In-Vehicle Network Security Using Secure Element

Keisuke TAKEMORI  Seiichiro MIZOGUCHI  Hideaki KAWABATA  Ayumu KUBOTA  

IEICE TRANSACTIONS on Fundamentals of Electronics, Communications and Computer Sciences   Vol.E99-A   No.1   pp.208-216
Publication Date: 2016/01/01
Online ISSN: 1745-1337
DOI: 10.1587/transfun.E99.A.208
Type of Manuscript: INVITED PAPER (Special Section on Intelligent Transport Systems)
CAN,  MAC,  secure element,  secure boot,  key exchange,  

Full Text: PDF>>
Buy this Article

As there are no security mechanisms in the vehicle controller area network (CAN) protocol, it is easy to inject fake packets, codes and electric control units (ECUs) in the CAN to hijack vehicle control. Security countermeasures for both the CAN and the ECU are urgently required to improve driving safety. In this paper, we propose in-vehicle network securities using the hardware secure elements as follows: (i) secure boot of ECU, (ii) authentication of an ECU, (iii) authentication of a CAN packet, and (iv) cipher key exchange procedures from a master ECU to slave ECUs. The security algorithms are implemented in a subscriber identity module card (SIM) embedded in the master ECU's board and in a hardware security module (HSM) embedded in a slave ECU. The SIM generates and distributes cipher keys to the authenticated HSM. Then, the HSM generates a media authentication code (MAC) for the CAN packet by using the cipher keys.