Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

CAN-MM: Multiplexed Message Authentication Code for Controller Area Network message authentication in road vehicles

Franco Oberti, Ernesto Sanchez, Alessandro Savino, Filippo Parisi, Stefano Di Carlo

TL;DR

The paper tackles securing CAN-based in-vehicle networks by embedding a MAC into standard CAN frames without changing their formats. It proposes CAN-MM, which uses OOK-based multiplexing to carry MAC data alongside CAN payloads, preserving backward compatibility across CAN-2.0, CAN-FD, and CAN-XL, and enabling parallel MAC verification. Through LTSpice simulations and a preliminary hardware prototype, the authors show minimal MAC-induced latency and robust demodulation, with a Type-B variant offering improved noise resilience. The approach supports SecOC-like authentication, mitigates MitM and replay threats, and aligns with evolving automotive cybersecurity regulations, all while preserving real-time schedulability. This could significantly reduce integration costs for cyber-secure CAN deployments while maintaining compatibility with existing ECUs and networks.

Abstract

The automotive market is increasingly profitable for cyberattacks with the constant shift toward fully interconnected vehicles. Electronic Control Units (ECUs) installed on cars often operate in a critical and hostile environment. Hence, both carmakers and governments have decided to support a series of initiatives to mitigate risks and threats belonging to the automotive domain. The Controller Area Network (CAN) is the primary communication protocol in the automotive field, and the integrity of the communication over this network is assured through Message Authentication Codes (MAC). However, limitations in throughput and frame size limit the application of this technique to specific versions of the CAN protocol, leaving several vehicles still unprotected. This paper presents CAN Multiplexed MAC (CAN-MM), a new approach exploiting frequency modulation to multiplex MAC data with standard CAN communication. CAN-MM allows transmitting MAC payloads maintaining full-back compatibility with all versions of the standard CAN protocol. Moreover, multiplexing allows sending DATA and MAC simultaneously.

CAN-MM: Multiplexed Message Authentication Code for Controller Area Network message authentication in road vehicles

TL;DR

The paper tackles securing CAN-based in-vehicle networks by embedding a MAC into standard CAN frames without changing their formats. It proposes CAN-MM, which uses OOK-based multiplexing to carry MAC data alongside CAN payloads, preserving backward compatibility across CAN-2.0, CAN-FD, and CAN-XL, and enabling parallel MAC verification. Through LTSpice simulations and a preliminary hardware prototype, the authors show minimal MAC-induced latency and robust demodulation, with a Type-B variant offering improved noise resilience. The approach supports SecOC-like authentication, mitigates MitM and replay threats, and aligns with evolving automotive cybersecurity regulations, all while preserving real-time schedulability. This could significantly reduce integration costs for cyber-secure CAN deployments while maintaining compatibility with existing ECUs and networks.

Abstract

The automotive market is increasingly profitable for cyberattacks with the constant shift toward fully interconnected vehicles. Electronic Control Units (ECUs) installed on cars often operate in a critical and hostile environment. Hence, both carmakers and governments have decided to support a series of initiatives to mitigate risks and threats belonging to the automotive domain. The Controller Area Network (CAN) is the primary communication protocol in the automotive field, and the integrity of the communication over this network is assured through Message Authentication Codes (MAC). However, limitations in throughput and frame size limit the application of this technique to specific versions of the CAN protocol, leaving several vehicles still unprotected. This paper presents CAN Multiplexed MAC (CAN-MM), a new approach exploiting frequency modulation to multiplex MAC data with standard CAN communication. CAN-MM allows transmitting MAC payloads maintaining full-back compatibility with all versions of the standard CAN protocol. Moreover, multiplexing allows sending DATA and MAC simultaneously.
Paper Structure (13 sections, 5 equations, 23 figures)

This paper contains 13 sections, 5 equations, 23 figures.

Table of Contents

  1. Introduction
  2. Background
  3. Related Works
  4. Technology
  5. Validation Model
  6. Experimental setup
  7. Noise and interference analysis
  8. SPICE Model
  9. Preliminary Hardware Implementation
  10. Experimental results
  11. CAN-MM Type-B
  12. Security Analysis
  13. Conclusion

Figures (23)

  • Figure 1: Vehicle CAN network surface attack scheme. A small CAN vehicle network scheme composed of 4 modules: ECM, TCM, DEFC, and VGT. These ECU communicate with sensors and actuators in real-time, making integration essential for their operation. (A) Corrupted vehicle CAN node runs unauthorized code. (B) Attack vector through external CAN module plugged upstream to CAN victim node. (C) The external CAN module directly accesses the OBD port inside the vehicle cabin.
  • Figure 2: Physical Electrical CAN-MM Signal Scheme
  • Figure 3: Application of the CAN-MM technology to both CAN 2.0 and CAN-FD frames
  • Figure 4: CAN-MM Transmitter & Receiver block scheme
  • Figure 5: CAN-MM MAC decoder Type-A block scheme
  • ...and 18 more figures