6

I'm currently researching into CAN security for in-vehicle communication. I would like to know if anyone knows a reason why the CAN payloads of an ECU communication (between CAN nodes) should be encrypted when integrity, authenticity and protection against replay attacks are guaranteed.

In case of key exchange messages or other security protocol related messages that need protection against eavesdroppers encryption is undoubtedly necessary. Same goes for privacy critical data like GPS output.

However, I'm wondering why some researchers suggest encryption of any CAN payload. Is there anything useful an adversary could learn by sniffing CAN pakets which neither can be replayed nor manipulated?

enigma
  • 161
  • 1
  • 3
  • Preventing spoofing was probably of a higher priority. Although full encryption would cut out the after market regarding 3rd party performance monitoring tools. So as a DRM maneuver it could be pretty effective. Pure profit motive. – infixed May 18 '16 at 16:57
  • I'm with you on that. DRM might be a motivation. At least for manufacturers. – enigma May 19 '16 at 07:04
  • Well, if you wanted to view the After-market equipment makers as business adversaries of the OEM, then that could fit your question. Although I don't know that most researchers would introspect deeply enough to consider that aspect. It's pretty outside the ivory tower. – infixed May 19 '16 at 13:44
  • 2
    how are "integrity, authenticity and protection against replay attacks" guaranteed in current CAN bus implementations? Or do you mean they will be in future? – Martin Thompson May 19 '16 at 14:28
  • @MartinThompson They will be, might be the better phrase. Most of the security protocol/mechanism proposals I found do guarantee them. Consequently, for the sake of clarity regarding my question, let's assume they are guaranteed. – enigma May 19 '16 at 14:49
  • @infixed I would agree for independent researchers, but since most of the research in this field is done by companies like Bosch, Escrypt or OEMs I think a lot of them could have had DRM in mind. Nevertheless, I partially agree with you. I can imagine that independent researchers rather have had privacy in mind (i.e. escrypt-project.org deliverable D2.3). But to generalize that privacy is threatened when not every bus communication is encrypted seems irrational to me when recalling that weak ECUs can't even perform symmetric encryption without violating their strict real-time requirements. – enigma May 19 '16 at 15:05
  • @AndréBorie I have to contradict you partially regarding your latter statement. Nowadays, the attack surface is getting bigger and bigger due to infotainment, eCall, Vehicle-to-X and the times where an attacker had to have physical access to the ECUs in order to comporomise them are over. Nevertheless, you pointed out disadvantages which certainly have to be considered when thinking about adding encryption in such safety-critical systems. Additionally, I agree that encryption only prevents eavesdropping, which is the reason for my question. – enigma May 21 '16 at 10:35
  • @AndréBorie Yes, I agree with that. – enigma May 22 '16 at 14:53

1 Answers1

1

I'd say CAN doesn't need encryption just like communications between CPUs and GPUs don't need it. It would add complexity, latency and more risk of failure in a critical system often used to control safety features. Physical security is already enough, as there is (or should be) no way for a remote attacker to access the CAN bus, and a local attacker with physical access may as well directly tamper with the ECU, completely bypassing the encryption.

What car manufacturers should work on instead is better segregation between different devices, possibly using separate firewalls to make sure devices can only send types of messages they are supposed to send.

André Borie
  • 12,706
  • 3
  • 39
  • 76
  • 1
    There are a few flaws in this answer. Firstly, due to the numerous channels a modern car is and will be communicating with its environment (as mentioned above) there is a wide attack surface for remote attacks. Secondly, to tamper with the ECU is way harder than just connecting to the CAN bus. Thirdly, even though I agree with you on your comment about the segregation, I have to note: firewalls do not prevent, for example, eavesdropping or replay attacks. In addition, the fact that those systems are often used to control safety features encourages encryption, in my opinion. – enigma Oct 08 '16 at 18:53