查看文章

Most of the existing works on securing the CAN bus are using the limited data-field of CAN frames to embed a cryptographic payload. Only very few works have suggested the use of the identifier field since identifiers are critical for the arbitration procedure and changing them at random would interfere with message priorities. To preserve priority on the bus, in this work we use an ordered CMAC buffer. In this way, we can authenticate the identifiers of CAN frames and check that the sender is a legitimate node while arbitration on the bus remains unaltered. Moreover, we determine that for real-world scenarios the achieved security level is very close to the length of the ID field despite the constraints from ordering. This procedure easily circumvents replay attacks and fuzz testing on the bus, which were exploited by many recent works. We prove the feasibility of our approach by testing practical implementations on …