Secure Broadcast with One-Time Signatures in Controller Area Networks

We use one-time signatures to assure authenticity for messages that are broadcast over a Controller Area Network (CAN). The advantage is that we can use the simplest one-way functions which are computationally efficient while authentication does not depend on disclosure delays as in the case of protocols based on one-way chains and time synchronization. As the size of the one-time signatures is proportional to the bit length of the signed message, another benefit in using them is due to the reduced size of messages that are broadcast in CAN. To avoid the use of authentication trees, which will allow multiple uses of the one-time signature, but increases the size of signatures as well as memory requirements, we use an upper layer of key-chains with time synchronization in order to commit the public keys that can be further used for signing at any instant. The theoretical results are followed by experimental results on development boards equipped with Free scale S12, a commonly used automotive grade microcontroller. We also benefit from the acceleration offered by the XGATE coprocessor available on S12X derivatives which significantly increases computational performances. To further increase efficiency we also design and use a hardware random number generator which saves computational time that otherwise will be spent to derive fresh key material.