Broadcast Authentication in a Low Speed Controller Area Network

Controller Area Network (CAN) is a communication bus that has no cryptographic protection against malicious adversaries. Once isolated, the environments in which CAN operates are now opened to intruders and assuring broadcast authentication becomes a concern. To achieve this, public key primitives are not a solution because of the computational constraints, but symmetric primitives can be used with time synchronization at the cost of additional delays. Here we study several trade-offs on computational speed, memory and bandwidth having the main intention to depict the lower bounds on the efficiency of such protocols. For this purpose we use a wide spread controller from Freescale located somewhat on the edge of the market capable of low speed, fault tolerant CAN communication. To further improve the computations we also make use of the XGATE co-processor available on the S12X derivative. The performance of both hash functions and block ciphers is examined for efficient construction of the key chains.