Fortifying Vehicular Security Through Low Overhead Physically Unclonable Functions

TL;DR

This paper introduces a security framework for vehicular CAN networks using physically unclonable functions and lightweight cryptography, significantly reducing message overhead without modifying the protocol.

Contribution

It proposes a novel security framework that enhances CAN network security with minimal overhead, avoiding protocol modifications and hardware costs.

Findings

Reduces CAN frame transmission to 6.5% of existing methods for 20 ECUs

Maintains security without protocol modification or additional hardware

Significantly lowers message overhead in vehicular networks

Abstract

Within vehicles, the Controller Area Network (CAN) allows efficient communication between the electronic control units (ECUs) responsible for controlling the various subsystems. The CAN protocol was not designed to include much support for secure communication. The fact that so many critical systems can be accessed through an insecure communication network presents a major security concern. Adding security features to CAN is difficult due to the limited resources available to the individual ECUs and the costs that would be associated with adding the necessary hardware to support any additional security operations without overly degrading the performance of standard communication. Replacing the protocol is another option, but it is subject to many of the same problems. The lack of security becomes even more concerning as vehicles continue to adopt smart features. Smart vehicles have a multitude of communication interfaces would an attacker could exploit to gain access to the networks. In this work we propose a security framework that is based on physically unclonable functions (PUFs) and lightweight cryptography (LWC). The framework does not require any modification to the standard CAN protocol while also minimizing the amount of additional message overhead required for its operation. The improvements in our proposed framework results in major reduction in the number of CAN frames that must be sent during operation. For a system with 20 ECUs for example, our proposed framework only requires 6.5% of the number of CAN frames that is required by the existing approach to successfully authenticate every ECU.