If M k is not a security critical message then C k 0 and P k Q k 1 The

# If m k is not a security critical message then c k 0

This preview shows page 37 - 40 out of 106 pages.

If M k is not a security-critical message, then C k = 0 and P k = Q k = 1. The following decision variables for M k are defined: x k : the length of the MAC. y k : the length of the least significant bits of the counter. The following constraints for M k are defined: The total length of MACs and least significant bits of the counter should be smaller than or equal to L k . The length of least significant bits of the counter should be larger than or equal to C k . The probability of a successful attack should be smaller than or equal to P k . The probability that a node is out of synchronization should be smaller than or equal to Q k . The constraints in mathematical forms are defined as follows:
4.5 Analysis 33 x k + y k L k , (4.1) y k C k , (4.2) 2 x k P k , (4.3) q 2 y k Q k . (4.4) The last two constraints also define the probability of a false acceptance (a node accepts messages which it should reject) and a false rejection (a node rejects messages which it should accept). One can easily derive the minimal values of x k and y k and then compute the message latency using the equation [ 33 ]: l k = B + i hp ( k ) l k R i S i + n i x i + y i R , (4.5) where l k is the latency of M k , B = max i S i + n i x i + y i R , and hp ( k ) is the index set of messages with higher priorities than M k . By using a traditional fix-point calculation, the latency is computed through an iterative method until convergence (if a solution exists). A test case with 17 security-critical messages among 138 messages is used, and q = 0 . 1, R = 500kbps, L k = 32 bits, C k = 1 bit for all security-critical messages. Tables 4.2 and 4.3 show the relative bus loads and average latencies with different values of P and Q , where P k = P and Q k = Q for all k , under the assumptions that the n k ’s are 1 and 3, respectively. The number of receivers was not known, so a simple assumption is used. If this information is provided, more general experiments Table 4.2 The relative bus load and average message latency under n k = 1 and different values of P and Q where “—” means that there is no feasible solution. Without the security mechanism, the original bus load 376.44kbps and average message latency 11.535ms are both scaled to 1 Q P 10 1 10 4 10 7 10 10 10 13 Load Avg L. Load Avg L. Load Avg L. Load Avg L. Load Avg L. 10 1 1.0094 1.0241 1.0113 1.0267 1.0131 1.0288 1.0150 1.0322 1.0150 1.0488 10 2 1.0150 1.0322 1.0169 1.0394 1.0188 1.0425 1.0206 1.0445 1.0206 1.0612 10 3 1.0206 1.0445 1.0225 1.0481 1.0244 1.0506 1.0263 1.0571 1.0263 1.0741 10 4 1.0282 1.0591 1.0300 1.0625 1.0319 1.0646 1.0338 1.0668 1.0338 1.0839 10 5 1.0338 1.0668 1.0357 1.0733 1.0375 1.0767 1.0394 1.0789 1.0394 1.0962 10 6 1.0394 1.0789 1.0413 1.0832 1.0432 1.0883 1.0451 1.0968 1.0451 1.1144 10 7 1.0469 1.0987 1.0488 1.1007 1.0507 1.1040 1.0526 1.1061 1.0526 1.1238 10 8 1.0526 1.1061 1.0544 1.1129 1.0563 1.1181 1.0582 1.1213 1.0582 1.1393 10 9 1.0582 1.1213 1.0601 1.1232 10 10
34 4 Security Mechanisms for CAN Protocol Table 4.3 The relative bus load and average message latency under n k = 3 and different values of P and Q where “—” means that there is no feasible solution. Without the security mechanism, the original bus load 376.44kbps and average message latency 11.535ms are both scaled to 1 Q P 10 1 10 4 10 7 10 10 10 13 Load Avg L. Load Avg L. Load Avg L. Load Avg L. Load Avg L.

#### You've reached the end of your free preview.

Want to read all 106 pages?