Secure CAN for Connected Vehicles

A Controller Area Network (CAN) bus facilitates real time data/command transfer over small distances. It is frequently used in automotive, off-road, and industrial environments with several IoT nodes connected to it. Control messages with commands can cause an actuator to perform some action. An adversary might observe the control message and subsequent action. Injecting the control message at a later time (replay attack) should not replay the same action. Unfortunately current CAN protocol provides no protection against such attacks. Third party components may reverse engineer messaging protocols to gain control over critical systems resulting in dangerous system malfunctions. In a connected vehicle ecosystem, these attacks can also originate at peer vehicles with transactions coming in through one of the IoT nodes on the CAN bus. The proposed solution is to verify the integrity and authenticity of messages. Verifying the integrity of a freshness value appended to messages prevents replay attacks. Authenticity guarantees messages do not come from a malicious party. A keyed hash function using a shared secret key enables authenticated messages. The challenges are: (1) establishing a shared secret and (2) synchronizing a freshness value. Past standards limit CAN message sizes to 8 bytes. New standards (CAN-FD) allow for longer messages. We propose appending 8 bytes to messages to provide integrity and authenticity. Nodes require a shared key and freshness value for creating these bytes. Many scenarios require shared key renegotiation. The shared key is negotiated using Elliptic Curve Cryptography (ECC) infrastructure. Protocols are developed for establishing a shared key and synchronizing a freshness value. Protocol correctness is verified through simulations.