Lightweight Cryptography and Physically Unclonable Functions for Secure In-Vehicle Communications

Modern vehicles are complex cyber-physical systems that rely on In-Vehicle networks to coordinate the operation of multiple Electronic Control Units (ECUs). Among the various communication protocols adopted in this domain, the Controller Area Network (CAN) remains the most widespread due to its reliability and performance. However, it is inherently insecure, making vehicles increasingly vulnerable to cyber threats, especially in the context of growing connectivity and emerging post-quantum risks. This paper proposes a protocol to enhance the security of CAN networks, combining Physically Unclonable Functions (PUFs) for efficient ECU authentication and Lightweight AEAD (Authenticated Encryption with Associated Data) and Post-Quantum Cryptography for the confidentiality of communications. The protocol is notable for its low computational complexity, requiring only 2 messages for the authentication of all nodes in the network, and its compatibility with the standard 8-byte CAN frame. This aspect makes our protocol a powerful, robust, high-performance, and scalable security solution that can be integrated into current and next-generation in-vehicle networks, making it suitable for the safety-critical automotive context.