当前位置: X-MOL 学术Comput. Netw. › 论文详情
Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)
Robust authentication for automotive control networks through covert channels
Computer Networks ( IF 5.6 ) Pub Date : 2021-04-19 , DOI: 10.1016/j.comnet.2021.108079
Stien Vanderhallen , Jo Van Bulck , Frank Piessens , Jan Tobias Mühlberg

Automotive control networks offer little resistance against security threats that come with the long-range connectivity in modern cars. Remote attacks that undermine the safety of vehicles have been shown to be practical. A range of security mechanisms have been proposed to harden resource-constrained embedded microcontrollers against malicious interference, including cryptographic protocols that establish the authenticity of in-vehicle message exchange. However, authenticated communication comes with repercussions on deployability and vehicle safety in terms of reliability, real-time compliance, backwards compatibility, and bandwidth and resource use.

In this article we investigate benign, defencive uses of covert channels to implement and support vehicular message authentication mechanisms as a transparent, resource-conserving approach to automotive network security. We provide the first comprehensive evaluation of covert channels in Controller Area Networks (CAN) with respect to the attainable bandwidth and reliability of covert communication. Our analysis identifies timing-based covert channels as candidates to design a complementary nonce synchronisation channel that can enhance robustness against message loss in existing authentication schemes. We practically implement and evaluate this design on top of an open-source authenticated CAN communication library, showing that covert timing channels can improve communication robustness in benign circumstances, while not reducing the security guarantees of the underlying authentication primitives when under attack.



中文翻译:

通过隐蔽渠道对汽车控制网络进行可靠的身份验证

汽车控制网络几乎无法抵抗现代汽车的远程连接带来的安全威胁。事实证明,破坏车辆安全性的远程攻击是可行的。已经提出了一系列安全机制来强化资源受限的嵌入式微控制器,使其免受恶意干扰,包括建立车载消息交换的真实性的加密协议。但是,经过身份验证的通信会在可靠性,实时合规性,向后兼容性以及带宽和资源使用方面对可部署性和车辆安全性产生影响。

在本文中,我们将研究隐性渠道的良性和防御性使用,以实现和支持车辆消息身份验证机制,将其作为一种透明的,节省资源的方法来实现汽车网络安全。我们就可获得的带宽和隐蔽通信的可靠性,提供了控制器局域网(CAN)中隐蔽信道的首次综合评估。我们的分析确定了基于时间的秘密渠道可以作为设计补充渠道的备选方案随机数同步通道,可以增强现有身份验证方案中针对消息丢失的鲁棒性。我们实际上在开源的经过身份验证的CAN通信库上实施和评估该设计,表明隐秘的定时通道可以在良性情况下提高通信的鲁棒性,而不会在受到攻击时降低基础身份验证原语的安全性。

更新日期:2021-04-19
down
wechat
bug