toucan a protocol to secure controller area network
play

TOUCAN: A proTocol tO secUre Controller Area Network Giampaolo - PowerPoint PPT Presentation

Mar 30, 2024 •237 likes •363 views

AutoSec 2019 Dallas, TX, USA TOUCAN: A proTocol tO secUre Controller Area Network Giampaolo Bella Gianpiero Costantino Pietro Biondi Ilaria Matteucci 1 Automotive communication domains User to Vehicle Vehicle to Infrastructure

  1. AutoSec 2019 Dallas, TX, USA TOUCAN: A proTocol tO secUre Controller Area Network Giampaolo Bella Gianpiero Costantino Pietro Biondi Ilaria Matteucci 1

  2. Automotive communication domains User to Vehicle Vehicle to Infrastructure Intra-Vehicle Vehicle to Vehicle Bella - Biondi - Costantino - Matteucci 2

  3. Controller Area Network The Controller area network (CAN-bus) is provided with: ● Serial communication protocol ● Message anti-collision protection ● Error detection PROBLEM Confidentiality Authentication Bella - Biondi - Costantino - Matteucci 3

  4. TOUCAN Frame Turning CAN frames into TOUCAN frames SPECK-64 Bella - Biondi - Costantino - Matteucci 4

  5. SPECK-64 + Chaskey MAC SPECK-64: Symmetric cipher used in systems with low computational resources. The features of SPECK are: ● Block cipher with 64-bit block size ● Supported key lengths: 128, 192 and 256 bit ● Efficiency in software and hardware ● On the ARM platform: about 3 times faster than AES Chaskey: permutation-based MAC algorithm based on Addition-Rotation-XOR (ARX) with some useful features: ● Efficient MAC algorithm for microcontrollers ● It is intended for applications that require 128-bit security ● Robustness under tag truncation Bella - Biondi - Costantino - Matteucci 5

  6. Design evaluation TOUCAN reduce the payload carried per frame. This decreases the number of messages that the car manufacturer can leverage to implement modern services based on communication among ECUs. Although, we argue that a message space of 2^40 is sufficient, this will have to be validated over time as more and more developed applications appear. Bella - Biondi - Costantino - Matteucci 6

  7. Risk analysis ● Risk of guessing the tag . According to Chaskey, the probability of constructing a forgery by guessing the tag is ● Probability of tag collisions. The collision probability depends on both the MAC length and the number of times the MAC is calculated: ● Security of SPECK 64/128. No attacks found with 27 rounds Bella - Biondi - Costantino - Matteucci 7

  8. A prototype implementation of TOUCAN ● STM32F407 Discovery ● Green led: the payload is correctly hashed / encrypted ● Red led: the payload is not correctly hashed / encrypted Performances Algorithm Board Speed [MHz] Time [μs] Chaskey MAC 168 0,43 SPECK-64 168 5,36 SPECK-64 + Chaskey MAC 168 5,79 Bella - Biondi - Costantino - Matteucci 8

  9. Comparison with the related work F1 Standard CAN: Conform to size and contents as they are specified by the CAN standard F2 Frame rate equal to CAN’s: When the protocol that does not need to send more frames than CAN does F3 Payload size not smaller than CAN’s: This holds of a protocol that preserves the standard CAN size of 64 bits for the payload size F4 Standard AUTOSAR: Protocol compliant with the AUTOSAR standard F5 No ECU hardware upgrade: When the protocol requires no upgrade to the ECUs F6 No infrastructure upgrade: Concerns the network and the overall infrastructure that supports the protocol Bella - Biondi - Costantino - Matteucci 9

  10. Conclusions Prototype implementation of TOUCAN, a protocol to secure CAN communication ❏ against an active eavesdropper in an AUTOSAR compliant way TOUCAN needs only the update of the firmware of existing ECUs but demands ❏ no hardware upgrade to the network It is based on fast hashing and symmetric encryption with the aim of ensuring ❏ authenticity, integrity and confidentiality Cryptographic functions never exceed six microseconds ❏ Payload size to 40 bits but this is largely sufficient for all control traffic ❏ Bella - Biondi - Costantino - Matteucci 10

  11. Future Works ❏ Secure distribution of cryptographic keys that are necessary to bootstrap both the hashing and the encryption primitives Simulation of an in-vehicle network by having at least two ECUs communicate ❏ securely between each other The precise evaluation of the extent to which more expensive and performing ❏ boards than the STM32F407 Discovery used here can reduce the runtimes Bella - Biondi - Costantino - Matteucci 11

  12. AutoSec 2019 Dallas, TX, USA Thank you for your attention Giampaolo Bella Gianpiero Costantino giamp@dmi.unict.it gianpiero.costantino@iit.cnr.it Pietro Biondi Ilaria Matteucci pietro.biondi94@gmail.com ilaria.matteucci@iit.cnr.it Find us on: https://sowhat.iit.cnr.it/ Security Of the Way to Handle Automotive sysTems 12

Recommend

A Secure Selection and Filt iltering Mechanism for the Network Tim ime Protocol Version 4

A Secure Selection and Filt iltering Mechanism for the Network Tim ime Protocol Version 4

A Secure Selection and Filt iltering Mechanism for the Network Tim ime Protocol Version 4 draft-schiff-ntp-chronos-01 Neta Rozen Schiff, Danny Dolev, Tal Mizrahi, Michael Schapira Reminder: Threat Model The attacker: Controls a large

305 views • 6 slides
What is i i KP KP? ? i KP i KP: : i i - -Key Key- -Protocol Protocol What is i

What is i i KP KP? ? i KP i KP: : i i - -Key Key- -Protocol Protocol What is i

What is i i KP KP? ? i KP i KP: : i i - -Key Key- -Protocol Protocol What is i -Key-Protocol, i = 1, 2, 3, Family of protocols Secure electronic payment Based on credit card payments Christopher Hsu Can be extended

407 views • 4 slides
GNUnet A network protocol stack for building secure, distributed, and privacy-preserving

GNUnet A network protocol stack for building secure, distributed, and privacy-preserving

GNUnet A network protocol stack for building secure, distributed, and privacy-preserving application FOSDEM20 Martin Schanzenbach 2/2/2020 The Internet is under attack The Internet HTTP, Facebook, Google, Libra ... DNS / X.509 TCP /

631 views • 34 slides
The Controller Area Network (CAN) Interface Corrado Santoro ARSLAB - Autonomous and Robotic

The Controller Area Network (CAN) Interface Corrado Santoro ARSLAB - Autonomous and Robotic

The Controller Area Network (CAN) Interface Corrado Santoro ARSLAB - Autonomous and Robotic Systems Laboratory Dipartimento di Matematica e Informatica - Universit` a di Catania, Italy santoro@dmi.unict.it L.S.M. 1 Course Corrado Santoro The

586 views • 13 slides
Cryptography and Network Security IPSEC Security architecture and protocol stack Secure

Cryptography and Network Security IPSEC Security architecture and protocol stack Secure

Cryptography and Network Security IPSEC Security architecture and protocol stack Secure applications: Applicaz. (SHTTP) PGP, SHTTP, SFTP, or SSL/TLS Security down in the TCP protocol stack -SSL between TCP IPSEC and applic. layer

723 views • 59 slides
CONTROLLER AREA NETWORK (CAN) DEEP PACKET INSPECTION Grkem Batmaz , Systems Engineer Ildik

CONTROLLER AREA NETWORK (CAN) DEEP PACKET INSPECTION Grkem Batmaz , Systems Engineer Ildik

CONTROLLER AREA NETWORK (CAN) DEEP PACKET INSPECTION Grkem Batmaz , Systems Engineer Ildik Pete , Systems Engineer 28 th March, 2018 Car Hacking Immediately my accelerator stopped working. As I frantically pressed the pedal and watched the

371 views • 35 slides
The FlexRay Protocol Peter Bhm 27.9.05 Overview 1. Introduction 2. Network Topology 3.

The FlexRay Protocol Peter Bhm 27.9.05 Overview 1. Introduction 2. Network Topology 3.

The FlexRay Protocol Peter Bhm 27.9.05 Overview 1. Introduction 2. Network Topology 3. Nodes 4. Communication Controller 5. Schedule 6. Message Processing 7. Clock Synchronization 8. Wake-up/Start-up 9. Summary Peter Bhm 27.09.05

769 views • 15 slides
Controller Area Network (CAN) Schedulability Analysis with FIFO queues Robert Davis 1 , Steffen

Controller Area Network (CAN) Schedulability Analysis with FIFO queues Robert Davis 1 , Steffen

Controller Area Network (CAN) Schedulability Analysis with FIFO queues Robert Davis 1 , Steffen Kollmann 2 , Victor Pollex 2 , Frank Slomka 2 1 Real-Time Systems Research Group, University of York 2 Institute of Embedded Systems / Real-Time

483 views • 31 slides
The Network Network Security Secure against what/whom Security goals Attacker model Same

The Network Network Security Secure against what/whom Security goals Attacker model Same

The Network Network Security Secure against what/whom Security goals Attacker model Same hub `trusted LAN Internet Eavesdrop / block messages / insert messages / ... Typical attacker model security protocol analysis: Attacker

780 views • 63 slides
Secure Cryptographic Protocol Execution based on Runtime Verification Secure Communication in

Secure Cryptographic Protocol Execution based on Runtime Verification Secure Communication in

Secure Cryptographic Protocol Execution based on Runtime Verification Secure Communication in the Quantum Era (SPS G5448) February 5th, 2020 Christian Colombo Mark Vella Cryptographic Protocols Design Proofs to validate design against

467 views • 20 slides
ENABLING SSH PROTOCOL VISIBILITY IN FLOW MONITORING Wednesday 10 th April, 2019 Pavel ELEDA

ENABLING SSH PROTOCOL VISIBILITY IN FLOW MONITORING Wednesday 10 th April, 2019 Pavel ELEDA

ENABLING SSH PROTOCOL VISIBILITY IN FLOW MONITORING Wednesday 10 th April, 2019 Pavel ELEDA Petr VELAN, Benjamin KRL Ondej KOZK Introduction SSH Secure Shell provides secure connection over an unsecured network remote command-line

543 views • 18 slides
SeMiNAS: A Secure Middleware for Wide-Area Network-Attached Storage Ming Chen Arun O. Vasudevan

SeMiNAS: A Secure Middleware for Wide-Area Network-Attached Storage Ming Chen Arun O. Vasudevan

SeMiNAS: A Secure Middleware for Wide-Area Network-Attached Storage Ming Chen Arun O. Vasudevan Kelong Wang Erez Zadok aov@nutanix.com kelong@dssd.com {mchen, ezk}@cs.stonybrook.edu Outline Background & Motivation Design

642 views • 33 slides
Towards a Provably Secure DoS-Resilient Key Exchange Protocol with PFS 1 L. Kuppusamy * J.

Towards a Provably Secure DoS-Resilient Key Exchange Protocol with PFS 1 L. Kuppusamy * J.

Introduction Contributions Conclusion Towards a Provably Secure DoS-Resilient Key Exchange Protocol with PFS 1 L. Kuppusamy * J. Rangasamy * D. Stebila * C. Boyd * J.M. Gonzlez Nieto * * Information Security Institute Queensland

943 views • 22 slides
Secure Routing for Mobile Ad hoc Networks Panagiotis Papadimitratos & Zygmunt J. Haas

Secure Routing for Mobile Ad hoc Networks Panagiotis Papadimitratos & Zygmunt J. Haas

Secure Routing for Mobile Ad hoc Networks Panagiotis Papadimitratos & Zygmunt J. Haas Presented by Leland Smith CS 6204, Spring 2005 1 Overview What are MANETs? Motivation Secure Routing Protocol Protocol Description

560 views • 15 slides
Presentation Presentation On On Routing Protocol Routing Protocol By By Muhammad Siddiqui

Presentation Presentation On On Routing Protocol Routing Protocol By By Muhammad Siddiqui

Presentation Presentation On On Routing Protocol Routing Protocol By By Muhammad Siddiqui Muhammad Siddiqui ISNM2003 ISNM2003 28th Jan 2004 Networks A computer network that spans a relatively large geographical area.

808 views • 31 slides
Real time and comunications 1 Examples of use and data capture Network time Basic

Real time and comunications 1 Examples of use and data capture Network time Basic

Real time and comunications 1 Examples of use and data capture Network time Basic protocol for real-time traffic Protocol for the management of data flow Secure version of the protocol 2 What is real-time (time of

629 views • 33 slides
Hardware Backdooring is practical Jonathan Brossard (Toucan System) Florentin Demetrescu

Hardware Backdooring is practical Jonathan Brossard (Toucan System) Florentin Demetrescu

Hardware Backdooring is practical Jonathan Brossard (Toucan System) Florentin Demetrescu (Cassidian) DISCLAIMER We are not terrorists . We won't release our PoC backdoor. The x86 architecture is plagued by legacy. Governments know.

525 views • 37 slides
Automatic Network Protocol Analysis Gilbert Wondracek, Paolo Milani Comparetti, Christopher

Automatic Network Protocol Analysis Gilbert Wondracek, Paolo Milani Comparetti, Christopher

Secure Systems Lab Technical University Vienna Automatic Network Protocol Analysis Gilbert Wondracek, Paolo Milani Comparetti, Christopher Kruegel and Engin Kirda pmilani@ sssup.it gilbert@ seclab.tuwien.ac.at chris@ cs.ucsb.edu engin.kirda@

606 views • 28 slides
Network Protocol Design and Evaluation 04 - Protocol Specification, Part III Stefan Rhrup

Network Protocol Design and Evaluation 04 - Protocol Specification, Part III Stefan Rhrup

Network Protocol Design and Evaluation 04 - Protocol Specification, Part III Stefan Rhrup University of Freiburg Computer Networks and Telematics Summer 2009 Overview In previous parts of this chapter: Modeling behaviour with

773 views • 74 slides
Focus Area: Secure and Reliable Secure and Reliable Computing Base Presenter: Sean Smith,

Focus Area: Secure and Reliable Secure and Reliable Computing Base Presenter: Sean Smith,

Trustworthy Cyber Infrastructure for the Power Grid Presentations Focus Area: Secure and Reliable Secure and Reliable Computing Base Presenter: Sean Smith, Dartmouth College TCIP Industry Day October 17, 2007 University of Illinois

310 views • 16 slides
Network Policy Controller in Weave Net Blocking unwanted network traffic in Kubernetes Bryan

Network Policy Controller in Weave Net Blocking unwanted network traffic in Kubernetes Bryan

Network Policy Controller in Weave Net Blocking unwanted network traffic in Kubernetes Bryan Boreham @bboreham Who knows... Kubernetes Docker Linux iptables Ancient wisdom For survival, your group needs: Leadership

675 views • 21 slides
Network Protocol Design and Evaluation 04 - Protocol Specification, Part II Stefan Rhrup

Network Protocol Design and Evaluation 04 - Protocol Specification, Part II Stefan Rhrup

Network Protocol Design and Evaluation 04 - Protocol Specification, Part II Stefan Rhrup University of Freiburg Computer Networks and Telematics Summer 2009 Overview In Part I of this chapter: Modeling with state machines and

1.8k views • 126 slides
Secure Scuttlebutt: An Identity-Centric Protocol for Subjective and Decentralized Applications

Secure Scuttlebutt: An Identity-Centric Protocol for Subjective and Decentralized Applications

Secure Scuttlebutt: An Identity-Centric Protocol for Subjective and Decentralized Applications Dominic Tarr (SSB, New Zealand) Erick Lavoie (McGill University, Montreal) Aljoscha Meyer (TU Berlin, Germany) Christian Tschudin (U of

501 views • 18 slides
Migration towards a more secure authentication in the Session Initiation Protocol Lars Strand

Migration towards a more secure authentication in the Session Initiation Protocol Lars Strand

Migration towards a more secure authentication in the Session Initiation Protocol Lars Strand Wolfgang Leister Alan Duric The Fifth International Conference on Emerging Security Information, Systems and Technologies (SECURWARE 2011) 21-27

805 views • 21 slides

More recommend