If M k is not a security critical message then C k 0 and P k Q k 1 The

If m k is not a security critical message then c k 0

This preview shows page 37 - 40 out of 106 pages.

If M k is not a security-critical message, then C k = 0 and P k = Q k = 1. The following decision variables for M k are defined: x k : the length of the MAC. y k : the length of the least significant bits of the counter. The following constraints for M k are defined: The total length of MACs and least significant bits of the counter should be smaller than or equal to L k . The length of least significant bits of the counter should be larger than or equal to C k . The probability of a successful attack should be smaller than or equal to P k . The probability that a node is out of synchronization should be smaller than or equal to Q k . The constraints in mathematical forms are defined as follows:
Image of page 37
4.5 Analysis 33 x k + y k L k , (4.1) y k C k , (4.2) 2 x k P k , (4.3) q 2 y k Q k . (4.4) The last two constraints also define the probability of a false acceptance (a node accepts messages which it should reject) and a false rejection (a node rejects messages which it should accept). One can easily derive the minimal values of x k and y k and then compute the message latency using the equation [ 33 ]: l k = B + i hp ( k ) l k R i S i + n i x i + y i R , (4.5) where l k is the latency of M k , B = max i S i + n i x i + y i R , and hp ( k ) is the index set of messages with higher priorities than M k . By using a traditional fix-point calculation, the latency is computed through an iterative method until convergence (if a solution exists). A test case with 17 security-critical messages among 138 messages is used, and q = 0 . 1, R = 500kbps, L k = 32 bits, C k = 1 bit for all security-critical messages. Tables 4.2 and 4.3 show the relative bus loads and average latencies with different values of P and Q , where P k = P and Q k = Q for all k , under the assumptions that the n k ’s are 1 and 3, respectively. The number of receivers was not known, so a simple assumption is used. If this information is provided, more general experiments Table 4.2 The relative bus load and average message latency under n k = 1 and different values of P and Q where “—” means that there is no feasible solution. Without the security mechanism, the original bus load 376.44kbps and average message latency 11.535ms are both scaled to 1 Q P 10 1 10 4 10 7 10 10 10 13 Load Avg L. Load Avg L. Load Avg L. Load Avg L. Load Avg L. 10 1 1.0094 1.0241 1.0113 1.0267 1.0131 1.0288 1.0150 1.0322 1.0150 1.0488 10 2 1.0150 1.0322 1.0169 1.0394 1.0188 1.0425 1.0206 1.0445 1.0206 1.0612 10 3 1.0206 1.0445 1.0225 1.0481 1.0244 1.0506 1.0263 1.0571 1.0263 1.0741 10 4 1.0282 1.0591 1.0300 1.0625 1.0319 1.0646 1.0338 1.0668 1.0338 1.0839 10 5 1.0338 1.0668 1.0357 1.0733 1.0375 1.0767 1.0394 1.0789 1.0394 1.0962 10 6 1.0394 1.0789 1.0413 1.0832 1.0432 1.0883 1.0451 1.0968 1.0451 1.1144 10 7 1.0469 1.0987 1.0488 1.1007 1.0507 1.1040 1.0526 1.1061 1.0526 1.1238 10 8 1.0526 1.1061 1.0544 1.1129 1.0563 1.1181 1.0582 1.1213 1.0582 1.1393 10 9 1.0582 1.1213 1.0601 1.1232 10 10
Image of page 38
34 4 Security Mechanisms for CAN Protocol Table 4.3 The relative bus load and average message latency under n k = 3 and different values of P and Q where “—” means that there is no feasible solution. Without the security mechanism, the original bus load 376.44kbps and average message latency 11.535ms are both scaled to 1 Q P 10 1 10 4 10 7 10 10 10 13 Load Avg L. Load Avg L. Load Avg L. Load Avg L. Load Avg L.
Image of page 39
Image of page 40

You've reached the end of your free preview.

Want to read all 106 pages?

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture