In this work, we propose defense techniques against message spoofing attacks in FlexRay networks. For this purpose, we explore how to leverage the slot- and channel-based FlexRay communication for ensuring the authenticity of safety-critical in-vehicle traffic. In particular, we suggest to split authentication tags across two physical independent channels, allowing for their concurrent transmission. This eventually leads to a higher degree of fault-tolerance and security. We put a special focus on the efficient management and distribution of cryptographic keys by using reversed hash chains. They allow us to derive new and forward-secure keys at low cost during operational runtime. Our evaluation consists of both a discussion and a practical implementation on an exemplary network. Assuming constrained hardware resources, we conclude that authentication for groups of time slots is the most promising approach in terms of timing and computational overhead.

在这项工作中，我们提出了针对FlexRay网络中的消息欺骗攻击的防御技术。为此，我们探索如何利用基于插槽和通道的FlexRay通信来确保安全性至关重要的车载流量的真实性。特别是，我们建议在两个物理独立通道之间划分身份验证标签，以允许它们同时传输。这最终导致更高程度的容错和安全性。我们特别关注通过使用反向哈希链来有效管理和分配密码密钥。它们使我们能够在操作运行期间以低成本导出新的和前向安全的密钥。我们的评估包括对示例性网络的讨论和实际实施。假设硬件资源有限，