Formal Security Analysis of the MaCAN Protocol.

Alessandro Bruni, Michal Sojka, Flemming Nielson, Hanne Riis Nielson

Research output: Chapter in Book/Report/Conference proceedingArticle in proceedingsResearchpeer-review

1 Downloads (Pure)


Embedded real-time network protocols such as the CAN bus cannot rely on off-the-shelf schemes for authentication, because of the bandwidth limitations imposed by the network. As a result, both academia and industry have proposed custom protocols that meet such constraints, with solutions that may be deemed insecure if considered out of context. MaCAN is one such compatible authentication protocol, proposed by Volkswagen Research and a strong candidate for being adopted by the automotive industry.

In this work we formally analyse MaCAN with ProVerif, an automated protocol verifier. Our formal analysis identifies two flaws in the original protocol: one creates unavailability concerns during key establishment, and the other allows re-using authenticated signals for different purposes. We propose and analyse a modification that improves its behaviour while fitting the constraints of CAN bus. Although the revised scheme improves the situation, it is still not completely secure. We argue that the modified protocol makes a good compromise between the desire to secure automotive systems and the limitations of CAN networks.
Original languageEnglish
Title of host publicationProceedings of the 11th International Conference on Integrated Formal Methods, IFM 2014
EditorsElvira Albert, Emil Sekerinski
Publication date2014
ISBN (Print)978-3-319-10180-4
ISBN (Electronic)978-3-319-10181-1
Publication statusPublished - 2014
Event11th International Conference on Integrated Formal Methods, IFM 2014 - Bertinoro, Italy
Duration: 9 Sept 201411 Sept 2014
Conference number: 11


Conference11th International Conference on Integrated Formal Methods, IFM 2014
Internet address
SeriesLecture Notes in Computer Science


  • protocol verification
  • embedded systems
  • Controller Area Network


Dive into the research topics of 'Formal Security Analysis of the MaCAN Protocol.'. Together they form a unique fingerprint.

Cite this