LaaCan: A Lightweight Authentication Architecture for Vehicle Controller Area Network

Vehicle manufacturers are installing a large number of Electronic Control Units (ECU) inside vehicles. ECUs communicate among themselves via a Controller Area Network (CAN) to ensure better user experience and safety. CAN is considered as a de facto standard for efficient communication of an embedded control system network. However, it does not have sufficient built-in security features. The major challenges of securing CAN are that the hardware of the ECUs have limited computational power and the size of a CAN message is small. In this paper, a lightweight security solution, LaaCan is designed to secure CAN communication by adopting the Authenticated Encryption with Associated Data (AEAD) approach. The architecture ensures confidentiality, integrity, and authenticity of data transmission. The experimental results show that the delay of LaaCan can be reduced depending on hardware configurations. We consider it lightweight since it adds a low overhead regardless of performing encryption and authentication. We evaluate LaaCan using four metrics: communication overhead, network traffic load, cost of deployment, and compatibility with CAN specification. The evaluation results show that the proposed architecture keeps the network traffic unchanged, has low deployment cost, and is highly compatible with the specification of the protocol.