Field of the Invention
The present invention relates to a method for authenticating packets in a controller area network (CAN), and more particularly, to a more efficient authentication method using a mixture of divided message authentication codes (MACs) and an apparatus therefor.
Discussion of the Related Art
In a vehicle, data packet exchange between controllers is performed over a controller area network (CAN). In currently released vehicles, until recently, since an internal network of a vehicle operates independently of an external network, protection means (e.g., authentication) of internal network information of the vehicle has not been provided. Accordingly, due to the properties of a vehicle CAN using a broadcasting method, security technology for preventing information regarding a traveling vehicle from being stolen via a connection port for vehicle diagnosis or preventing malicious CAN packets from being inserted has not been provided.
For security of a message in CAN packets, a message authentication code (MAC) method may be considered. The MAC refers to a minimal amount of information used for message authentication. The MAC method will be described with reference to FIG. 1. FIG. 1 shows an exemplary MAC method according to the related art.
FIG. 1 is illustrated under the assumption that a message 131 is transmitted from a sender 110 to a receiver 120. The sender and the receiver share a private key (K) 141 and a MAC generation algorithm (e.g., a MAC algorithm 151) in advance. In the sender 110, the private key 141 and the message 131 are input to the MAC algorithm 151 to generate a MAC 161 and the MAC is transmitted to the receiver 120 together with the message 131. In the receiver 120, the received message and the shared private key are input to a MAC algorithm 151′ to calculate a MAC 161′ and the calculated MAC 161′ is compared with the received MAC 161 to verify integrity of the message.
Further, in the CAN, when the MAC method is used for security, a space in a CAN frame, into which MAC data for authentication is inserted, is lacking. More specifically, although data available in the CAN frame has a maximum of 64 bits, when general MAC data is inserted into the frame, the size of the CAN data inserted into the frame is reduced to less than half 64 bits. In addition, it may be difficult to apply the MAC method to an electronic apparatus sensitive to latency, such as a vehicle brake or an air bag.