If
M
k
is not a security-critical message, then
C
k
=
0 and
P
k
=
Q
k
=
1. The
following decision variables for
M
k
are defined:
•
x
k
: the length of the MAC.
•
y
k
: the length of the least significant bits of the counter.
The following constraints for
M
k
are defined:
•
The total length of MACs and least significant bits of the counter should be smaller
than or equal to
L
k
.
•
The length of least significant bits of the counter should be larger than or equal to
C
k
.
•
The probability of a successful attack should be smaller than or equal to
P
k
.
•
The probability that a node is out of synchronization should be smaller than or
equal to
Q
k
.
The constraints in mathematical forms are defined as follows:

4.5
Analysis
33
x
k
+
y
k
≤
L
k
,
(4.1)
y
k
≥
C
k
,
(4.2)
2
−
x
k
≤
P
k
,
(4.3)
q
2
y
k
≤
Q
k
.
(4.4)
The last two constraints also define the probability of a false acceptance (a node
accepts messages which it should reject) and a false rejection (a node rejects messages
which it should accept). One can easily derive the minimal values of
x
k
and
y
k
and
then compute the message latency using the equation [
33
]:
l
k
=
B
+
i
∈
hp
(
k
)
l
k
R
i
S
i
+
n
i
x
i
+
y
i
R
,
(4.5)
where
l
k
is the latency of
M
k
,
B
=
max
i
S
i
+
n
i
x
i
+
y
i
R
, and hp
(
k
)
is the index set of
messages with higher priorities than
M
k
. By using a traditional fix-point calculation,
the latency is computed through an iterative method until convergence (if a solution
exists).
A test case with 17 security-critical messages among 138 messages is used, and
q
=
0
.
1,
R
=
500kbps,
L
k
=
32 bits,
C
k
=
1 bit for all security-critical messages.
Tables
4.2
and
4.3
show the relative bus loads and average latencies with different
values of
P
and
Q
, where
P
k
=
P
and
Q
k
=
Q
for all
k
, under the assumptions
that the
n
k
’s are 1 and 3, respectively. The number of receivers was not known, so a
simple assumption is used. If this information is provided, more general experiments
Table 4.2
The relative bus load and average message latency under
n
k
=
1 and different values of
P
and
Q
where “—” means that there is no feasible solution. Without the security mechanism, the
original bus load 376.44kbps and average message latency 11.535ms are both scaled to 1
Q
P
10
−
1
10
−
4
10
−
7
10
−
10
10
−
13
Load
Avg L.
Load
Avg L.
Load
Avg L.
Load
Avg L.
Load
Avg L.
10
−
1
1.0094
1.0241
1.0113
1.0267
1.0131
1.0288
1.0150
1.0322
1.0150
1.0488
10
−
2
1.0150
1.0322
1.0169
1.0394
1.0188
1.0425
1.0206
1.0445
1.0206
1.0612
10
−
3
1.0206
1.0445
1.0225
1.0481
1.0244
1.0506
1.0263
1.0571
1.0263
1.0741
10
−
4
1.0282
1.0591
1.0300
1.0625
1.0319
1.0646
1.0338
1.0668
1.0338
1.0839
10
−
5
1.0338
1.0668
1.0357
1.0733
1.0375
1.0767
1.0394
1.0789
1.0394
1.0962
10
−
6
1.0394
1.0789
1.0413
1.0832
1.0432
1.0883
1.0451
1.0968
1.0451
1.1144
10
−
7
1.0469
1.0987
1.0488
1.1007
1.0507
1.1040
1.0526
1.1061
1.0526
1.1238
10
−
8
1.0526
1.1061
1.0544
1.1129
1.0563
1.1181
1.0582
1.1213
1.0582
1.1393
10
−
9
1.0582
1.1213
1.0601
1.1232
—
—
—
—
—
—
10
−
10
—
—
—
—
—
—
—
—
—
—

34
4
Security Mechanisms for CAN Protocol
Table 4.3
The relative bus load and average message latency under
n
k
=
3 and different values of
P
and
Q
where “—” means that there is no feasible solution. Without the security mechanism, the
original bus load 376.44kbps and average message latency 11.535ms are both scaled to 1
Q
P
10
−
1
10
−
4
10
−
7
10
−
10
10
−
13
Load
Avg L.
Load
Avg L.
Load
Avg L.
Load
Avg L.
Load
Avg L.

#### You've reached the end of your free preview.

Want to read all 106 pages?

- Fall '19
- Computer Security, The Land, Symposium, Message authentication code, Cyber-Physical Systems, Security-Aware Design