Formal Security Analysis of the MaCAN Protocol.

Alessandro Bruni; Michal Sojka; Flemming Nielson; Hanne Riis Nielson

doi:10.1007/978-3-319-10181-1_15

Formal Security Analysis of the MaCAN Protocol.

Alessandro Bruni, Michal Sojka, Flemming Nielson, Hanne Riis Nielson

Department of Applied Mathematics and Computer Science

Czech Technical University in Prague

Research output: Chapter in Book/Report/Conference proceeding › Article in proceedings › Research › peer-review

1 Downloads (Pure)

Abstract

Embedded real-time network protocols such as the CAN bus cannot rely on off-the-shelf schemes for authentication, because of the bandwidth limitations imposed by the network. As a result, both academia and industry have proposed custom protocols that meet such constraints, with solutions that may be deemed insecure if considered out of context. MaCAN is one such compatible authentication protocol, proposed by Volkswagen Research and a strong candidate for being adopted by the automotive industry.

In this work we formally analyse MaCAN with ProVerif, an automated protocol verifier. Our formal analysis identifies two flaws in the original protocol: one creates unavailability concerns during key establishment, and the other allows re-using authenticated signals for different purposes. We propose and analyse a modification that improves its behaviour while fitting the constraints of CAN bus. Although the revised scheme improves the situation, it is still not completely secure. We argue that the modified protocol makes a good compromise between the desire to secure automotive systems and the limitations of CAN networks.

Original language	English
Title of host publication	Proceedings of the 11th International Conference on Integrated Formal Methods, IFM 2014
Editors	Elvira Albert, Emil Sekerinski
Publisher	Springer
Publication date	2014
Pages	241-255
ISBN (Print)	978-3-319-10180-4
ISBN (Electronic)	978-3-319-10181-1
DOIs	https://doi.org/10.1007/978-3-319-10181-1_15
Publication status	Published - 2014
Event	11th International Conference on Integrated Formal Methods, IFM 2014 - Bertinoro, Italy Duration: 9 Sept 2014 → 11 Sept 2014 Conference number: 11 http://ifm2014.cs.unibo.it/

Conference

Conference	11th International Conference on Integrated Formal Methods, IFM 2014
Number	11
Country/Territory	Italy
City	Bertinoro
Period	09/09/2014 → 11/09/2014
Internet address	http://ifm2014.cs.unibo.it/

Series	Lecture Notes in Computer Science
Volume	8739
ISSN	0302-9743

Keywords

protocol verification
embedded systems
Controller Area Network

Access to Document

10.1007/978-3-319-10181-1_15

OpenUrl availability

Full text

Cite this

@inproceedings{9e5db28446b244c3835d0ee30895d353,

title = "Formal Security Analysis of the MaCAN Protocol.",

abstract = "Embedded real-time network protocols such as the CAN bus cannot rely on off-the-shelf schemes for authentication, because of the bandwidth limitations imposed by the network. As a result, both academia and industry have proposed custom protocols that meet such constraints, with solutions that may be deemed insecure if considered out of context. MaCAN is one such compatible authentication protocol, proposed by Volkswagen Research and a strong candidate for being adopted by the automotive industry.In this work we formally analyse MaCAN with ProVerif, an automated protocol verifier. Our formal analysis identifies two flaws in the original protocol: one creates unavailability concerns during key establishment, and the other allows re-using authenticated signals for different purposes. We propose and analyse a modification that improves its behaviour while fitting the constraints of CAN bus. Although the revised scheme improves the situation, it is still not completely secure. We argue that the modified protocol makes a good compromise between the desire to secure automotive systems and the limitations of CAN networks.",

keywords = "protocol verification, embedded systems, Controller Area Network",

author = "Alessandro Bruni and Michal Sojka and Flemming Nielson and Nielson, {Hanne Riis}",

year = "2014",

doi = "10.1007/978-3-319-10181-1_15",

language = "English",

isbn = "978-3-319-10180-4",

series = "Lecture Notes in Computer Science",

publisher = "Springer",

pages = "241--255",

editor = "Elvira Albert and Emil Sekerinski",

booktitle = "Proceedings of the 11th International Conference on Integrated Formal Methods, IFM 2014",

note = "11th International Conference on Integrated Formal Methods, IFM 2014, IFM 2014 ; Conference date: 09-09-2014 Through 11-09-2014",

url = "http://ifm2014.cs.unibo.it/",

}

Bruni, A, Sojka, M, Nielson, F & Nielson, HR 2014, Formal Security Analysis of the MaCAN Protocol. in E Albert & E Sekerinski (eds), Proceedings of the 11th International Conference on Integrated Formal Methods, IFM 2014. Springer, Lecture Notes in Computer Science, vol. 8739, pp. 241-255, 11th International Conference on Integrated Formal Methods, IFM 2014, Bertinoro, Italy, 09/09/2014. https://doi.org/10.1007/978-3-319-10181-1_15

Formal Security Analysis of the MaCAN Protocol. / Bruni, Alessandro; Sojka, Michal; Nielson, Flemming et al.
Proceedings of the 11th International Conference on Integrated Formal Methods, IFM 2014. ed. / Elvira Albert; Emil Sekerinski. Springer, 2014. p. 241-255 (Lecture Notes in Computer Science, Vol. 8739).

Research output: Chapter in Book/Report/Conference proceeding › Article in proceedings › Research › peer-review

TY - GEN

T1 - Formal Security Analysis of the MaCAN Protocol.

AU - Bruni, Alessandro

AU - Sojka, Michal

AU - Nielson, Flemming

AU - Nielson, Hanne Riis

N1 - Conference code: 11

PY - 2014

Y1 - 2014

N2 - Embedded real-time network protocols such as the CAN bus cannot rely on off-the-shelf schemes for authentication, because of the bandwidth limitations imposed by the network. As a result, both academia and industry have proposed custom protocols that meet such constraints, with solutions that may be deemed insecure if considered out of context. MaCAN is one such compatible authentication protocol, proposed by Volkswagen Research and a strong candidate for being adopted by the automotive industry.In this work we formally analyse MaCAN with ProVerif, an automated protocol verifier. Our formal analysis identifies two flaws in the original protocol: one creates unavailability concerns during key establishment, and the other allows re-using authenticated signals for different purposes. We propose and analyse a modification that improves its behaviour while fitting the constraints of CAN bus. Although the revised scheme improves the situation, it is still not completely secure. We argue that the modified protocol makes a good compromise between the desire to secure automotive systems and the limitations of CAN networks.

AB - Embedded real-time network protocols such as the CAN bus cannot rely on off-the-shelf schemes for authentication, because of the bandwidth limitations imposed by the network. As a result, both academia and industry have proposed custom protocols that meet such constraints, with solutions that may be deemed insecure if considered out of context. MaCAN is one such compatible authentication protocol, proposed by Volkswagen Research and a strong candidate for being adopted by the automotive industry.In this work we formally analyse MaCAN with ProVerif, an automated protocol verifier. Our formal analysis identifies two flaws in the original protocol: one creates unavailability concerns during key establishment, and the other allows re-using authenticated signals for different purposes. We propose and analyse a modification that improves its behaviour while fitting the constraints of CAN bus. Although the revised scheme improves the situation, it is still not completely secure. We argue that the modified protocol makes a good compromise between the desire to secure automotive systems and the limitations of CAN networks.

KW - protocol verification

KW - embedded systems

KW - Controller Area Network

U2 - 10.1007/978-3-319-10181-1_15

DO - 10.1007/978-3-319-10181-1_15

M3 - Article in proceedings

SN - 978-3-319-10180-4

T3 - Lecture Notes in Computer Science

SP - 241

EP - 255

BT - Proceedings of the 11th International Conference on Integrated Formal Methods, IFM 2014

A2 - Albert, Elvira

A2 - Sekerinski, Emil

PB - Springer

T2 - 11th International Conference on Integrated Formal Methods, IFM 2014

Y2 - 9 September 2014 through 11 September 2014

ER -

Formal Security Analysis of the MaCAN Protocol.

Abstract

Conference

Keywords

Access to Document

OpenUrl availability

Fingerprint

Cite this