Abstract
In connected cars with various electronic control unit (ECU) modules, Ethernet is used to communicate data received by the sensor in real time, but it is partially used alongside a controller area network (CAN) due to the cost. There are security threats in the CAN, such as replay attacks and denial-of-service attacks, which can disrupt the driver or cause serious damage, such as a car accident through malicious manipulation. Although several secure protocols for protecting CAN messages have been proposed, they carry limitations, such as combining additional elements for security or modifying CAN messages with a limited length. Therefore, in this paper, we propose a method for encrypting the data frame, including real data in the CAN message structure, using format-preserving encryption (FPE), which ensures that the plaintext and ciphertext have the same format and length. In this way, block ciphers such as AES-128 must be divided into two or three blocks, but FPE can be processed simultaneously by encrypting them according to the CAN message format, thus providing better security against denial-of-service attacks. Based on the 150 ms CAN message, a normal message was received from a malicious message injection of 180 ms or more for AES-128 and a malicious message injection of 100 ms or more for FPE. Finally, based on the proposed scheme, a CAN transmission environment is constructed for analyzing the encryption/decryption rate and the process of transmitting and processing the encrypted message for connected cars in multi-access edge computing (MEC). This scheme is compared with other algorithms to verify that it can be used in a real environment.
Highlights
Cars evolved into connected cars to provide transportation for people or goods, but cars were interconnected and controlled by various devices
In the case of a lightweight can authentication protocol (LCAP) [15], a magic number chain is generated through a one-way hash function and a random number generator, and mutual authentication is performed through a handshake
We have proposed a scheme to encrypt controller area network (CAN) messages using format-preserving encryption (FPE), which preserves the shape of the data frame and improves security
Summary
Cars evolved into connected cars to provide transportation for people or goods, but cars were interconnected and controlled by various devices. The CAN is the most popular network used to classify messages according to their IDs without a host and exchange necessary data between ECUs. the CAN is not safe from replay attacks because it does not authenticate their original source. There is a possibility of denial-of-service attacks, which cause ECU processing delays by generating messages with a high priority because the message is processed according to priority based on the ID of the message. It is possible to prevent a denial-of-service attack by generating a single message, even though messages are encrypted. By applying our proposed method, we can prevent confidentiality and re-play attacks through sending a single CAN message to the connected car in multi-access edge computing [3].
Sign-in/Register to view highlights & summary 
Published Version (
Free)
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call