Technical Field
The present disclosure relates to a method for authenticating packets in a controller area network (CAN), and more particularly, to an efficient authentication method capable of reducing latency when authenticating packets using a message authentication code (MAC), and an apparatus therefor.
Discussion of the Related Art
In a vehicle, data packet exchange between controllers is performed over a controller area network (CAN). Until recently, since an internal network of a vehicle operates independent of an external network, a means for protecting internal network information of the vehicle has not been provided. Accordingly, due to the properties of a vehicle CAN using a broadcasting method, there is a need for security technology for preventing information about vehicle driving from being stolen via a connection port for vehicle diagnosis or preventing malicious CAN packets from being inserted.
For security of a message in CAN packets, a message authentication code (MAC) method may be considered. The MAC refers to a relatively small amount of information used for message authentication. The MAC method will be described with reference to FIG. 1, which shows a MAC method.
In FIG. 1, it may be assumed that a message 131 is transmitted from a sender 110 to a receiver 120. At this time, the sender and the receiver share a private key (K) 141 and a MAC generation algorithm (i.e., a MAC algorithm 151) in advance. In the sender 110, the private key 141 and the message 131 are input to the MAC algorithm 151 to generate a MAC 161, and the MAC is transmitted to the receiver 120 along with the message 131. In the receiver 120, the received message and the shared private key are input to a MAC algorithm 151′ to calculate a MAC 161′, and the calculated MAC 161′ is compared with the received MAC 161 to verify integrity of the message.
In the CAN, when the MAC method is used for security, a space in a CAN frame, into which MAC data for authentication is inserted, is lacking. More specifically, although data available in the CAN frame has a maximum of 64 bits, if general MAC data is inserted into the frame, the size of the CAN data inserted into the frame is reduced to less than half 64 bits. In addition, it is difficult to apply the MAC method to an electronic apparatus sensitive to latency, such as a vehicle brake or an air bag.