Abstract In this work, we propose defense techniques against message spoofing attacks in FlexRay networks. For this purpose, we explore how to leverage the slot- and channel-based FlexRay communication for ensuring the authenticity of safety-critical in-vehicle traffic. In particular, we suggest to split authentication tags across two physical independent channels, allowing for their concurrent transmission. This eventually leads to a higher degree of fault-tolerance and security. We put a special focus on the efficient management and distribution of cryptographic keys by using reversed hash chains. They allow us to derive new and forward-secure keys at low cost during operational runtime. Our evaluation consists of both a discussion and a practical implementation on an exemplary network. Assuming constrained hardware resources, we conclude that authentication for groups of time slots is the most promising approach in terms of timing and computational overhead.

Load

Load