A Multilevel Electronic Control Unit Re-Encryption Scheme for Autonomous Vehicles

Electronic control units (ECUs) connected by a controller area network (CAN) are used to perform various functions in modern vehicles. In the latest autonomous vehicles, redundant ECUs and a backup bus (different from CAN) are always equipped to prevent a single point of failure or network attack. However, due to the lack of protection measures of CAN bus, attackers can remotely intrude into the vehicle. Many schemes have proposed to use encryption to solve the security problem of CAN bus. Considering the current ECU storage space is limited, it is impossible to store all ECUs' keys. When a single point of failure or network attack against an ECU occurs, it is necessary for the backup ECU to process the messages related to the failed ECU. How to ensure that the backup ECU can decrypt the encrypted messages and at the same time securely isolates the backbone network from the backup network is an urgent issue to be solved. In order to solve the problem of forwarding and processing such messages under encryption conditions, we propose an efficient re-encryption scheme based on proxy re-encryption. The scheme is also suitable for cross-bus communication without backup networks. Burrows-Abadi-Needham (BAN) logic, random oracle model and Automated Validation of Internet Security Protocols and Applications (AVISPA) tool are utilized to prove that the scheme is secure. The scheme is simulated based on the MIRACL cryptography library on the computer and Raspberry Pi. The simulation results demonstrate that the proposed scheme is secure compared with the existing scheme.