CEAMP: A Cross-Domain Entity Authentication and Message Protection Framework for Intra-Vehicle Network

Controller Area Network (CAN) is the most wide-used bus system in Intra-Vehicle Networks(IVN). However, the nature of broadcast communication and the lack of security mechanisms make the CAN bus extremely fragile against malicious attacks. Although there are works protecting IVN, most of them are not feasible when applied to real vehicles because they do not consider the IVN node capability. In this paper, we propose a security framework for the CAN bus, covering ECU entity identity management and authentication, symmetric key generation and update, intra-domain, cross-domain secure transmission, and sensitivity-based security classification methods. We formally verify our protocols using the up-to-date tool Tamarin and simulate real attacks in a simulation environment and the results show that the proposed protocol can resist these attacks. By the use of speck encryption and the Chaskey MAC algorithm in our schemes, the analysis results show that the increased time of a frame for a single ECU in our proposed intra-domain scheme is 2.09 ms to 2.78 ms on Arduino Mega, and 121.65 mu s to 152.15 mu s on Arduino DUE, which takes up 6.08% to 7.61% of a 10ms cyclic time frame. And in the cross-domain scheme is 2.55 ms to 3.24 ms on Arduino Mega, and 134.30 mu s to 164.80 mu s on Arduino DUE, which takes up 6.72% to 8.24% of a 10ms frame. To the best of our knowledge, this is the first time an IVN cross-domain secure transmission protocol has been proposed without changing the IVN network topology or the CAN protocol. Our work brings practical protection to IVN.