Security in automotive networks: Lightweight authentication and authorization

ACM Transactions on Design Automation of Electronic Systems

Volumn 22, Issue 2, 2017, Pages

  Mundhenk, Philipp ^a   Paverd, Andrew ^b   Mrowca, Artur ^a   Steinhorst, Sebastian ^a   Lukasiewycz, Martin ^a   Fahmy, Suhaib A ^c   Chakraborty, Samarjit ^d  

^a TUM CREATE   (Singapore)

^b AALTO UNIVERSITY   (Finland)

^c UNIVERSITY OF WARWICK   (United Kingdom)

^d TECHNICAL UNIVERSITY OF MUNICH   (Germany)

Author keywords

Authentication; Authorization; Automotive; Lightweight; Security

Indexed keywords

AUTHENTICATION; CRYPTOGRAPHY; FORMAL METHODS; INTERNET PROTOCOLS; LIFE CYCLE; VEHICLES;

AUTHENTICATION AND AUTHORIZATION; AUTHORIZATION; AUTOMOTIVE; COMMUNICATING COMPONENTS; CRYPTOGRAPHIC ALGORITHMS; DISCRETE-EVENT SIMULATORS; LIGHTWEIGHT; SECURITY;

NETWORK SECURITY;

EID: 85017123300     PISSN: 10844309     EISSN: 15577309     Source Type: Journal    
DOI: 10.1145/2960407     Document Type: Article

References (48)

1. L. Ben Othmane, R. Fernando, R. Ranchal, B. Bhargava, and E. Bodden. 2014. Likelihood of threats to connected vehicles. Int. J. Next-Gen. Comput. 5, 3 (Nov. 2014).
2. S. Checkoway, D. McCoy, B. Kantor, D. Anderson, H. Shacham, S. Savage, K. Koscher, A. Czeskis, F. Roesner, and T. Kohno. 2011. Comprehensive experimental analyses of automotive attack surfaces. In Proceedings of USENIX.
3. D. Cooper, S. Santesson, S. Farrell, S. Boeyen, R. Housley, andW. Polk. 2008. RFC 5280: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. Technical Report. Internet Engineering Task Force (IETF). Retrieved from http://tools.ietf.org/html/rfc5280.
4. C. J. F. Cremers. 2008a. The Scyther tool: Verification, falsification, and analysis of security protocols. In Proceedings of the 20th International Conference on Computer Aided Verification (CAV'08). (Lecture Notes in Computer Science), Vol. 5123/2008. Springer, 414-418. DOI:http://dx.doi.org/10.1007/978-3-540-70545-1-38
5. C. J. F. Cremers. 2008b. Unbounded verification, falsification, and characterization of security protocols by pattern refinement. In Proceedings of the 15th ACM Conference on Computer and Communications Security (CCS'08). ACM, New York, NY, 119-128. DOI:http://dx.doi.org/10.1145/1455770.1455787
6. T. Dierks and E. Rescorla. 2008. The Transport Layer Security (TLS) Protocol Version 1.2. Number 5246 in Request for Comments. IETF. Retrieved from http://www.ietf.org/rfc/rfc5246.txt.
7. D. Dolev and A. C. Yao. 1981. On the security of public key protocols. In Proceedings of the 22nd Annual Symposium on Foundations of Computer Science (SFCS'81). IEEE Computer Society, Washington, DC, 350-357. DOI:http://dx.doi.org/10.1109/SFCS.1981.32
8. M. Dworkin. 2005. Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication. United States National Institute of Standards and Technology (NIST).
9. R. Escherich, I. Ledendecker, C. Schmal, B. Kuhls, C. Grothe, and F. Scharberth. 2009. SHE - Secure Hardware Extension Functional Specification Version 1.1. Herstellerinitiative Software (HIS).
10. B. Groza, S. Murvay, A. van Herrewege, and I. Verbauwhede. 2012. LiBrA-CAN: A lightweight broadcast authentication protocol for controller area networks. In Cryptology and Network Security, J. Pieprzyk, A.-R. Sadeghi, and M. Manulis (Eds.). Lecture Notes in Computer Science, Vol. 7712. Springer, Berlin, 185-200. DOI:http://dx.doi.org/10.1007/978-3-642-35404-5-15
11. G. Han, H. Zeng, Y. Li, and W. Dou. 2014. SAFE: Security-aware FlexRay scheduling engine. In Proceedings of DATE. DOI:http://dx.doi.org/10.7873/DATE2014.021
12. F. Hartwich. 2012. CAN with flexible data-rate. In Proceedings of the 13th International CAN Conference 2012 (iCC'12).
13. C. Herber, A. Richter, T. Wild, and A. Herkersdorf. 2014. A network virtualization approach for performance isolation in controller area network (CAN). In Proceedings of the 2014 IEEE 20th Real-Time and Embedded Technology and Applications Symposium (RTAS'14). 215-224. DOI:http://dx.doi.org/10.1109/RTAS.2014.6926004
14. T. Hoppe, S. Kiltz, and J. Dittmann. 2008. Adaptive dynamic reaction to automotive IT security incidents using multimedia car environment. In Proceedings of the 4th International Conference on Information Assurance and Security, 2008 (ISIAS'08). 295-298. DOI:http://dx.doi.org/10.1109/IAS.2008.45
15. T. Hoppe, S. Kiltz, and J. Dittmann. 2011. Security threats to automotive CAN networks-practical examples and selected short-term countermeasures. Reliabil. Eng. Syst. Safety 96, 1 (Jan. 2011), 11-25. DOI:http://dx.doi.org/10.1016/j.ress.2010.06.026
16. ISO-International Organization for Standardization. 2009. ISO/IEC 11889-1:2009 information technology- trusted platform module-Part 1: Overview.
17. K. Jiang, P. Eles, and Z. Peng. 2012. Co-design techniques for distributed real-time embedded systems with communication security constraints. In Proceedings of the Design, Automation Test in Europe Conference Exhibition (DATE'12). 947-952. DOI:http://dx.doi.org/10.1109/DATE.2012.6176633
18. F. Kargl. 2009. Secure Vehicle Communication (SeVeCom)-Baseline Security Specification.
19. K. Koscher, A. Czeskis, F. Roesner, S. Patel, T. Kohno, S. Checkoway, D. McCoy, B. Kantor, D. Anderson, H. Shacham, and S. Savage. 2010. Experimental security analysis of a modern automobile. In Proceedings of Symposium on Security and Privacy (SP'10).
20. B. Laurie, A. Langley, and E. Kasper. 2013. Certificate Transparency. Retrieved from http://tools.ietf.org/html/rfc6962.
21. C.-W. Lin, Q. Zhu, C. Phung, and A. Sangiovanni-Vincentelli. 2013. Security-aware mapping for CAN-based real-time distributed automotive systems. In Proceedings of the 2013 IEEE/ACM International Conference on Computer-Aided Design (ICCAD). DOI:http://dx.doi.org/10.1109/ICCAD.2013.6691106
22. M. Lukasiewycz, P. Mundhenk, and S. Steinhorst. 2016. Security-aware obfuscated priority assignment for automotive CAN platforms. ACM Trans. Des. Autom. Electron. Syst. 21 (2016), 32:1-32:27. DOI:http://dx.doi.org/10.1145/2831232
23. C. Miller and C. Valasek. 2013. Adventures in automotive networks and control units. In Proceedings of DEF CON.
24. C. Miller and C. Valasek. 2014. A survey of remote automotive attack surfaces. In Proceedings of Black Hat.
25. C. Miller and C. Valasek. 2015. Remote exploitation of an unaltered passenger vehicle. In Proceedings of Black Hat.
26. P. Mundhenk, A. Mrowca, S. Steinhorst, M. Lukasiewycz, S. A. Fahmy, and S. Chakraborty. 2016a. Open source model and simulator for real-time performance analysis of automotive network security. ACM SIGBED Rev. 13, 3 (2016), 8-13.
27. P. Mundhenk, A. Paverd, A.Mrowca, S. Steinhorst, M. Lukasiewycz, S. A. Fahmy, and S. Chakraborty. 2016b. Online repository for models and results presented in this paper. Retrieved from https://github.com/PhilippMundhenk/LASAN.
28. P. Mundhenk, S. Steinhorst, M. Lukasiewycz, S. A. Fahmy, and S. Chakraborty. 2015a. Lightweight authentication for secure automotive networks. In Proceedings of the Conference on Design, Automation and Test in Europe (DATE'15). DOI:http://dx.doi.org/10.7873/DATE.2015.0174
29. P. Mundhenk, S. Steinhorst, M. Lukasiewycz, S. A. Fahmy, and S. Chakraborty. 2015b. Security analysis of automotive architectures using probabilistic model checking. In Proceedings of the 52nd Design Automation Conference (DAC'15). DOI:http://dx.doi.org/10.1145/2744769.2744906
30. M. Muter and N. Asaj. 2011. Entropy-based anomaly detection for in-vehicle networks. In Proceedings of the 2011 IEEE Intelligent Vehicles Symposium (IV'11). 1110-1115. DOI:http://dx.doi.org/10.1109/IVS.2011.5940552
31. C. Neuman, T. Yu, S. Hartman, and K. Raeburn. 2005. The Kerberos Network Authentication Service (V5). Number 4120 in Request for Comments. IETF. Retrieved from http://www.ietf.org/rfc/rfc4120.txt.
32. NIST. 2001. Specification for the Advanced Encryption Standard (AES). United States National Institute of Standards and Technology (NIST). Retrieved from http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf.
33. A. Paverd and A. Martin. 2012. Hardware security for device authentication in the smart grid. In First Open EIT ICT Labs Workshop on Smart Grid Security - SmartGridSec12. Berlin, Germany. Retrieved from http://link.springer.com/chapter/10.1007/978-3-642-38030-3-5.
34. A. J. Paverd, A. P. Martin, and I. Brown. 2014. Privacy-enhanced bi-directional communication in the smart grid using trusted computing. In Proceedings of the 5th IEEE International Conference on Smart Grid Communications (SmartGridComm'14). DOI:http://dx.doi.org/10.1109/SmartGridComm.2014.7007758
35. A. Perrig, D. Song, R. Canetti, J. D. Tygar, and B. Briscoe. 2005. Timed Efficient Stream Loss-Tolerant Authentication (TESLA): Multicast Source Authentication Transform Introduction. Number 4082 in Request for Comments. IETF. Retrieved from http://www.ietf.org/rfc/rfc4082.txt.
36. F. Sagstetter, M. Lukasiewycz, S. Steinhorst, M. Wolf, A. Bouard, W. R. Harris, S. Jha, T. Peyrin, A. Poschmann, and S. Chakraborty. 2013. Security challenges in automotive hardware/software architecture design. In Proceedings of the Design, Automation Test in Europe Conference Exhibition (DATE'13). 458-463. DOI:http://dx.doi.org/10.7873/DATE.2013.102
37. S. Santesson, M. Myers, R. Ankney, A. Malpani, S. Galperin, and C. Adams. 2013. RFC 6960: X.509 Internet Public Key Infrastructure - Online Certificate Status Protocol - OCSP. Technical Report. Internet Engineering Task Force (IETF). Retrieved from http://tools.ietf.org/html/rfc6960.
38. H. Seudié. 2009. Vehicular On-board Security: EVITA Project. In Proceedings of the CAR 2 CAR Communications Consortium Forum.
39. S. Shreejith and S. A. Fahmy. 2014. Zero latency encryption with FPGAs for secure time-triggered automotive networks. In Proceedings of the International Conference on Field Programmable Technology (FPT'14). 256-259.
40. S. Shreejith and S. A. Fahmy. 2015. Security aware network controllers for next generation automotive embedded systems. In Proceedings of the 52nd Design Automation Conference (DAC'15). 39:1-39:6. DOI:http://dx.doi.org/10.1145/2744769.2744907
41. A. Sikora. 2013. Architecture and development of secure communication solutions for smart grid applications. J. Commun. 8, 8 (2013), 490-496. DOI:http://dx.doi.org/10.12720/jcm.8.8.490-496
42. M. Sojka, M. Krec, and Z. Hanzalek. 2014. Case study on combined validation of safety amp; security requirements. In Proceedings of the 2014 9th IEEE International Symposium on Industrial Embedded Systems (SIES'14). 244-251. DOI:http://dx.doi.org/10.1109/SIES.2014.6871210
43. Team SimPy. 2015. SimPy Discrete Event Simulation Library for Python. Retrieved April 20, 2016, http://simpy.readthedocs.org/.
44. TUM CREATE. 2015. EVA. Retrieved October 1, 2015, http://www.eva-taxi.sg/.
45. A. Van Herrewege, D. Singelee, and I. Verbauwhede. 2011. CANAuth-a simple, backward compatible broadcast authentication protocol for CAN bus. In Proceedings of the 20011 ECRYPTWorkshop on Lightweight Cryptography.
46. Q. Wang and S. Sawhney. 2014. VeCure: A practical security framework to protect the CAN bus of vehicles. In Proceeding of the 2014 International Conference on the Internet of Things (IOT'14). 13-18. DOI:http://dx.doi.org/10.1109/IOT.2014.7030108
47. R. Zalman and A. Mayer. 2014. A secure but still safe and low cost automotive communication technique. In Proceedings of the 51st Design Automation Conference (DAC 2014). DOI:http://dx.doi.org/10.1145/2593069.2603850
48. L. Zhu and B. Tung. 2006. Public Key Cryptography for Initial Authentication in Kerberos (PKINIT). Number 4556 in Request for Comments. IETF. Retrieved from http://www.ietf.org/rfc/rfc4556.txt.