A Practical and Lightweight Source Authentication Protocol Using One-Way Hash Chain in CAN
- Title
- A Practical and Lightweight Source Authentication Protocol Using One-Way Hash Chain in CAN
- Alternative Title
- CAN 에서 구현 가능한 경량의 단방향 해시 체인을 사용하는 송신자 인증 프로토콜
- Author(s)
- Kang, Ki Dong
- DGIST Authors
- Kang, Ki Dong ; Son, Sang Hyuk
- Advisor
- Son, Sang Hyuk
- Co-Advisor(s)
- Lee, Seong Hun
- Issued Date
- 2017
- Awarded Date
- 2017. 2
- Type
- Thesis
- Subject
- Controller Area Network ; In-Vehicle Network Security ; Authentication ; Cyber-Physical Systems (CPS) ; 제어기 영역 네트워크 ; 차량 내부 네트워크 보안 ; 인증 ; 가상 물리 시스템
- Abstract
- While vehicle to everything (V2X) communication enables safety-critical automotive control systems to better support various connected services to improve safety and convenience of drivers, they also allow automotive attack surfaces to increase dynamically in modern vehicles. Many researchers as well as hackers have already demonstrated that they can take remote control of the targeted car by exploiting the vulnerabilities of in-vehicle networks such as Controller Area Networks (CANs). For assuring CAN security, we focus on how to authenticate electronic control units (ECUs) in real-time by addressing the security challenges of in-vehicle networks. In this thesis, we propose a novel and lightweight authentication protocol with an attack-resilient tree algorithm, which is based on one-way hash chain. The protocol can be easily deployed in CAN by performing a firmware update of ECU. We have shown analytically that the protocol achieves a high level of security. In addition, the performance of the proposed protocol is validated on CANoe simulator for virtual ECUs and Freescale S12XF used in real vehicles. The results show that our protocol is more efficient than other authentication protocol in terms of authentication time, response time, and service delay. ⓒ 2017 DGIST
- Table Of Contents
-
I. Introduction 1 --
II. Background and Challenges 4 --
2.1 Challenges for Enhanced Security in In-Vehicle Networks 4 --
2.2 Existing Methods for Security 5 --
2.3 Problems of the One-Way Hash Chain 7 --
III. Source Authentication Protocol 9 --
3.1 Assumption and Attack Model 9 --
3.2 Proposed Authentication Protocol 10 --
3.3 Attack-Resilient Algorithm based on Tree Structure 16 --
IV. Security Analysis 19 --
4.1 Authentication 19 --
4.2 Key Freshness 21 --
4.3 Replay Attack 21 --
V. Experiment Results 22 --
5.1 Hardware-Based Evaluation 23 --
5.1.1 Authentication time 23 --
5.1.2 Key update time 25 --
5.2 Software-Hardware-Based Evaluation 25 --
5.2.1 Response time 26 --
5.3 Software-Based Evaluation 27 --
5.3.1 Service delay 29 --
5.4 Comparison Results 32 --
VI. Conclusions and Future Work 33
- URI
-
http://dgist.dcollection.net/jsp/common/DcLoOrgPer.jsp?sItemId=000002322436
http://hdl.handle.net/20.500.11750/1477
- Degree
- Master
- Department
- Information and Communication Engineering
- Publisher
- DGIST
- Related Researcher
-
-
Son, Sang Hyuk
- Research Interests Real-time system; Wireless sensor network; Cyber-physical system; Data and event service; Information security; 실시간 임베디드 시스템
-
- Files in This Item:
-
기타 데이터 / 1.08 MB / Adobe PDF
download
- Appears in Collections:
- Department of Electrical Engineering and Computer Science Theses Master
Items in Repository are protected by copyright, with all rights reserved, unless otherwise indicated.