Cargando…

A Novel Message-Preserving Scheme with Format-Preserving Encryption for Connected Cars in Multi-Access Edge Computing

In connected cars with various electronic control unit (ECU) modules, Ethernet is used to communicate data received by the sensor in real time, but it is partially used alongside a controller area network (CAN) due to the cost. There are security threats in the CAN, such as replay attacks and denial...

Descripción completa

Detalles Bibliográficos
Autores principales: Oh, Insu, Kim, Taeeun, Yim, Kangbin, Lee, Sun-Young
Formato: Online Artículo Texto
Lenguaje:English
Publicado: MDPI 2019
Materias:
Acceso en línea:https://www.ncbi.nlm.nih.gov/pmc/articles/PMC6766819/
https://www.ncbi.nlm.nih.gov/pubmed/31500320
http://dx.doi.org/10.3390/s19183869
_version_ 1783454774923886592
author Oh, Insu
Kim, Taeeun
Yim, Kangbin
Lee, Sun-Young
author_facet Oh, Insu
Kim, Taeeun
Yim, Kangbin
Lee, Sun-Young
author_sort Oh, Insu
collection PubMed
description In connected cars with various electronic control unit (ECU) modules, Ethernet is used to communicate data received by the sensor in real time, but it is partially used alongside a controller area network (CAN) due to the cost. There are security threats in the CAN, such as replay attacks and denial-of-service attacks, which can disrupt the driver or cause serious damage, such as a car accident through malicious manipulation. Although several secure protocols for protecting CAN messages have been proposed, they carry limitations, such as combining additional elements for security or modifying CAN messages with a limited length. Therefore, in this paper, we propose a method for encrypting the data frame, including real data in the CAN message structure, using format-preserving encryption (FPE), which ensures that the plaintext and ciphertext have the same format and length. In this way, block ciphers such as AES-128 must be divided into two or three blocks, but FPE can be processed simultaneously by encrypting them according to the CAN message format, thus providing better security against denial-of-service attacks. Based on the 150 ms CAN message, a normal message was received from a malicious message injection of 180 ms or more for AES-128 and a malicious message injection of 100 ms or more for FPE. Finally, based on the proposed scheme, a CAN transmission environment is constructed for analyzing the encryption/decryption rate and the process of transmitting and processing the encrypted message for connected cars in multi-access edge computing (MEC). This scheme is compared with other algorithms to verify that it can be used in a real environment.
format Online
Article
Text
id pubmed-6766819
institution National Center for Biotechnology Information
language English
publishDate 2019
publisher MDPI
record_format MEDLINE/PubMed
spelling pubmed-67668192019-10-02 A Novel Message-Preserving Scheme with Format-Preserving Encryption for Connected Cars in Multi-Access Edge Computing Oh, Insu Kim, Taeeun Yim, Kangbin Lee, Sun-Young Sensors (Basel) Article In connected cars with various electronic control unit (ECU) modules, Ethernet is used to communicate data received by the sensor in real time, but it is partially used alongside a controller area network (CAN) due to the cost. There are security threats in the CAN, such as replay attacks and denial-of-service attacks, which can disrupt the driver or cause serious damage, such as a car accident through malicious manipulation. Although several secure protocols for protecting CAN messages have been proposed, they carry limitations, such as combining additional elements for security or modifying CAN messages with a limited length. Therefore, in this paper, we propose a method for encrypting the data frame, including real data in the CAN message structure, using format-preserving encryption (FPE), which ensures that the plaintext and ciphertext have the same format and length. In this way, block ciphers such as AES-128 must be divided into two or three blocks, but FPE can be processed simultaneously by encrypting them according to the CAN message format, thus providing better security against denial-of-service attacks. Based on the 150 ms CAN message, a normal message was received from a malicious message injection of 180 ms or more for AES-128 and a malicious message injection of 100 ms or more for FPE. Finally, based on the proposed scheme, a CAN transmission environment is constructed for analyzing the encryption/decryption rate and the process of transmitting and processing the encrypted message for connected cars in multi-access edge computing (MEC). This scheme is compared with other algorithms to verify that it can be used in a real environment. MDPI 2019-09-07 /pmc/articles/PMC6766819/ /pubmed/31500320 http://dx.doi.org/10.3390/s19183869 Text en © 2019 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (http://creativecommons.org/licenses/by/4.0/).
spellingShingle Article
Oh, Insu
Kim, Taeeun
Yim, Kangbin
Lee, Sun-Young
A Novel Message-Preserving Scheme with Format-Preserving Encryption for Connected Cars in Multi-Access Edge Computing
title A Novel Message-Preserving Scheme with Format-Preserving Encryption for Connected Cars in Multi-Access Edge Computing
title_full A Novel Message-Preserving Scheme with Format-Preserving Encryption for Connected Cars in Multi-Access Edge Computing
title_fullStr A Novel Message-Preserving Scheme with Format-Preserving Encryption for Connected Cars in Multi-Access Edge Computing
title_full_unstemmed A Novel Message-Preserving Scheme with Format-Preserving Encryption for Connected Cars in Multi-Access Edge Computing
title_short A Novel Message-Preserving Scheme with Format-Preserving Encryption for Connected Cars in Multi-Access Edge Computing
title_sort novel message-preserving scheme with format-preserving encryption for connected cars in multi-access edge computing
topic Article
url https://www.ncbi.nlm.nih.gov/pmc/articles/PMC6766819/
https://www.ncbi.nlm.nih.gov/pubmed/31500320
http://dx.doi.org/10.3390/s19183869
work_keys_str_mv AT ohinsu anovelmessagepreservingschemewithformatpreservingencryptionforconnectedcarsinmultiaccessedgecomputing
AT kimtaeeun anovelmessagepreservingschemewithformatpreservingencryptionforconnectedcarsinmultiaccessedgecomputing
AT yimkangbin anovelmessagepreservingschemewithformatpreservingencryptionforconnectedcarsinmultiaccessedgecomputing
AT leesunyoung anovelmessagepreservingschemewithformatpreservingencryptionforconnectedcarsinmultiaccessedgecomputing
AT ohinsu novelmessagepreservingschemewithformatpreservingencryptionforconnectedcarsinmultiaccessedgecomputing
AT kimtaeeun novelmessagepreservingschemewithformatpreservingencryptionforconnectedcarsinmultiaccessedgecomputing
AT yimkangbin novelmessagepreservingschemewithformatpreservingencryptionforconnectedcarsinmultiaccessedgecomputing
AT leesunyoung novelmessagepreservingschemewithformatpreservingencryptionforconnectedcarsinmultiaccessedgecomputing