Defending the CAN bus Part 2: Cryptography
Each episode in the series covers one technique for defending the CAN bus. Episode 1 introduced CAN attacks and talked about intrusion detection, the CCTV of CAN bus.
This episode describes cryptography. It discusses how the needs of a distributed real-time control system impact on the requirements for a cryptographic system. The implementation issues are covered, including a case study of the CryptoCAN scheme from Canis Labs, and a description of the SHE standard for automotive hardware security modules (HSMs).
One of the most important things to appreciate when choosing to adopt a cryptographic system is how keys are going to be handled. This tweet puts it perfectly:
Cryptography is a machine for turning any problem into a key management problem. https://t.co/njv0fPBfG3
— Stephan Neuhaus (@stephanneuhaus1) November 16, 2021
And it should be clear from this episode of the Defending CAN video series that this applies to cryptography on CAN too. The SHE+ extension was required to protect the authentication keys better to prevent forgery in the case of a hijacked receiver. And there are many more problems: to change keys (such as when removing a component from one vehicle and putting into another one) the ECU master key must be known. This must be unique per vehicle, which means it’s stored in a database somewhere - a database that must be regularly accessed for provisioning in a factory and also by workshop tools to re-provision a component (either moving one from one vehicle to another or installing a new replacement). How is this access protected?
We can see today in the mainstream IT world how public key encryption (PKE) was conceptually simple ‘merely’ requiring trusted third parties as part of a public key infrastructure (PKI) lead to social engineering attacks on staff at certificate issuers, phishing attacks on ordinary users to get them to add a new root certificate, and many other unanticipated vulnerabilities (particularly awful are the buffer overrun vulnerabilities in security gatekeeper code that parses the certificates!).
There’s for sure a role for cryptography in embedded systems but it’s important to know the consequences. To quote Chandler in Friends: “Oh God. Can open, worms everywhere.”
Anyway, enough about cryptography. Episode 3 of this series covers the third defensive technique: security gateways. A case study of the Canis Labs security gateway is used to show how getting CAN frame buffering right is crucial.