Litcius/Paper detail

Efficient Crypto Engine for Authenticated Encryption, Data Traceability, and Replay Attack Detection Over CAN Bus Network

Amar Rasheed, Mohamed Baza, Mahmoud M. Badr, Hani Alshahrani, Kim‐Kwang Raymond Choo

2023IEEE Transactions on Network Science and Engineering22 citationsDOI

Abstract

Smart vehicles and industrial control systems becoming increasingly complex. They are comprised of a large number of connected intelligence sensor devices. For such systems, Controller Area Network (CAN) bus offer high-integrity serial communication capabilities. It transformed the way how these systems are networked. Due to the lack of data security features on CAN-enabled systems, many of these systems are vulnerable to a wide range of cyber threats. This article proposed the development of a crypto-based subsystem that is capable of supporting CAN authenticated data encryption/decryption, crypto-provable data traceability, and replay attack detection capabilities. Data confidentiality was achieved via the deployment of a lightweight block cipher authenticated encryption scheme based on TinyJAMBU-128. Crypto-provable data traceability was accomplished through the utilization of a block-chaining approach. Meanwhile, an anti-replay attack mechanism that implements CAN message context awareness has been tested and validated under various data infection rates. Our CAN security subsystem was fully implemented and deployed on a testbed with multiple STM32 Nucleo development boards. System performance for our security schemes was analyzed and compared with traditional encryption schemes AES, ARIA, and Camellia with SHA-512 for supporting message authentication. Based on our performance results, the proposed security subsystem achieved the lowest CAN bus load and average message overhead compared to other encryption schemes. In the case of the anti-replay attack mechanism, we were able to reach a detection rate of 99.99% for data infection rate below 20%.

Topics & Concepts

Computer scienceEncryptionReplay attackComputer networkEmbedded systemMessage authentication codeAuthentication (law)CryptographyComputer securityVehicular Ad Hoc Networks (VANETs)Real-Time Systems SchedulingBluetooth and Wireless Communication Technologies