Broadcast bus networks are based on the principle of broadcast transmission technique in which a message to be transmitted on the bus is sent to all the nodes connected to that network including the one for which the message is intended and the one from which the message was sent. In some of these networks, the nodes do not possess a physical address like an Internet Protocol (IP) address as it is the case in networks such as Ethernet for instance. Rather, the addressing system of these networks is based on message identifiers which are unique network-wide. In these networks, nodes look inside the broadcasted message to see if it was meant for them. If it is the case, the node to which the message was intended processes it. Otherwise, the message is simply discarded.
It is to be noted that some of these broadcast bus networks do not have intrinsic support for any kind of security such as assuring authenticity of the broadcasted messages, for instance. Indeed, in such networks the message identifier only designates the information contained in the message while neither the origin nor the destination node is included. This is mainly due to the fact that the usual sender of each message type is implicitly known, however a node has no possibility to verify this assumption. In this context, nodes cannot detect that an illegal message originates from a non-authentic source, for instance. Therefore, nodes can incorrectly rely on forged contents of an illegal message and consequently perform unauthorised actions.
It may be understandable that a certain level of security is not needed where these networks are operating in a secure environment. However, when operating in a less secure environment, broadcast bus networks are opened to intruders which can manipulate the broadcasted messages or inject forged messages in a way to illegally trigger sensitive or critical functions, for instance. Some documents suggest using message authentication codes (MAC) or digital signatures appended to the transmitted messages in order to address such weaknesses as indicated in: Tobias Hoppe, Stefan Kiltz, and Jana Dittmann. 2008. “Security Threats to Automotive CAN Networks—Practical Examples and Selected Short-Term Countermeasures” (p 241); In Proceedings of the 27th international conference on Computer Safety, Reliability, and Security (SAFECOMP '08), Michael D. Harrison and Mark-Alexander Sujan (Eds.); Springer-Verlag, Berlin, Heidelberg, 235-248; DOI=10.1007/978-3-540-87698-4_21 http://dx.doi.org/10.1007/978-3-540-87698-4_21.
However, such solution is not appropriate because of both the computational and communication overhead it involves thus leading to large authentication delays which are unacceptable in certain critical applications. Additionally, this solution would require the implementation of cryptographic measures in all the nodes of the broadcast bus network, thus leading to an increase of the cost of the nodes.