Higher layer authentication for broadcast in Controller Area Networks

Controller Area Network (CAN) is a bus commonly used by controllers. The traditional view assumes that controllers operate in secure perimeters, but, as the degree of interconnectivity with the outside world increases, these networks may become open to intruders and CAN has no protection against Dolev-Yao adversaries. For this purpose one can implement security on higher layers. Here we design and implement a broadcast authentication protocol based on the well known paradigm of using one-way chains and time synchronization. In this way we can benefit from the use of symmetric primitives without the need of secret shared keys. As process control is a time critical operation, different to sensor networks where the life-time of the node is potentially the main limitation, here the authentication delay is the main optimization criteria. Several trade-offs are studied for this purpose in order to alleviate shortcomings on computational speed, memory, bandwidth and to assure a uniform bus-load. As for the experimental setup, we used S12 microcontrollers from Freescale to implement the proposed solution. To speed up cryptographic operations we also make use of the XGATE co-processor available on S12X.