LiBrA-CAN: A Lightweight Broadcast Authentication Protocol for Controller Area Networks

Security in vehicular networks established itself as a highly active research area in the last few years. However, there are only a few results so far on assuring security for communication buses inside vehicles. Here we advocate the use of a protocol based entirely on simple symmetric primitives that takes advantage of two interesting procedures which we call key splitting and MAC mixing. Rather than achieving authentication independently for each node, we split authentication keys between groups of multiple nodes. This leads to a more efficient progressive authentication that is effective especially in the case when compromised nodes form only a minority and we believe such an assumption to be realistic in automotive networks. To gain more security we also account an interesting construction in which message authentication codes are amalgamated using systems of linear equations. We study several protocol variants which are extremely flexible allowing different trade-offs on bus load, computational cost and security level. Experimental results are presented on state-of-the-art Infineon TriCore controllers which are contrasted with low end controllers with Freescale S12X cores, all these devices are wide spread in the automotive industry. Finally, we discuss a completely backward compatible solution based on CAN+, a recent improvement of CAN. 1 Motivation and related work Vehicular network security established itself as an intense research topic in the last few years. Remarkable research papers from Koscher et al. [7] and later Checkoway et al. [4] showed vehicles to be easy targets for malicious adversaries. While most of previous research was focused on vehicle to vehicle and vehicle to infrastructure communication there seem to be only a few results for assuring security on communication buses inside vehicles. There are several reasons behind this. First, the relevance of security inside vehicles was decisively shown only in the last two years [7], [4]. Second, the design principles used by manufacturers are somewhat out of reach for the academic community, being hard in this way to understand many assertions behind protocol design. Third, which is relevant for our research here, intra-vehicle communication is subject to constraints and specifications that are quite different from other well studied protocols. Most of the approaches advocate the use of secure gateways between different ECUs (Electronic Control Unit) or subnetworks [1], [13] and rely on basic building blocks from cryptography (encryptions, signatures, etc.). However, none of these approaches is meant specifically for assuring broadcast authentication on CAN which is still the most common communication bus in automotives. In this respect two main results in assuring CAN security can be found so far, one of them is based on the well known TESLA protocol [6] and the other proposes a new paradigm which closely follows CAN specifications [12]. Van Herrewege et al. [12] design their protocol from scratch and clearly note that the constraints of CAN ”eliminate all the authentication protocols published so far”. We do agree with this conclusion in the sense that we believe that standard authentication approaches, may cover only some of the application areas for CAN and new approaches (even non-standard) are needed. Previous proposals. TESLA like protocols proved to be highly effective in sensor networks [10], [9] and so far are the most efficient alternative for assuring broadcast authentication with efficient Message Authentication Codes (MAC). However, when it comes to CAN bus, this protocol family has one drawback that is critical for automotives: delays, which by the nature of TESLA are unavoidable. The main purpose of the work in [6] is to determine a lower bound on these delays. Delays in the order of milliseconds or below, as shown to be achievable in [6], are satisfactory for many scenarios, but such delays do not appear to be small enough for intra-vehicle communication. There is no obvious way to improve on these delays further. Of course one alternative is in using a bus with a higher throughput, more computational power and better electronic components (e.g., oscillators) but this will greatly increase the cost of components, nullifying in this way the cost effectiveness of CAN. CANAuth [12] is a protocol that has the merit to follow in great detail the specifications of CAN, its security is specifically designed to meet the requirements of the CAN bus. In particular, CANAuth is not intended to achieve source authentication as the authentication is binded to the message IDs and messages may originate from different sources which will be impossible to trace. This fits the specification of CAN which has a message oriented communication. However, a first issue is that the number of CAN IDs is quite high, in the order of hundreds (11 bits) or even millions in the case of extended frames (29 bits) and storing a key for each possible ID does not seem to be so practical. For this purpose, in [12] a clever solution is imagined: the keys are linked with acceptance codes and masks, which fortunately are not numerous. But still, this leads to some security concerns as we discuss next. Traditionally, keys are associated to entities to ensure that they are not impersonated by adversaries, but the effect of associating keys to messages is less obvious. For example, any external tool (assume On-Board Diagnostics (OBD) tools which are wide spread) that is produced by external third parties will have to embed the keys associated for each ID that it sends over or even just listens on CAN. It is thus unclear which keys can be shared with different manufacturers and how or what are the security outcomes for this. Obviously, if a third party device, even an innocuous one designed just as passive receiver, is easier to compromise then all the IDs which it was allowed to send or just receive are equally compromised. Our proposal. We take advantage of a progressive authentication mechanism, by which only a few bits of the MAC are revealed in each packet to each verifier, and each part of the MAC can be verified by more than one receiver. To achieve this flexible authentication mechanism we base our proposal on two paradigms: key splitting and MAC mixing, the later being an optional procedure to increase security by allowing any node to detect a potential forgery. Key splitting allows a higher entropy for each mixed MAC that is sent at the cost of loosing some security for groups that contain malicious nodes. In scenarios with high number of nodes, an adversarial majority will be required to break the protocol, while if there are fewer adversarial nodes, the security level is drastically increased. Consequently, this appears to give a flexible and efficient trade-off. This procedure is not new, similar techniques were proposed in the past in the context of broadcast encryption. We could trace this back up to the work of Fiat and Naor [5] but there is a high amount of papers on this subject. However, the constraints of our application in CAN networks are entirely different from related work where this procedure was suggested or used in scenarios such as sensor networks [2], pay-tv [8], etc. The main idea behind such schemes is that groups of k corrupted receivers cannot learn the secret (in settings with n > k users). In addition to this we exhibit a distinct contribution in the construction of Linearly Mixed MACs which allow us to amalgamate more authentication codes in one via a system of linear equations. This construction has the advantage that if one of the MACs is wrong then this will affect all other MACs and thus the mixed MAC will fail to verify on any of the multiple keys. This increases the chance of a forgery being detected and ultimately it increases the reliability in front of benign nodes that are in possession of a wrong key. To best of our knowledge this procedure is new. The closest work that we could find are the multi-verifier signatures proposed by Roeder et al. [11]. In their work, linear systems of equations are used as well upon message authentication codes but the security properties and goals of their construction are different. These procedures allow us to design a protocol that is more flexible and efficient. For our setting we assume a reduced number of participants. While indeed ECUs inside cars come from different manufacturers which may or may not be trustworthy, we believe that suspicious ECUs should be limited in number, since the potential insertion of a trapdoor in some component will discredit the public image of the manufacturer too much and it appears to be little or no benefit for this. More, ECUs coming from the same manufacturer should be trustworthy with each other and can use the same shared key (randomly generated at runtime for each (sub)network that they are part of). In this way the number of actual keys needed to assure broadcast security should be more limited than it appears to be on a first sight. In our design we try to take advantage of this assumption, and our approach is more efficient in the case when compromised nodes form only a minority.