Vehicle technology has developed rapidly these years, however, the security measures for in-vehicle network does not keep up with the trend. Controller area network(CAN) is the most used protocol in the in-vehicle network. With the characteristic of CAN, there exists many vulnerabilities including lacks of integrity and confidentiality, and hence CAN is vulnerable to various attacks such as impersonation attack, replay attack, etc. In order to implement the authentication and encryption, secret key derivation is necessary. In this work, we proposed an efficient key management scheme for in-vehicle network. In particular, the scheme has five phases. In the first and second phase, we utilize elliptic curve cryptography-based key encapsulation mechanism(KEM) to derive a pairwise secret between each ECU and a central secure ECU in the same group. Then in the third phase, we design secure communication to derive group shared secret among all ECU in a group. In the last two phases, SECU is not needed, regular ECU can derive session key on their own. We presented a possible attack analysis(chosen-ciphertext attack as the main threat) and a security property analysis for our scheme. Our scheme is evaluated based on a hardware-based experiment of three different microcontrollers and a software-based simulation of IVNS. We argue that based on our estimation and the experiment result, our scheme performs better in communication and computation overhead than similar works.
翻译:暂无翻译