Journal of IKEEE (전기전자학회논문지)

Institute of Korean Electrical and Electronics Engineers (한국전기전자학회)
권호 표지
DOI QR코드

DOI QR Code

Design of a Authenticated Encryption Architecure and Hardware Engine with Improved Reliability and Security on CAN-FD Protocol

CAN-FD 프로토콜에서 신뢰성과 보안성이 향상된 인증된 암호화 아키텍쳐 및 하드웨어 엔진의 설계

  • Received : 2023.06.23
  • Accepted : 2023.06.28
  • Published : 2023.06.30
Download PDF
⟨ Previous Next ⟩

Abstract

In this paper, an authenticated encryption architecture with improved reliability and security is proposed and implemented in hardware. The proposed architecture exploits Encrypt-and-MAC based on AES-128 and HMAC for easy parallelization. It exploits dual modular redundancy to improve reliability. It also exploits channel communication counter as additional encryption key, so security is improved with minimum additional hardware cost. Hardware engine of the proposed architecture was designed in FPGA, and it was verified to work correctly on CAN-FD bus.

본 논문에서는 CAN-FD 프로토콜에서 인증된 암호화의 신뢰성과 보안성을 향상시키기 위한 아키텍쳐를 제안하고 이를 하드웨어로 구현하였다. 제안된 아키텍쳐는 병렬 처리에 용이하도록 AES-128과 HMAC에 기반한 Encrypt-and-MAC 방식을 사용하였으며 신뢰성을 향상시키기 위해 하드웨어 이중화를 적용했다. 또한 채널 간 전송 횟수를 기억하는 카운터를 도입하여 마치 추가 암호 키처럼 사용하여 하드웨어 부담을 최소화하면서도 보안성을 강화하였다. 제안된 아키텍쳐를 위한 하드웨어 엔진을 FPGA로 설계하고, CAN-FD 버스 상에서 동작하는 것을 확인하였다.

Keywords

Acknowledgement

This work was supported by the R&D Program of the Ministry of Trade, Industry, and Energy (MOTIE) (20023805, RS-2022-00154973, RS-2023-00232192).

References

  1. Bosch, "CAN Specification," 1991. 
  2. Bosch, "CAN with Flexible Data Rate Specification," 2012. 
  3. B. Cheon and J. Jeon, "The CAN FD Network performance analysis using the CANoe," Proceedings of IEEE International Symposium on Robotics, pp.1-4, 2013. DOI: 10.1109/ISR.2013.6695598 
  4. S. Chandrasekaran, K. Ramachandran, S. Adarsh, and A. Puranik, "Avoidance of Replay Attack in CAN Protocol Using Authenticated Encryption," Proceedings of International Conference on Computing, Communication and Networking Technologies, pp.1-6, 2020. DOI: 10.1109/ICCCNT49239.2020.9225529 
  5. B. Groza, S. Murvay, A. Herrewege, and I. Verbauwhede, "LiBrA-CAN: A Lightweight Broadcast Authentication Protocol for Controller Area Networks," Proceedings of International Conference on Cryptology and Network Security, pp.185-200, 2012. DOI: 10.1007/978-3-642-35404-5_15 
  6. C. Lin and A. Sangiovanni-Vincentelli, "Cyber-Security for the Controller Area Network (CAN) Communication Protocol," Proceedings of International Conference on Cyber Security, pp.1-7, 2012. 
  7. S. Woo, H. Jo, I. Kim, and D. Lee, "A Practical Security Architecture for In-Vehicle CAN-FD," IEEE Transactions on Intelligent Transportation Systems, vol.17, no.8, pp.2248-2261, 2016. DOI: 10.1109/TITS.2016.2519464 
  8. B. Poudel and A. Munir, "Design and Evaluation of a Reconfigurable ECU Architecture for Secure and Dependable Automotive CPS," IEEE Transactions on Dependable and Secure Computing, vol.18, no.1, pp.235-252, 2021. DOI: 10.1109/TDSC.2018.2883057 
  9. FIPS 197, "Advanced Encryption Standard," https://csrc.nist.gov/publications/detail/fips/197/final 
  10. FIPS 198-1, "The Keyed-Hash Message Authentication Code," https://csrc.nist.gov/publications/detail/fips/198/1/final 
  11. M. Wolf, A. Weimerskirch, and T. Wollinger, "State of the art: Embedding security in vehicles," EURASIP Journal of Embedded Systems, article 074706, vol.2007, 2007. 
  12. K. Koscher, A. Czeskis, F. Roesner, S. Patrel, T. Kohno, S. Checkoway, D. McKoy, B. Kantor, and D. Anderson, "Experimental Security Analysis of a Modern Automobile," Proceedings of IEEE Symposium on Security and Privacy, pp.447-462, 2010. DOI: 10.1109/SP.2010.34 
  13. S. Woo, H. Jo, and D. Lee, "A Practical Wireless Attack on the Connected Car and Security Protocol for In-Vehicle CAN," IEEE Transactions on Intelligent Transportation Systems, vol.16, no.2, pp.993-1006, 2015. DOI: 10.1109/TITS.2014.2351612 
  14. C. Plappert, A. Fuchs, and R. Heddergott, "Analysis and Evaluation of Hardware Trust Anchors in the Automotive Domain," Proceedings of International Conference on Availability, Reliability and Security, pp.1-11, 2022. DOI: 10.1145/3538969.3538995 
  15. AUTOSAR, "Secure Hardware Extension," https://www.autosar.org/fileadmin/standards/R22-11/FO/AUTOSAR_TR_SecureHardwareExtensions.pdf 
  16. Evita Consortium, "EVITA E-safety Vehicle Intrusion Protected Applications," https://evita-project.org. 
  17. Trusted Computing Group, "TPM 2.0 Library Specification," https://trustedcomputinggroup.org/resource/tpm-library-specification/ 
  18. Infineon Technologies, "A Safe for Sensitive Data in the Car: Volkswagen Relies on TPM from Infineon," https://www.infineon.com/cms/en/about-infineon/press/market-news/2019/INFATV201901-030.html 
  19. FIPS 180-4, "Secure Hash Standard," https://csrc.nist.gov/publications/detail/fips/180/4/final 
  20. A. Hodjat and I. Verbauwhede, "Minimum Area Cost for a 30 to 70 Gbits/s AES Processor," Proceedings of IEEE Computer Society Annual Symposium on VLSI, pp.83-88, 2004. DOI: 10.1109/ISVLSI.2004.1339512 
  21. E. Beckschulze, F. Salewski, T. Siegbert, and S. Kowalewski, "Fault Handling Approaches on Dual-Core Microcontrollers in Safety-Critical Automotive Applications," Proceedings of International Symposium on Leveraging Applications of Formal Methods, Verification, and Validation, pp.82-92, 2008. DOI: 10.1007/978-3-540-88479-8_7 
  22. M. Baleani, A. Ferrari, L. Mangeruca, A. Sangiovanni-Vincentelli, M. Peri, and S. Pezzini, "Fault-Tolerant Platforms for Automotive Safety-Critical Applications," Proceedings of International Conference on Compilers, Architecture, and Synthesis for Embedded Systems, pp.170-177, 2003. DOI: 10.1145/951710.951734