Encrypted Signal Transmission with AUTOSAR in a CAN-FD Network: Page 2 of 5

July 23, 2015 // By Armin Happel, Vector Informatik
Encrypted Signal Transmission with AUTOSAR in a CAN-FD Network
In today’s vehicle networks, data transmission is for the most part performed without any special security measures. That is, in accessing a vehicle’s bus system, it is possible to read the data transmitted in raw format or to even play it into the bus system in modified form. Encrypted data transmission would not only ensure that this information can only be evaluated by authorized recipients, it would also make it much more difficult to intercept or alter the messages.

Symmetrical encryption requires that both the sender and receiver have the same key. The software modules that are used permit dynamic allocation of the keys at runtime, so that the user or OEM can freely choose them.

A higher-level method such as an (asymmetrical) key exchange method might be implemented, or a static allocation might be made, such as in end-of-line programming. When a vehicle-specific key is used, whenever an ECU is replaced, the automotive service shop must train the new ECU by an authorization method, because the key must be kept confidential under all circumstances.

Preventing Replay Attacks

In this configuration, encrypted transmission of messages is now possible, where the information is, however, still purely static, i.e. a unique key text can be assigned to the plain text signals. This means that replay attacks, i.e. recording excerpts of a desired communication and replaying it into the system at a later time, can still be made. That is because the receiver cannot check whether the message actually originates from the sender at this time point. To make checking possible, at the start of communication the receiver generates a random value it selects – which is referred to as the ID key in the following – and it communicates this to the sender. The sender increments the value with each Tx operation and appends it to the Tx message. When the message arrives, the receiver checks whether the ID key matches the expected value. If it does, it processes the message; otherwise it rejects it. To tolerate possible message losses, the receiver will also accept a slightly higher value. This means that the counter in the Tx message continually alters the encrypted data even if the signal contents remain the same (Figure 1).

Figure 1: Message transmission and timing of encrypted communication

Design category: 

Vous êtes certain ?

Si vous désactivez les cookies, vous ne pouvez plus naviguer sur le site.

Vous allez être rediriger vers Google.