Robust Certificateless Authentication Protocol for the SAE J1939 Commercial Vehicles Bus

Abstract

Authentication for controller area network (CAN) buses in an intra-vehicular network involving electronic control units (ECUs) is a challenging factor. The Society of Automotive Engineers standard (SAE J1939) incorporating the ISO 11898-1 specification for the data link and physical layers of the standard CAN and CAN-flexible data rate (CAN-FD) handles communication among ECUs. The SAE J1939 is vulnerable to attacks, namely replay, masquerading and machine-in-the-middle (MITM) attacks. To prevent such attacks, there exist protocol suites for resource-constrained and resource-unconstrained nodes proposed in the literature which are not formally analysed. We formally analyse one of the comprehensive protocol suites using the state-of-the-art Tamarin automated software validation tool. The analysis reveals that the protocols have a vulnerability that can be exploited by replay attack. The identified replay attack prevents further frame authentication. To mitigate the identified attacks, we propose two new authentication protocols. At first, we propose one pass authentication protocol for computationally restricted nodes. For nodes that are not restricted computationally, we present a certificateless signature-based authentication protocol. Additionally, we present a new certificateless key insulated manageable signature (CL-KIMS) scheme for the signature-based authentication protocol. CL-KIMS ensures key insulation and random access key update properties. CL-KIMS scheme assures a novel property, known as self-healing property. The security of the proposed protocol suite and the signature scheme is formally analysed using the random oracle model (ROM). Especially, CL-KIMS scheme is shown to be provably secure in the ROM against Type-I and Type-II adversaries. We use the Tamarin tool to verify mutual authentication, session key security, known key secrecy and forward security. A detailed performance comparison shows that compared with the existing protocol suites, the proposed protocol suite has lesser communication overhead and ensures robust security. Our simulation study in Matlab further reveals that the key exchange protocols in the proposed protocol suite are efficient with lesser total message delay than its counterpart protocols.