Security enhancement in In-vehicle Controller Area Networks by Electronic Control Unit authentication

Controller Area Network (CAN), the most popular network of Electronic Control Units (ECUs) was designed by Bosch in 1990s to prioritize reliability and safety but with absence of security. An attacker can take control of the ECUs and probably harm the safety critical operations inside the vehicle. Hence, security especially ECU authentication is most important for CAN. In this paper, an ECU authentication scheme named Security Enhancement using Truncated Message Authentication Code (SETMAC) for CAN is proposed. The authentication code generated using International Data Encryption Algorithm (IDEA) is truncated to four bytes to accommodate the message data into the maximum payload size of eight bytes. 8-bit message counter is incorporated among the ECUs to provide opposition to replay attacks. The proposed algorithm avoids the need of an extra frame for sending authentication messages and thus effectively reduces the bus load. The algorithm is tested with CANoe software using the CAN data set captured from a real vehicle. The simulation results show that the proposed authentication algorithm can be implemented in existing real time CAN bus networks in 500kb/s and 1Mb/s bit rates at maximum busloads of 25.05% and 12.52% respectively.