Combining Lightweight and Post-Quantum Cryptography with Physically Unclonable Functions for Secure In-Vehicle Communications

Modern vehicles are complex cyber-physical systems that rely on In-Vehicle networks to coordinate the operation of multiple Electronic Control Units (ECUs). Among the various communication protocols used in this domain, the Controller Area Network (CAN) remains the most widely adopted due to its reliability and performance. However, it is inherently insecure, making vehicles increasingly vulnerable to cyber threats, especially in the context of growing connectivity and emerging post-quantum risks. This paper proposes a protocol to enhance the security of CAN networks, combining Physically Unclonable Functions (PUFs) for efficient ECU authentication, Lightweight AEAD (Authenticated Encryption with Associated Data), and Post-Quantum Cryptography for the confidentiality of communications. The protocol stands out for its low computational overhead, requiring only 2n messages to authenticate all n nodes in the network, and for its compatibility with the standard 8-byte CAN frame. This aspect makes our protocol a powerful, robust, high-performance, and scalable security solution that can be integrated into current and next-generation in-vehicle networks, making it suitable for the safety-critical automotive context.