access exploit types must be prevented, to mitigate the threats of impersonation, eavesdropping, replay and reversing.
We present the IVAS, In-Vehicle Authentication Scheme. IVAS is an in-place cryptographic scheme: the first CAN messaging solution to ensure both authentication and confidentiality without additional data such as authentication tags.
When adequate encryption is used, an adversary’s chances of successfully injecting a spoofed message are equal to the chances for a random message. There is a need for a validation method that deterministically differentiates between random messages and legitimate CAN commands.
We take advantage of both static and dynamic redundancy existing in CAN bus traffic, eliminating the need for extra bandwidth.
A mathematical proof of the security level of our AE (Authenticated Encryption) scheme is presented, showing that both confidentiality and authenticity are included.
No changes to the application code, protocol or chipset are entailed, and runtime key exchange is not required. In addition, any type of serial data bus can be secured by IVAS, so that varied ECUs can work together.
The IVAS solution for securing the CAN bus stands out in its ability to authenticate sender integrity and data integrity, blocking malicious messages without adding payloads.


Subscribers can view annotate, and download all of SAE's content. Learn More »


Members save up to 16% off list price.
Login to see discount.
Special Offer: Download multiple Technical Papers each year? TechSelect is a cost-effective subscription option to select and download 12-100 full-text Technical Papers per year. Find more information here.
We also recommend:

Securing the On-Board Diagnostics Port (OBD-II) in Vehicles


View Details


A Controller Area Network Bus Identity Authentication Method Based on Hash Algorithm


View Details


Assuring Vehicle Update Integrity Using Asymmetric Public Key Infrastructure (PKI) and Public Key Cryptography (PKC)


View Details