Formal Security Analysis of the MaCAN Protocol | SpringerLink
Skip to main content
Springer Nature Link
Log in

Formal Security Analysis of the MaCAN Protocol

  • Conference paper
Integrated Formal Methods (IFM 2014)

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 8739))

Included in the following conference series:

Abstract

Embedded real-time network protocols such as the CAN bus cannot rely on off-the-shelf schemes for authentication, because of the bandwidth limitations imposed by the network. As a result, both academia and industry have proposed custom protocols that meet such constraints, with solutions that may be deemed insecure if considered out of context. MaCAN is one such compatible authentication protocol, proposed by Volkswagen Research and a strong candidate for being adopted by the automotive industry.

In this work we formally analyse MaCAN with ProVerif, an automated protocol verifier. Our formal analysis identifies two flaws in the original protocol: one creates unavailability concerns during key establishment, and the other allows re-using authenticated signals for different purposes. We propose and analyse a modification that improves its behaviour while fitting the constraints of CAN bus. Although the revised scheme improves the situation, it is still not completely secure. We argue that the modified protocol makes a good compromise between the desire to secure automotive systems and the limitations of CAN networks.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
¥17,985 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
JPY 3498
Price includes VAT (Japan)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
JPY 5719
Price includes VAT (Japan)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
JPY 7149
Price includes VAT (Japan)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Arapinis, M., Ritter, E., Ryan, M.D.: StatVerif: Verification of Stateful Processes. In: 2011 IEEE 24th Computer Security Foundations, pp. 33–47 (2011)

    Google Scholar 

  2. Blanchet, B.: An efficient cryptographic protocol verifier based on prolog rules. In: Proceedings of the 14th IEEE workshop on Computer Security Foundations, pp. 82–96. IEEE Computer Society (2001)

    Google Scholar 

  3. Blanchet, B.: Automatic verification of correspondences for security protocols. Journal of Computer Security 17(4), 363–434 (2009)

    Google Scholar 

  4. Blanchet, B., Smyth, B.: Proverif 1.88: Automatic cryptographic protocol verifier, user manual and tutorial (2013)

    Google Scholar 

  5. Checkoway, S., McCoy, D., Kantor, B., Anderson, D., Shacham, H., Savage, S., Koscher, K., Czeskis, A., Roesner, F., Kohno, T.: Comprehensive experimental analyses of automotive attack surfaces. In: Proceedings of the 20th USENIX Conference on Security (2011)

    Google Scholar 

  6. Davis, R.I., Burns, A., Bril, R.J., Lukkien, J.J.: Controller area network (CAN) schedulability analysis: Refuted, revisited and revised. Real-Time Systems 35(3), 239–272 (2007)

    Article  Google Scholar 

  7. Dworkin, M.J.: SP 800-38B. recommendation for block cipher modes of operation: the CMAC mode for authentication (2005)

    Google Scholar 

  8. FlexRay Consortium, et al.: FlexRay communications system-protocol specification. Version, 2(1):198–207 (2005)

    Google Scholar 

  9. Robert Bosch GmbH. Road vehicles – Controller area network (CAN) – Part 1: Data link layer and physical signalling (1991)

    Google Scholar 

  10. Groza, B., Murvay, S., Van Herrewege, A., Verbauwhede, I.: LiBrA-CAN: a Lightweight Broadcast Authentication protocol for Controller Area Networks (2012)

    Google Scholar 

  11. Hartkopp, O., Reuber, C., Schilling, R.: MaCAN - message authenticated CAN. In: Proceedings of the 10th Escar Conference on Embedded Security in Cars (2012)

    Google Scholar 

  12. Koscher, K., Czeskis, A., Roesner, F., Patel, S., Kohno, T., Checkoway, S., McCoy, D., Kantor, B., Anderson, D., Shacham, H., Savage, S.: Experimental Security Analysis of a Modern Automobile. In: 2010 IEEE Symposium on Security and Privacy, pp. 447–462 (2010)

    Google Scholar 

  13. Hartwich, F.: CAN with Flexible Data-Rate (2005)

    Google Scholar 

  14. Lowe, G.: A hierarchy of authentication specifications. In: Proceedings of the 10th Computer Security Foundations Workshop, pp. 31–43. IEEE (1997)

    Google Scholar 

  15. Mödersheim, S.A.: Abstraction by set-membership: verifying security protocols and web services with databases. In: Proceedings of the 17th ACM Conference on Computer and Communications Security, pp. 351–360. ACM (2010)

    Google Scholar 

  16. Schweppe, H., Roudier, Y., Weyl, B., Apvrille, L., Scheuermann, D.: Car2x communication: securing the last meter-a cost-effective approach for ensuring trust in car2x applications using in-vehicle symmetric cryptography. In: Vehicular Technology Conference (VTC Fall), pp. 1–5. IEEE (2011)

    Google Scholar 

  17. Van Herrewege, A., Singelee, D., Verbauwhede, I.: CANAuth — a simple, backward compatible broadcast authentication protocol for CAN bus. In: ECRYPT Workshop on Lightweight Cryptography 2011 (2011)

    Google Scholar 

  18. Ziermann, T., Wildermann, S., Teich, J.: CAN+: A new backward-compatible Controller Area Network (CAN) protocol with up to 16× higher data rates. In: Design, Automation & Test in Europe Conference & Exhibition, pp. 1088–1093. IEEE (2009)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Technical University of Denmark, Kongens Lyngby, Denmark

    Alessandro Bruni, Flemming Nielson & Hanne Riis Nielson

  2. Czech Technical University, Praha, Czech

    Michal Sojka

Authors
  1. Alessandro Bruni
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Michal Sojka
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Flemming Nielson
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Hanne Riis Nielson
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Alessandro Bruni .

Editor information

Editors and Affiliations

  1. Complutense University of Madrid, Madrid, Spain

    Elvira Albert

  2. McMaster University, Hamilton, Ontario, Canada

    Emil Sekerinski

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer International Publishing Switzerland

About this paper

Cite this paper

Bruni, A., Sojka, M., Nielson, F., Riis Nielson, H. (2014). Formal Security Analysis of the MaCAN Protocol. In: Albert, E., Sekerinski, E. (eds) Integrated Formal Methods. IFM 2014. Lecture Notes in Computer Science(), vol 8739. Springer, Cham. https://doi.org/10.1007/978-3-319-10181-1_15

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-10181-1_15

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-10180-4

  • Online ISBN: 978-3-319-10181-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation