The Journal of the Institute of Internet, Broadcasting and Communication (한국인터넷방송통신학회논문지)

The Institute of Internet, Broadcasting and Communication (한국인터넷방송통신학회)
권호 표지
DOI QR코드

DOI QR Code

Usage Techniques of a Truncated Message Authentication Code for In-Vehicle Controller Area Network

자동차 내부 네트워크를 위한 경량 메시지 인증 코드 사용기법

  • Received : 2017.05.25
  • Accepted : 2017.12.08
  • Published : 2017.12.31
Download PDF
⟨ Previous Next ⟩

Abstract

Recently, the most brand new vehicles contain a lot of ECU for comfortable and safety driving environments. For efficient communication network among ECUs, almost car manufactures use CAN protocol which enables to decrease the number of communication lines dramatically and ensures higher data transmission reliability. However, CAN dose not ensure authentication of CAN data frame. So it is vulnerable to replay-attack on CAN data frame. This paper proposes the practical message authentication technique for In-vehicle CAN. To transmit data and MAC together, it is very useful to use the short length of MAC after considering limited space of CAN data frame. However to ensure safety of MAC, additional technique is required. We suggested a message authentication technique that can be usefully applied to build a safety network inside the vehicle because it considers limited data payload of CAN.

대부분의 최신 자동차들은 편안하고 안전한 운전 환경을 위해 다양한 종류의 ECU들을 탑재하고 있다. ECU들 사이의 효율적인 통신을 위해 대부분의 자동차 제조사들은 Controller Area Network(CAN) 프로토콜을 사용하고 있다. 그러나 CAN은 데이터 인증을 제공하지 않는다. 이러한 취약점 때문에 CAN은 메시지 재생공격에 취약하다. 본 논문은 자동차 내부 네트워크에 적용 가능한 현실적인 메시지 인증 기법을 제안한다. CAN 데이터 프레임의 제한적인 공간을 고려하여, 데이터와 메시지 인증 코드 (MAC)를 동시에 전송하기 위해서는 짧은 길이의 MAC을 사용하는 것이 가장 적합하다. 그러나 짧은 길이의 MAC은 암호학적 안전성을 충분히 보장하지 않기 때문에 안전성을 보장하기 위한 추가적인 조치가 필요하다. 본 연구에서 제안한 메시지 인증 기술은 CAN의 제한된 데이터 페이로드를 고려하기 때문에 차량 내부의 안전한 네트워크를 설치하는데 유용하게 활용될 수가 있다.

Keywords

References

  1. A. Saad and U. Weinmann, "Automotive software engineering and concepts," in GI Jahrestagung, pp. 318-319, Frankfurt, Germany, September-October 2003.
  2. Dongwon Kim, "Traffic Information Service, Inter-Vehicle Communication," The International Journal of Internet, Broadcasting and Communication VOL. 12 No. 3, June, 2012.
  3. M. Wolf, A. Weimerskirch, and C. Paar, "Security in Automotive Bus Systems," in Proceedings of ESCAR 04, 2004.
  4. R. Charette, "This car runs on code," Online: http://www.spectrum.ieee.org/feb09/7649, Feb. 2009.
  5. T. Nolte, H. Hansson and L.L. Bello, "Automotive communications-past, current and future," in Proceedings of ETFA(Emerging Technologies and Factory Automation), 2005. DOI: 10.1109/ETFA.2005.1612631
  6. K.H. Johansson, M. Torngren, L. Nielsen, "Vehicle applications of controller area network," D. Hristu-Varsakelis, W.S. Levine (Eds.), Handbook of Networked and Embedded Control Systems, Springer (2005) ISBN: 0-8176-3239-5
  7. CAN in Automation. Webpage, 2004. www.can-cia.org.
  8. BOSCH CAN. Webpage, 2004. www.can.bosch.com.
  9. Tobias Hoppe and Jana Dittman. "Sniffing/Replay Attacks on CAN Buses: A simulated attack on the electric window lift classified using an adapted CERT taxonomy". In Proceedings of the 2nd Workshop on Embedded Systems Security (WESS), Salzburg, Austria, 2007.
  10. Hoppe T, Kiltz S, Dittmann J. "Security threats to automotive CAN networks-practical examples and selected short-term countermeasures," Reliability Engineering & System Safety, Accepted Manuscript, Available online 5 July 2010, in press DOI: 10.1016/j.ress.2010.06.026
  11. Nilsson, D.K., Larson, U.E., Jonsson, E.: Efficient In-Vehicle Delayed Data Authentication based on Compound Message Authentication Codes. In: Proceedings of the IEEE 68th Vehicular Technology Conference (VTC2008-Fall) (2008) DOI: 10.1109/VETECF.2008.259
  12. D. K. Nilsson and U. E. Larson, "Secure Firmware Updates over the Air in Intelligent Vehicles," in Proceedings of the First IEEE Vehicular Networking & Applications Workshop (Vehi-Mobi). IEEE, 2008, pp. 380-384. DOI: 10.1109/ICCW.2008.78
  13. K. Koscher, A. Czeskis, F. Roesner, S. Patel, T. Kohno, S. Checkoway, D. McCoy, B. Kantor, D. Anderson, H. Shacham, and S. Savage. Experimental security analysis of a modern automobile. The IEEE Symposium on Security and Privacy, Oakland, CA, May 16-19, 2010. DOI: 10.1109/SP.2010.34
  14. S. Checkoway, D. McCoy, D. Anderson, B. Kantor, H. Shacham, S. Savage, K. Koscher, A. Czeskis, F. Roesner, and T. Kohno. "Comprehensive experimental analyses of automotive attack surfaces." In D. Wagner, ed., Proceedings of USENIX Security 2011. USENIX, Aug. 2011.
  15. Sun Jin Oh "An Anomaly Detection Method for the Security of VANETs", The International Journal of Internet, Broadcasting and Communication, vol. 10, no. 2, pp 77-83, April. 2010.
  16. W. Samuel, J. HyoJin, and L. DongHoon "A Practical Wireless Attack on the Connected Car and Security Protocol for In-vehicle CAN", IEEE Trans, Intelligent Transportation Systems, vol. 16, no. 2, pp 993-1006,IEEE, 2015. DOI: 10.1109/TITS.2014.2351612
  17. D. K. Nilsson and Larson, U.E.: "Conducting Forensic Investigations of Cyber Attacks on Automobile In-Vehicle Networks. In: Proceedings of the First ACM International Conference on Forensic Applications and Techniques in Telecommunications, Information and Multimedia (e-Forensics). ACM Press, New York (2008)
  18. S. You, M. Krage, and L. Jalics, "Overview of Remote Diagnosis and Maintenance for Automotive Systems", in 2005 SAE World Congress, Detroit, MI, USA, 2005. DOI: 10.4271/2005-01-1428
  19. Pierre Kleberger, Tomas Olovsson, and Erland Jonsson, "Security Aspects of the In-Vehicle Network in the Connected Car," EEE Intelligent Vehicles Symposium (IV), Baden-Baden, Germany, June 5-9, 2011
  20. Black, J., Cochran, M. "MAC Reforgeability", FSE 2009. LNCS, vol. 5665, pp. 345-362. Springer, Heidelberg
  21. Yasuda, K.: Multilane HMAC-security beyond the birthday limit. INDOCRYPT 2007. LNCS, vol. 4859, pp. 18-32. 2007