TOUCAN: A proTocol tO secUre Controller Area Network
This addresses the critical problem of securing in-vehicle networks against malicious attacks for automotive safety, representing an incremental improvement by building on existing CAN and AUTOSAR standards.
The paper tackles the security of data exchange between Electronic Control Units in modern cars by introducing TOUCAN, a new protocol that ensures authenticity, integrity, and confidentiality without requiring hardware upgrades or new components, achieving this with minimal overhead through a reduction in frame data field size.
Modern cars are no longer purely mechanical devices but shelter so much digital technology that they resemble a network of computers. Electronic Control Units (ECUs) need to exchange a large amount of data for the various functions of the car to work, and such data must be made secure if we want those functions to work as intended despite malicious activity by attackers. TOUCAN is a new security protocol designed to be secure and at the same time both CAN and AUTOSAR compliant. It achieves security in terms of authenticity, integrity and confidentiality, yet without the need to upgrade (the hardware of) existing ECUs or enrich the network with novel components. The overhead is tiny, namely a reduction of the size of the Data field of a frame. A prototype implementation exhibits promising performance on a STM32F407Discovery board.