CAIBA: Multicast Source Authentication for CAN Through Reactive Bit Flipping
- URL: http://arxiv.org/abs/2504.16695v1
- Date: Wed, 23 Apr 2025 13:27:30 GMT
- Title: CAIBA: Multicast Source Authentication for CAN Through Reactive Bit Flipping
- Authors: Eric Wagner, Frederik Basels, Jan Bauer, Till Zimmermann, Klaus Wehrle, Martin Henze,
- Abstract summary: Controller Area Networks (CANs) are the backbone for reliable intra-vehicular communication.<n>Recent cyberattacks have exposed the weaknesses of CAN, which was designed without any security considerations in the 1980s.<n>We present CAIBA, a novel multicast source authentication scheme specifically designed for communication buses like CAN.
- Score: 5.997426999817119
- License: http://creativecommons.org/licenses/by-nc-nd/4.0/
- Abstract: Controller Area Networks (CANs) are the backbone for reliable intra-vehicular communication. Recent cyberattacks have, however, exposed the weaknesses of CAN, which was designed without any security considerations in the 1980s. Current efforts to retrofit security via intrusion detection or message authentication codes are insufficient to fully secure CAN as they cannot adequately protect against masquerading attacks, where a compromised communication device, a so-called electronic control units, imitates another device. To remedy this situation, multicast source authentication is required to reliably identify the senders of messages. In this paper, we present CAIBA, a novel multicast source authentication scheme specifically designed for communication buses like CAN. CAIBA relies on an authenticator overwriting authentication tags on-the-fly, such that a receiver only reads a valid tag if not only the integrity of a message but also its source can be verified. To integrate CAIBA into CAN, we devise a special message authentication scheme and a reactive bit overwriting mechanism. We achieve interoperability with legacy CAN devices, while protecting receivers implementing the AUTOSAR SecOC standard against masquerading attacks without communication overhead or verification delays.
Related papers
- Robust Multicast Origin Authentication in MACsec and CANsec for Automotive Scenarios [1.8570591025615457]
Ethernet and CAN XL provide link-level security based on symmetric cryptography, but do not support origin authentication for multicast transmissions.<n>Asymmetric cryptography is unsuitable for networked embedded control systems with real-time constraints and limited computational resources.<n>Some such strategies are presented and analyzed that allow for multicast origin authentication, also improving robustness to frame losses by means of interleaved keychains.
arXiv Detail & Related papers (2025-02-27T21:55:08Z) - Securing Legacy Communication Networks via Authenticated Cyclic Redundancy Integrity Check [98.34702864029796]
We propose Authenticated Cyclic Redundancy Integrity Check (ACRIC)
ACRIC preserves backward compatibility without requiring additional hardware and is protocol agnostic.
We show that ACRIC offers robust security with minimal transmission overhead ( 1 ms)
arXiv Detail & Related papers (2024-11-21T18:26:05Z) - User-Authenticated Device-Independent Quantum Secure Direct Communication Protocol [5.420275467831935]
Device-Independent Quantum Secure Direct Communication (DI-QSDC) enhances quantum cryptography.
We propose the first of its kind DI-QSDC protocol with user identity authentication.
arXiv Detail & Related papers (2024-09-16T16:03:22Z) - Physical Layer Deception with Non-Orthogonal Multiplexing [52.11755709248891]
We propose a novel framework of physical layer deception (PLD) to actively counteract wiretapping attempts.<n>PLD combines PLS with deception technologies to actively counteract wiretapping attempts.<n>We prove the validity of the PLD framework with in-depth analyses and demonstrate its superiority over conventional PLS approaches.
arXiv Detail & Related papers (2024-06-30T16:17:39Z) - BAZAM: A Blockchain-Assisted Zero-Trust Authentication in Multi-UAV Wireless Networks [21.51085709522321]
Unmanned aerial vehicles (UAVs) are vulnerable to interception and attacks when operated remotely without a unified identity authentication.
We introduce a blockchain-assisted zero-trust authentication scheme, namely BAZAM, designed for multi-UAV wireless networks.
arXiv Detail & Related papers (2024-06-30T09:06:49Z) - A Survey and Comparative Analysis of Security Properties of CAN Authentication Protocols [92.81385447582882]
The Controller Area Network (CAN) bus leaves in-vehicle communications inherently non-secure.
This paper reviews and compares the 15 most prominent authentication protocols for the CAN bus.
We evaluate protocols based on essential operational criteria that contribute to ease of implementation.
arXiv Detail & Related papers (2024-01-19T14:52:04Z) - Attestation with Constrained Relying Party [0.7249731529275341]
We show that our protocol, including the needed cryptography and message processing, can be implemented with a code size of 6 KB.
We show that our protocol, including the needed cryptography and message processing, can be implemented with a code size of 6 KB and validate its security via model checking with the ProVerif tool.
arXiv Detail & Related papers (2023-12-14T13:05:21Z) - Tamper-Evident Pairing [55.2480439325792]
Tamper-Evident Pairing (TEP) is an improvement of the Push-Button configuration (PBC) standard.
TEP relies on the Tamper-Evident Announcement (TEA), which guarantees that an adversary can neither tamper a transmitted message without being detected, nor hide the fact that the message has been sent.
This paper provides a comprehensive overview of the TEP protocol, including all information needed to understand how it works.
arXiv Detail & Related papers (2023-11-24T18:54:00Z) - Generative AI-aided Joint Training-free Secure Semantic Communications
via Multi-modal Prompts [89.04751776308656]
This paper proposes a GAI-aided SemCom system with multi-model prompts for accurate content decoding.
In response to security concerns, we introduce the application of covert communications aided by a friendly jammer.
arXiv Detail & Related papers (2023-09-05T23:24:56Z) - Is Semantic Communications Secure? A Tale of Multi-Domain Adversarial
Attacks [70.51799606279883]
We introduce test-time adversarial attacks on deep neural networks (DNNs) for semantic communications.
We show that it is possible to change the semantics of the transferred information even when the reconstruction loss remains low.
arXiv Detail & Related papers (2022-12-20T17:13:22Z) - Measurement-Device-Independent Quantum Secure Direct Communication with
User Authentication [3.490038106567192]
Quantum secure direct communication (QSDC) and deterministic secure quantum communication (DSQC) are two important branches of quantum cryptography.
In the practical scenario, an adversary can apply detector-side-channel attacks to get some non-negligible amount of information about the secret message.
Measurement-device-independent (MDI) quantum protocols can remove this kind of detector-side-channel attack.
arXiv Detail & Related papers (2022-02-21T15:40:38Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.