CANASTA: Controller Area Network Authentication Schedulability Timing Analysis

The Controller Area Network (CAN) dominates in-vehicle networking systems in modern vehicles. CAN was designed with low-latency and reliability as key features. Authenticity of a CAN frame was not considered in the design, thus, most in-vehicle network nodes inherently trust received messages as coming from a legitimate source. As a result, it is trivial to program (or hack) a network node to spoof traffic. Authentication is challenging for CAN and related protocols, such as SAE J1939, due to limited frame sizes and high bus utilization. Adding a message authentication code (MAC) as a separate message can unduly stress the real-time delivery of safety-critical messages. Although this stressor is well-known, the impact of authentication protocols on real-time message delivery in CAN has not yet been thoroughly examined. In this paper, we provide the first comprehensive analysis of real-time schedulability analysis applied to authentication schemes for CAN, CAN Flexible Data-rate (CAN FD), and CAN extra long payload (CAN XL). We formulate the response time analysis for addition of MACs and periodic transmission of MACs, and we examine their impact on two case studies and through evaluation with randomized schedulability experiments over a wide range of message sets.