Security architecture for automotive communication networks with CAN FD

Modern vehicles have dozens of electronic modules, connected through sophisticated intra-vehicle networks, which essentially control all the vehicle functions. Recent studies have shown the vulnerability of vehicular computer systems, but the existing security models are not enough robust yet because the busload and level of cryptographic strategy are not considered enough to be implemented in the frame. This work proposes a new security model for the Controller Area Network with Flexible Data-Rate (CAN FD), based on encryption and authentication. The model divides the frame data field into two blocks. The AES-256 (Advanced Encryption Standard) symmetric key encryption is applied to the first block of the data frame, whose content is the data corresponding to the payload of the frame. The authentication of the data in the first block is executed through the implementation of the HMAC/SHA-256 function and inserted in the second block. Performance analysis has shown that the combination of 32 bytes for the first block and 32 bytes for the second one provides the shortest processing time and 33.33% fewer data compared to frame 48. Results indicated that the proposed security model has a higher encryption performance than existing methods.