The Control Area Network (CAN) represents the standard bus for intra-vehicular networks communication. Unfortunately, CAN was not designed to be a secure protocol. Communications over CAN do not take advantage of any security feature (e.g., cryptography and authentication), raising different vulnerabilities in critical applications. This lack of security is even more emphasized in recent CAN networks, which integrate remote connection capabilities (e.g., Bluetooth and WiFi). This insecurity-by-design led to the development of specific mechanisms to patch CAN vulnerabilities. Many proposed solutions rely on implementing optimized cryptographic primitives and assume that the cryptographic keys were previously shared among the different nodes during the production phase, omitting the issue related to keys distribution and update. We propose SENECAN, a solution that combines watermarking and wired jamming to secure the CAN bus's key distribution. Our solution leverages intentional interference and spread spectrum watermarking to achieve security properties such as confidentiality, integrity, authentication, and anti-replay. Compared to other works, SENECAN does not require any modification of the CAN protocol and system architecture. Instead, it requires an additional CAN transceiver and an initial transmission overhead. Finally, we tested the effectiveness and functioning of the SENECAN distribution schema in a real CAN environment.

SENECAN: Secure KEy DistributioN OvEr CAN Through Watermarking and Jamming

Soderi S.
;
Turrin F.;Conti M.
2022

Abstract

The Control Area Network (CAN) represents the standard bus for intra-vehicular networks communication. Unfortunately, CAN was not designed to be a secure protocol. Communications over CAN do not take advantage of any security feature (e.g., cryptography and authentication), raising different vulnerabilities in critical applications. This lack of security is even more emphasized in recent CAN networks, which integrate remote connection capabilities (e.g., Bluetooth and WiFi). This insecurity-by-design led to the development of specific mechanisms to patch CAN vulnerabilities. Many proposed solutions rely on implementing optimized cryptographic primitives and assume that the cryptographic keys were previously shared among the different nodes during the production phase, omitting the issue related to keys distribution and update. We propose SENECAN, a solution that combines watermarking and wired jamming to secure the CAN bus's key distribution. Our solution leverages intentional interference and spread spectrum watermarking to achieve security properties such as confidentiality, integrity, authentication, and anti-replay. Compared to other works, SENECAN does not require any modification of the CAN protocol and system architecture. Instead, it requires an additional CAN transceiver and an initial transmission overhead. Finally, we tested the effectiveness and functioning of the SENECAN distribution schema in a real CAN environment.
File in questo prodotto:
File Dimensione Formato  
09786611.pdf

accesso aperto

Descrizione: early access version - University of PAdua (CRUI CARE) OA funding
Tipologia: Published (publisher's version)
Licenza: Creative commons
Dimensione 7.62 MB
Formato Adobe PDF
7.62 MB Adobe PDF Visualizza/Apri
Pubblicazioni consigliate

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11577/3455100
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 1
  • ???jsp.display-item.citation.isi??? 1
social impact