Session Key Distribution Made Practical for CAN and CAN-FD Message Authentication

Yang Xiao, Shanghao Shi, Ning Zhang, Wenjing Lou, Y. Thomas Hou

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

8 Scopus citations


Automotive communication networks, represented by the CAN bus, are acclaimed for enabling real-time communication between vehicular ECUs but also criticized for their lack of effective security mechanisms. Various attacks have demonstrated that this security deficit renders a vehicle vulnerable to adversarial control that jeopardizes passenger safety. A recent standardization effort led by AUTOSAR has provided general guidelines for developing next-generation automotive communication technologies with built-in security mechanisms. A key security mechanism is message authentication between ECUs for countering message spoofing and replay attack. While many message authentication schemes have been proposed by previous work, the important issue of session key establishment with AUTOSAR compliance was not well addressed. In this paper, we fill this gap by proposing an AUTOSAR-compliant key management architecture that takes into account practical requirements imposed by the automotive environment. Based on this architecture, we describe a baseline session key distribution protocol called SKDC that realizes all designed security functionalities, and propose a novel secret-sharing-based protocol called SSKT that yields improved communication efficiency. Both SKDC and SSKT are customized for CAN/CAN-FD bus deployment. We implemented the two protocols on commercial microcontroller boards and evaluated their performance with hardware experiment and extrapolation analysis. The result shows while both protocols are performant, SSKT achieves superior computation and communication efficiency at scale.

Original languageEnglish
Title of host publicationProceedings - 36th Annual Computer Security Applications Conference, ACSAC 2020
Number of pages13
ISBN (Electronic)9781450388580
StatePublished - Dec 7 2020
Event36th Annual Computer Security Applications Conference, ACSAC 2020 - Virtual, Online, United States
Duration: Dec 7 2020Dec 11 2020

Publication series

NameACM International Conference Proceeding Series


Conference36th Annual Computer Security Applications Conference, ACSAC 2020
Country/TerritoryUnited States
CityVirtual, Online

Bibliographical note

Publisher Copyright:
© 2020 ACM.


  • Automotive communication networks
  • CAN
  • CAN-FD
  • key distribution
  • message authentication
  • secret sharing

ASJC Scopus subject areas

  • Software
  • Human-Computer Interaction
  • Computer Vision and Pattern Recognition
  • Computer Networks and Communications


Dive into the research topics of 'Session Key Distribution Made Practical for CAN and CAN-FD Message Authentication'. Together they form a unique fingerprint.

Cite this