Annual Computer Security Applications Conference (ACSAC) 2017

Full Program »

VulCAN: Efficient Component Authentication and Software Isolation for Automotive Control Networks

Vehicular communication networks have been subject to a growing number of attacks that put the safety of passengers at risk. This resulted in millions of vehicles being recalled and lawsuits against car manufacturers. While recent standardization efforts address security, no practical solutions are implemented in current cars.

This paper presents VulCAN, a generic design for efficient vehicle message authentication, plus software component attestation and isolation using lightweight trusted computing technology. Specifically, we advance the state-of-the-art by not only protecting against network attackers, but also against substantially stronger adversaries capable of arbitrary code execution on participating electronic control units. We demonstrate the feasibility and practicality of VulCAN by implementing and evaluating two previously proposed, industry standard-compliant message authentication protocols on top of Sancus, an open-source embedded protected module architecture. Our results are promising, showing that strong, hardware-enforced security guarantees can be met with a minimal trusted computing base without violating real-time deadlines under benign conditions.

Jo Van Bulck
imec-DistriNet, KU Leuven
Belgium

Jan Tobias Muehlberg
imec-DistriNet, KU Leuven
Belgium

Frank Piessens
imec-DistriNet, KU Leuven
Belgium

 

Powered by OpenConf®
Copyright©2002-2017 Zakon Group LLC