A Provable Secure Session Key Distribution Protocol Based on NSSK for In-Vehicle CAN Network

Abstract

Many CAN-based session key sharing approaches are based on the group key scheme, which can easily lead advanced adversaries to infiltrate all ECUs (electronic control units) in the network if the sharing key is leaked. To address the above problem, we propose a provable secure session key distribution protocol based on the improved NSSK (Needham–Schroeder shared key) protocol for the in-vehicle CAN network. We applied the mechanisms of message authentication and digital signature to fix the defects of the original NSSK regarding its lack of resistance to the Denning–Sacco attack. Then, we analyzed the provable security of the proposed protocol on the random oracle model and verified the security goals of the protocol by using the simulation tools AVISPA and Tamarin Prover; the results reflect that the protocol met the security requirements for key distribution such as session key secrecy, injective agreement, and known key secrecy. Finally, we compared our new protocol with other key distribution protocols in CAN bus communication to evaluate the performance of the new protocol in actual scenarios. The result shows that the protocol is secure against many payload-based attacks and is practical for in-vehicle CAN networks.