Numerous hacking attempts on modern vehicles have recently demonstrated that an adversary can remotely control a vehicle using vulnerable telematics services. In these attempts, a masquerade attack impersonating some safety-critical electronic control units (ECUs) is usually performed to control a vehicle. In the last decade, several message authentication protocols for controller area network (CAN) have been proposed to protect vehicles from masquerade attacks. However, some message authentication protocols are not enough to protect a vehicle from masquerade attacks by compromised ECUs. Other protocols that are secure against masquerade attacks fill the network capacity of CAN up to 100% or require hardware modifications of the CAN-controller, dedicated hardware used for CAN communications. In this paper, we propose a new authentication protocol, MAuth-CAN, that is secure against masquerade attacks. MAuth-CAN neither fills up to 100% of the network capacity nor requires hardware modifications of a CAN-controller. In addition, we propose a technique that protects ECUs from bus-off attacks, and apply the technique to MAuth-CAN for handling bus-off attacks.

中文翻译：

---

MAuth-CAN：车载网络的伪装防攻击认证

最近对现代车辆的大量黑客攻击表明，攻击者可以使用易受攻击的远程信息处理服务远程控制车辆。在这些尝试中，通常会执行冒充某些安全关键电子控制单元 (ECU) 的伪装攻击来控制车辆。在过去的十年中，已经提出了几种用于控制器局域网 (CAN) 的消息认证协议来保护车辆免受伪装攻击。然而，一些消息认证协议不足以保护车辆免受受损 ECU 的伪装攻击。其他可以安全抵御伪装攻击的协议将 CAN 的网络容量填充到 100%，或者需要对 CAN 控制器（用于 CAN 通信的专用硬件）进行硬件修改。在本文中，我们提出了一种新的身份验证协议，MAuth-CAN，可安全抵御伪装攻击。MAuth-CAN 既不会填充多达 100% 的网络容量，也不需要对 CAN 控制器进行硬件修改。此外，我们提出了一种保护 ECU 免受总线关闭攻击的技术，并将该技术应用于 MAuth-CAN 以处理总线关闭攻击。