Abstract-Controller Area Network is a bus commonly used by controllers inside vehicles and in various industrial control applications. In the past controllers were assumed to operate in secure perimeters, but today these environments are well connected to the outside world and recent incidents showed them extremely vulnerable to cyber-attacks. To withstand such threats, one can implement security in the application layer of CAN. Here we design, refine and implement a broadcast authentication protocol based on the well known paradigm of using key-chains and time synchronization, a commonly used mechanism in wireless sensor networks, which allows us to take advantage from the use of symmetric primitives without the need of secret shared keys during broadcast. But, as process control is a time critical operation we make several refinements in order to improve on the authentication delay. For this we study several trade-offs to alleviate shortcomings on computational speed, memory and bandwidth up to the point of using reduced versions of hash functions that can assure ad hoc security. To prove the efficiency of the protocol we provide experimental results on two representative microcontrollers from the market: a Freescale S12X and an Infineon TriCore, both devices were specifically chosen as they are located somewhat on the extremes of computational power. As bandwidth proved to be the main limitation, to provide clear bounds on the effectiveness of the solution we used low speed, fault tolerant and high speed communication as well.Index Terms-Authentication, Broadcast, Controller Area Network, S12X, TriCore. [28]. As data throughput has increased inside cars, high performance buses were developed in the last decade, e.g., FlexRay, but because of its efficiency and reduced cost CAN is still present in most automotives Manuscript received September 20, 2011. Accepted for publication November 29, 2012. Copyright c 2012 IEEE. Personal use of this material is permitted. However, permission to use this material for any other purposes must be obtained from the IEEE by sending a request to pubs-permissions@ieee.org. B. Groza and S. Murvay are with the Faculty of Automatics and Computers, Politehnica University of Timisoara, Romania. Phone: +40-256-403242, email: bogdan.groza@aut.upt.ro, stefan.murvay@gmail.com produced today. Due to its reliability and excellent priceperformance ratio, CAN bus is likely to remain wide-spread for a long time, especially in applications that do not require high bandwidth.
I. MOTIVATION AND RELATED WORKReliability was always a main concern in control systems and in automotives in particular, but only with respect to natural phenomenons (electromagnetic disturbances, thermal noise, etc.) or accidents of various causes and not in front of active Dolev-Yao adversaries. For this purpose, CAN has been designed to deal with errors and to recover afterwards. The probability of an undetected error on CAN is extremely low, informally one undetected error occurs at about one thousand years for each v...
